CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2022-49873 – bpf: Fix wrong reg type conversion in release_reference()
https://notcve.org/view.php?id=CVE-2022-49873
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in release_reference() Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release these memories by calling the corresponding helper functions. When a resource is released, all pointer registers corresponding to the resource should be invalidated. The verifier use release_references() to do this job, by apply __mark_reg_unknown() to each relevant re... • https://git.kernel.org/stable/c/fd978bf7fd312581a7ca454a991f0ffb34c4204b •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2022-49872 – net: gso: fix panic on frag_list with mixed head alloc types
https://notcve.org/view.php?id=CVE-2022-49872
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: gso: fix panic on frag_list with mixed head alloc types Since commit 3dcbdb134f32 ("net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list"), it is allowed to change gso_size of a GRO packet. However, that commit assumes that "checking the first list_skb member suffices; i.e if either of the list_skb members have non head_frag head, then the first one has too". It turns out this assumption do... • https://git.kernel.org/stable/c/162a5a8c3aff15c449e6b38355cdf80ab4f77a5a •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2022-49871 – net: tun: Fix memory leaks of napi_get_frags
https://notcve.org/view.php?id=CVE-2022-49871
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix memory leaks of napi_get_frags kmemleak reports after running test_progs: unreferenced object 0xffff8881b1672dc0 (size 232): comm "test_progs", pid 394388, jiffies 4354712116 (age 841.975s) hex dump (first 32 bytes): e0 84 d7 a8 81 88 ff ff 80 2c 67 b1 81 88 ff ff .........,g..... 00 40 c5 9b 81 88 ff ff 00 00 00 00 00 00 00 00 .@.............. backtrace: [<00000000c8f01748>] napi_skb_cache_get+0xd4/0x150 [<0000000041c7fc09>] ... • https://git.kernel.org/stable/c/90e33d45940793def6f773b2d528e9f3c84ffdc7 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49870 – capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
https://notcve.org/view.php?id=CVE-2022-49870
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAP_TO_MASK Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in security/commoncap.c:1252:2 left shift of 1 by 31 places cannot be represented in type 'int' Call Trace:
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49865 – ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
https://notcve.org/view.php?id=CVE-2022-49865
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a `struct ifaddrlblmsg` to the network, __ifal_reserved remained uninitialized, resulting in a 1-byte infoleak: BUG: KMSAN: kernel-network-infoleak in __netdev_start_xmit ./include/linux/netdevice.h:4841 __netdev_start_xmit ./include/linux/netdevice.h:4841 netdev_start_xmit ./include/linux/netdevice.h:4857 xmit_one net/core/dev.c:3590 dev_hard_start_xmit+... • https://git.kernel.org/stable/c/2a8cc6c89039e0530a3335954253b76ed0f9339a •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49864 – drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
https://notcve.org/view.php?id=CVE-2022-49864
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() ./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p is NULL but dereferenced. • https://git.kernel.org/stable/c/3c1bb6187e566143f15dbf0367ae671584aead5b •
CVSS: 5.5EPSS: %CPEs: 10EXPL: 0CVE-2022-49862 – tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
https://notcve.org/view.php?id=CVE-2022-49862
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header This is a follow-up for commit 974cb0e3e7c9 ("tipc: fix uninit-value in tipc_nl_compat_name_table_dump") where it should have type casted sizeof(..) to int to work when TLV_GET_DATA_LEN() returns a negative value. syzbot reported a call trace because of it: BUG: KMSAN: uninit-value in ... tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934 __t... • https://git.kernel.org/stable/c/4c559fb7e111077b56f62ccf833a52d8169cde19 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49861 – dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
https://notcve.org/view.php?id=CVE-2022-49861
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() A clk_prepare_enable() call in the probe is not balanced by a corresponding clk_disable_unprepare() in the remove function. Add the missing call. In the Linux kernel, the following vulnerability has been resolved: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() A clk_prepare_enable() call in the probe is not balanced by a corresponding clk_disable_unprepare() in... • https://git.kernel.org/stable/c/3bdcced41936b054470639c6a76ae033df1074e3 •
CVSS: 7.1EPSS: %CPEs: 1EXPL: 0CVE-2022-49856 – net: tun: call napi_schedule_prep() to ensure we own a napi
https://notcve.org/view.php?id=CVE-2022-49856
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tun: call napi_schedule_prep() to ensure we own a napi A recent patch exposed another issue in napi_get_frags() caught by syzbot [1] Before feeding packets to GRO, and calling napi_complete() we must first grab NAPI_STATE_SCHED. [1] WARNING: CPU: 0 PID: 3612 at net/core/dev.c:6076 napi_complete_done+0x45b/0x880 net/core/dev.c:6076 Modules linked in: CPU: 0 PID: 3612 Comm: syz-executor408 Not tainted 6.1.0-rc3-syzkaller-00175-g1118b2049... • https://git.kernel.org/stable/c/07d120aa33cc9d9115753d159f64d20c94458781 •
CVSS: 8.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49853 – net: macvlan: fix memory leaks of macvlan_common_newlink
https://notcve.org/view.php?id=CVE-2022-49853
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: macvlan: fix memory leaks of macvlan_common_newlink kmemleak reports memory leaks in macvlan_common_newlink, as follows: ip link add link eth0 name .. type macvlan mode source macaddr add