CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49702 – btrfs: fix hang during unmount when block group reclaim task is running
https://notcve.org/view.php?id=CVE-2022-49702
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix hang during unmount when block group reclaim task is running When we start an unmount, at close_ctree(), if we have the reclaim task running and in the middle of a data block group relocation, we can trigger a deadlock when stopping an async reclaim task, producing a trace like the following: [629724.498185] task:kworker/u16:7 state:D stack: 0 pid:681170 ppid: 2 flags:0x00004000 [629724.499760] Workqueue: events_unbound btrfs_asy... • https://git.kernel.org/stable/c/18bb8bbf13c1839b43c9e09e76d397b753989af2 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49701 – scsi: ibmvfc: Allocate/free queue resource only during probe/remove
https://notcve.org/view.php?id=CVE-2022-49701
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Allocate/free queue resource only during probe/remove Currently, the sub-queues and event pool resources are allocated/freed for every CRQ connection event such as reset and LPM. This exposes the driver to a couple issues. First the inefficiency of freeing and reallocating memory that can simply be resued after being sanitized. Further, a system under memory pressue runs the risk of allocation failures that could result in a c... • https://git.kernel.org/stable/c/3034ebe26389740bb6b4a463e05afb51dc93c336 •
CVSS: 9.0EPSS: %CPEs: 8EXPL: 0CVE-2022-49700 – mm/slub: add missing TID updates on slab deactivation
https://notcve.org/view.php?id=CVE-2022-49700
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long as the TID stays the same. However, two places in __slab_alloc() currently don't update the TID when deactivating the CPU slab. If multiple operations race the right way, this could lead to an object getting lost; or, in an even more unlikely situation, it could even lead to an object being freed onto the wrong slab... • https://git.kernel.org/stable/c/03e404af26dc2ea0d278d7a342de0aab394793ce •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49699 – filemap: Handle sibling entries in filemap_get_read_batch()
https://notcve.org/view.php?id=CVE-2022-49699
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: filemap: Handle sibling entries in filemap_get_read_batch() If a read races with an invalidation followed by another read, it is possible for a folio to be replaced with a higher-order folio. If that happens, we'll see a sibling entry for the new folio in the next iteration of the loop. This manifests as a NULL pointer dereference while holding the RCU read lock. Handle this by simply returning. The next call will find the new folio and han... • https://git.kernel.org/stable/c/cbd59c48ae2bcadc4a7599c29cf32fd3f9b78251 •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2022-49698 – netfilter: use get_random_u32 instead of prandom
https://notcve.org/view.php?id=CVE-2022-49698
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: use get_random_u32 instead of prandom bh might occur while updating per-cpu rnd_state from user context, ie. local_out path. BUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725 caller is nft_ng_random_eval+0x24/0x54 [nft_numgen] Call Trace: check_preemption_disabled+0xde/0xe0 nft_ng_random_eval+0x24/0x54 [nft_numgen] Use the random driver instead, this also avoids need for local prandom state. Moreover, prand... • https://git.kernel.org/stable/c/978d8f9055c3a7c35db2ac99cd2580b993396e33 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2022-49697 – bpf: Fix request_sock leak in sk lookup helpers
https://notcve.org/view.php?id=CVE-2022-49697
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix request_sock leak in sk lookup helpers A customer reported a request_socket leak in a Calico cloud environment. We found that a BPF program was doing a socket lookup with takes a refcnt on the socket and that it was finding the request_socket but returning the parent LISTEN socket via sk_to_full_sk() without decrementing the child request socket 1st, resulting in request_sock slab object leak. This patch retains the existing behavi... • https://git.kernel.org/stable/c/edbf8c01de5a104a71ed6df2bf6421ceb2836a8e •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49696 – tipc: fix use-after-free Read in tipc_named_reinit
https://notcve.org/view.php?id=CVE-2022-49696
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix use-after-free Read in tipc_named_reinit syzbot found the following issue on: ================================================================== BUG: KASAN: use-after-free in tipc_named_reinit+0x94f/0x9b0 net/tipc/name_distr.c:413 Read of size 8 at addr ffff88805299a000 by task kworker/1:9/23764 CPU: 1 PID: 23764 Comm: kworker/1:9 Not tainted 5.18.0-rc4-syzkaller-00878-g17d49e6e8012 #0 Hardware name: Google Compute Engine/Google C... • https://git.kernel.org/stable/c/d966ddcc38217a6110a6a0ff37ad2dee7d42e23e •
CVSS: 7.5EPSS: %CPEs: 4EXPL: 0CVE-2022-49695 – igb: fix a use-after-free issue in igb_clean_tx_ring
https://notcve.org/view.php?id=CVE-2022-49695
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: fix a use-after-free issue in igb_clean_tx_ring Fix the following use-after-free bug in igb_clean_tx_ring routine when the NIC is running in XDP mode. The issue can be triggered redirecting traffic into the igb NIC and then closing the device while the traffic is flowing. [ 73.322719] CPU: 1 PID: 487 Comm: xdp_redirect Not tainted 5.18.3-apu2 #9 [ 73.330639] Hardware name: PC Engines APU2/APU2, BIOS 4.0.7 02/28/2017 [ 73.337434] RIP: 0... • https://git.kernel.org/stable/c/9cbc948b5a20c9c054d9631099c0426c16da546b •
CVSS: 7.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49694 – block: disable the elevator int del_gendisk
https://notcve.org/view.php?id=CVE-2022-49694
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: disable the elevator int del_gendisk The elevator is only used for file system requests, which are stopped in del_gendisk. Move disabling the elevator and freeing the scheduler tags to the end of del_gendisk instead of doing that work in disk_release and blk_cleanup_queue to avoid a use after free on q->tag_set from disk_release as the tag_set might not be alive at that point. Move the blk_qos_exit call as well, as it just depends on... • https://git.kernel.org/stable/c/e155b0c238b20f0a866f4334d292656665836c8a •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-49693 – drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
https://notcve.org/view.php?id=CVE-2022-49693
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf of_graph_get_remote_node() returns remote device node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. Patchwork: https://patchwork.freedesktop.org/patch/488473/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf of_gr... • https://git.kernel.org/stable/c/86418f90a4c1a0073db65d8a1e2bf94421117a60 •