CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49617 – ASoC: Intel: sof_sdw: handle errors on card registration
https://notcve.org/view.php?id=CVE-2022-49617
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: handle errors on card registration If the card registration fails, typically because of deferred probes, the device properties added for headset codecs are not removed, which leads to kernel oopses in driver bind/unbind tests. We already clean-up the device properties when the card is removed, this code can be moved as a helper and called upon card registration errors. In the Linux kernel, the following vulnerability h... • https://git.kernel.org/stable/c/f2556ce6b35ae0fc72000a4daa21ded12665e2f2 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49616 – ASoC: rt7*-sdw: harden jack_detect_handler
https://notcve.org/view.php?id=CVE-2022-49616
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: rt7*-sdw: harden jack_detect_handler Realtek headset codec drivers typically check if the card is instantiated before proceeding with the jack detection. The rt700, rt711 and rt711-sdca are however missing a check on the card pointer, which can lead to NULL dereferences encountered in driver bind/unbind tests. In the Linux kernel, the following vulnerability has been resolved: ASoC: rt7*-sdw: harden jack_detect_handler Realtek headset... • https://git.kernel.org/stable/c/07a606e1389a63b61cb8cd591026f30529117573 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49615 – ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error
https://notcve.org/view.php?id=CVE-2022-49615
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe function. But, the rt711->component doesn't be assigned yet. If IO error happened during initial settings operations, it will cause the kernel panic. This patch changed component->dev to slave->dev to fix this issue. In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NU... • https://git.kernel.org/stable/c/269be8b2907378adf72d7347cfa43ef230351a06 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2022-49614 – nvme: use struct group for generic command dwords
https://notcve.org/view.php?id=CVE-2022-49614
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nvme: use struct group for generic command dwords This will allow the trace event to know the full size of the data intended to be copied and silence read overflow checks. In the Linux kernel, the following vulnerability has been resolved: nvme: use struct group for generic command dwords This will allow the trace event to know the full size of the data intended to be copied and silence read overflow checks. • https://git.kernel.org/stable/c/3d8b35387e01cab217dc4691a6f770cbb6ed852c •
CVSS: 7.1EPSS: %CPEs: 7EXPL: 0CVE-2022-49611 – x86/speculation: Fill RSB on vmexit for IBRS
https://notcve.org/view.php?id=CVE-2022-49611
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comments to attempt to document the current state of tribal knowledge about RSB attacks and what exactly is being mitigated. In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comme... • https://git.kernel.org/stable/c/3d323b99ff5c8c57005184056d65f6af5b0479d8 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2022-49610 – KVM: VMX: Prevent RSB underflow before vmenter
https://notcve.org/view.php?id=CVE-2022-49610
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPEC_CTRL value is written, and the vmenter. Balanced returns (matched by a preceding call) are usually ok, but it's at least theoretically possible an NMI with a deep call stack could empty the RSB before one of the returns. For maximum paranoia, don't allow *any* returns (balanced or otherwise) between the SPEC_CTRL write an... • https://git.kernel.org/stable/c/afd743f6dde87296c6f3414706964c491bb85862 •
CVSS: 4.7EPSS: %CPEs: 11EXPL: 0CVE-2022-49607 – perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()
https://notcve.org/view.php?id=CVE-2022-49607
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() Yang Jihing reported a race between perf_event_set_output() and perf_mmap_close(): CPU1 CPU2 perf_mmap_close(e2) if (atomic_dec_and_test(&e2->rb->mmap_count)) // 1 - > 0 detach_rest = true ioctl(e1, IOC_SET_OUTPUT, e2) perf_event_set_output(e1, e2) ... list_for_each_entry_rcu(e, &e2->rb->event_list, rb_entry) ring_buffer_attach(e, NULL); // e1 isn't yet added and... • https://git.kernel.org/stable/c/9bb5d40cd93c9dd4be74834b1dcb1ba03629716b •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2022-49604 – ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
https://notcve.org/view.php?id=CVE-2022-49604
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_fwd_use_pmtu. While reading sysctl_ip_fwd_use_pmtu, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_fwd_use_pmtu. While reading sysctl_ip_fwd_use_pmtu, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. • https://git.kernel.org/stable/c/f87c10a8aa1e82498c42d0335524d6ae7cf5a52b •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49602 – ip: Fix a data-race around sysctl_fwmark_reflect.
https://notcve.org/view.php?id=CVE-2022-49602
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_fwmark_reflect. While reading sysctl_fwmark_reflect, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_fwmark_reflect. While reading sysctl_fwmark_reflect, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. • https://git.kernel.org/stable/c/e110861f86094cd78cc85593b873970092deb43a •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49601 – tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
https://notcve.org/view.php?id=CVE-2022-49601
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. While reading sysctl_tcp_fwmark_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. While reading sysctl_tcp_fwmark_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. • https://git.kernel.org/stable/c/84f39b08d7868ce10eeaf640627cb89777f0ae93 •