CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49850 – nilfs2: fix deadlock in nilfs_count_free_blocks()
https://notcve.org/view.php?id=CVE-2022-49850
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadata corruption while locating data blocks and a superblock writeback occurs at the same time: task 1 task 2 ------ ------ * A file operation * nilfs_truncate() nilfs_get_block() down_read(rwsem A) <-- nilfs_bmap_lookup_contig() ... generic_shutdown_super() nilfs_put_super() * Prepare to write superblock * down_write(rwsem B) <-... • https://git.kernel.org/stable/c/e828949e5b42bfd234ee537cdb7c5e3a577958a3 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49846 – udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
https://notcve.org/view.php?id=CVE-2022-49846
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ================================================================== BUG: KASAN: slab-out-of-bounds in udf_find_entry+0x8a5/0x14f0 fs/udf/namei.c:253 Write of size 105 at addr ffff8880123ff896 by task syz-executor323/3610 CPU: 0 PID: 3610 Comm: syz-executor323 Not tainted 6.1.0-rc2-syzkalle... • https://git.kernel.org/stable/c/066b9cded00b8e3212df74a417bb074f3f3a1fe0 •
CVSS: -EPSS: %CPEs: 1EXPL: 0CVE-2022-49843 – drm/amdkfd: Migrate in CPU page fault use current mm
https://notcve.org/view.php?id=CVE-2022-49843
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Migrate in CPU page fault use current mm migrate_vma_setup shows below warning because we don't hold another process mm mmap_lock. We should use current vmf->vma->vm_mm instead, the caller already hold current mmap lock inside CPU page fault handler. WARNING: CPU: 10 PID: 3054 at include/linux/mmap_lock.h:155 find_vma Call Trace: walk_page_range+0x76/0x150 migrate_vma_setup+0x18a/0x640 svm_migrate_vram_to_ram+0x245/0xa10 [amdgpu... • https://git.kernel.org/stable/c/3a876060892ba52dd67d197c78b955e62657d906 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49842 – ASoC: core: Fix use-after-free in snd_soc_exit()
https://notcve.org/view.php?id=CVE-2022-49842
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 Comm: rmmod Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace:
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49839 – scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
https://notcve.org/view.php?id=CVE-2022-49839
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_remove_host(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)... • https://git.kernel.org/stable/c/c7ebbbce366c02e5657ac6b6059933fe0353b175 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49835 – ALSA: hda: fix potential memleak in 'add_widget_node'
https://notcve.org/view.php?id=CVE-2022-49835
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call 'kobject_put' to recycling resources. • https://git.kernel.org/stable/c/b688a3ec235222d9a84e43a48a6f31acb95baf2d •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49834 – nilfs2: fix use-after-free bug of ns_writer on remount
https://notcve.org/view.php?id=CVE-2022-49834
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if emergency read-only remount is performed, detaching a log writer and synchronizing the filesystem can be done at the same time. In these cases, use-after-free of the log writer (hereinafter nilfs->ns_writer) can happen as shown in the scenario below: Task1 Task2 ------... • https://git.kernel.org/stable/c/b2fbf10040216ef5ee270773755fc2f5da65b749 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49833 – btrfs: zoned: clone zoned device info when cloning a device
https://notcve.org/view.php?id=CVE-2022-49833
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: clone zoned device info when cloning a device When cloning a btrfs_device, we're not cloning the associated btrfs_zoned_device_info structure of the device in case of a zoned filesystem. Later on this leads to a NULL pointer dereference when accessing the device's zone_info for instance when setting a zone as active. This was uncovered by fstests' testcase btrfs/161. • https://git.kernel.org/stable/c/ad88cabcec942c033f980cd1e28d56ecdaf5f3b8 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49832 – pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
https://notcve.org/view.php?id=CVE-2022-49832
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 0000000000000000 by task python3/2640 Call Trace: strcmp __of_find_property of_find_property pinctrl_dt_to_map kasprintf() would return NULL pointer when kmalloc() fail to allocate. So directly return ENOMEM, if kasprintf() return NULL p... • https://git.kernel.org/stable/c/57291ce295c0aca738dd284c4a9c591c09ebee71 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49831 – btrfs: zoned: initialize device's zone info for seeding
https://notcve.org/view.php?id=CVE-2022-49831
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: initialize device's zone info for seeding When performing seeding on a zoned filesystem it is necessary to initialize each zoned device's btrfs_zoned_device_info structure, otherwise mounting the filesystem will cause a NULL pointer dereference. This was uncovered by fstests' testcase btrfs/163. • https://git.kernel.org/stable/c/91c38504e589dadbcde47b1cacdfc5b684154d44 •