CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2022-49651 – srcu: Tighten cleanup_srcu_struct() GP checks
https://notcve.org/view.php?id=CVE-2022-49651
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanup_srcu_struct() GP checks Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does not check for a grace period that has not yet started but which might start at any time. Such a situation could result in a use-after-free bug, so this commit adds a check for a grace period that is needed but not yet started to cleanup_srcu_struct(). In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/e997dda6502eefbc1032d6b0da7b353c53344b07 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49649 – xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
https://notcve.org/view.php?id=CVE-2022-49649
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue xenvif_rx_next_skb() is expecting the rx queue not being empty, but in case the loop in xenvif_rx_action() is doing multiple iterations, the availability of another skb in the rx queue is not being checked. This can lead to crashes: [40072.537261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 [40072.537407] IP: xenvif_rx_skb+0x23/0x590 [xen_n... • https://git.kernel.org/stable/c/98f6d57ced73b723551568262019f1d6c8771f20 •
CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2022-49647 – cgroup: Use separate src/dst nodes when preloading css_sets for migration
https://notcve.org/view.php?id=CVE-2022-49647
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading css_sets for migration Each cset (css_set) is pinned by its tasks. When we're moving tasks around across csets for a migration, we need to hold the source and destination csets to ensure that they don't go away while we're moving tasks about. This is done by linking cset->mg_preload_node on either the mgctx->preloaded_src_csets or mgctx->preloaded_dst_csets list. Using the same cset->mg_pre... • https://git.kernel.org/stable/c/f817de98513d060023be4fa1d061b29a6515273e •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-49646 – wifi: mac80211: fix queue selection for mesh/OCB interfaces
https://notcve.org/view.php?id=CVE-2022-49646
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue for broadcast packets, using the BE queue. Allowing non-BE queue marking violates that assumption and txq->ac == skb_queue_mapping is no longer guaranteed. This can cause issues with queue handling in the driver and also causes issues with the recent ATF change, resulting in an AQL underflow warning. In the Linux ke... • https://git.kernel.org/stable/c/444be5a02b77f3b7a8ac9c1a0b074fbb3bd89cd0 •
CVSS: 4.7EPSS: %CPEs: 6EXPL: 0CVE-2022-49641 – sysctl: Fix data races in proc_douintvec().
https://notcve.org/view.php?id=CVE-2022-49641
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_douintvec() itself is tolerant to a data-race, but we still need to add annotations on the oth... • https://git.kernel.org/stable/c/e7d316a02f683864a12389f8808570e37fb90aa3 •
CVSS: 4.7EPSS: %CPEs: 4EXPL: 0CVE-2022-49640 – sysctl: Fix data races in proc_douintvec_minmax().
https://notcve.org/view.php?id=CVE-2022-49640
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec_minmax(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch changes proc_douintvec_minmax() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_douintvec_minmax() itself is tolerant to a data-race, but we still need to add a... • https://git.kernel.org/stable/c/61d9b56a89208d8cccd0b4cfec7e6959717e16e3 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49639 – cipso: Fix data-races around sysctl.
https://notcve.org/view.php?id=CVE-2022-49639
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. • https://git.kernel.org/stable/c/446fda4f26822b2d42ab3396aafcedf38a9ff2b6 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49638 – icmp: Fix data-races around sysctl.
https://notcve.org/view.php?id=CVE-2022-49638
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. While reading icmp sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. While reading icmp sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. • https://git.kernel.org/stable/c/4cdf507d54525842dfd9f6313fdafba039084046 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49635 – drm/i915/selftests: fix subtraction overflow bug
https://notcve.org/view.php?id=CVE-2022-49635
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machines hole_end can be small enough to cause subtraction overflow. On the other side (addr + 2 * min_alignment) can overflow in case of mock tests. This patch should handle both cases. (cherry picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2) In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machin... • https://git.kernel.org/stable/c/e1c5f754067b594de58d387aa5873dec83b6c9fd •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49632 – icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr.
https://notcve.org/view.php?id=CVE-2022-49632
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. While reading sysctl_icmp_errors_use_inbound_ifaddr, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. While reading sysctl_icmp_errors_use_inbound_ifaddr, it can be changed concurrently. • https://git.kernel.org/stable/c/1c2fb7f93cb20621772bf304f3dba0849942e5db •