CVSS: 4.7EPSS: %CPEs: 6EXPL: 0CVE-2022-49641 – sysctl: Fix data races in proc_douintvec().
https://notcve.org/view.php?id=CVE-2022-49641
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_douintvec() itself is tolerant to a data-race, but we still need to add annotations on the oth... • https://git.kernel.org/stable/c/e7d316a02f683864a12389f8808570e37fb90aa3 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49639 – cipso: Fix data-races around sysctl.
https://notcve.org/view.php?id=CVE-2022-49639
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. • https://git.kernel.org/stable/c/446fda4f26822b2d42ab3396aafcedf38a9ff2b6 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49638 – icmp: Fix data-races around sysctl.
https://notcve.org/view.php?id=CVE-2022-49638
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. While reading icmp sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. While reading icmp sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. • https://git.kernel.org/stable/c/4cdf507d54525842dfd9f6313fdafba039084046 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49632 – icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr.
https://notcve.org/view.php?id=CVE-2022-49632
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. While reading sysctl_icmp_errors_use_inbound_ifaddr, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. While reading sysctl_icmp_errors_use_inbound_ifaddr, it can be changed concurrently. • https://git.kernel.org/stable/c/1c2fb7f93cb20621772bf304f3dba0849942e5db •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49630 – tcp: Fix a data-race around sysctl_tcp_ecn_fallback.
https://notcve.org/view.php?id=CVE-2022-49630
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. While reading sysctl_tcp_ecn_fallback, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. While reading sysctl_tcp_ecn_fallback, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. • https://git.kernel.org/stable/c/492135557dc090a1abb2cfbe1a412757e3ed68ab •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49626 – sfc: fix use after free when disabling sriov
https://notcve.org/view.php?id=CVE-2022-49626
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sfc: fix use after free when disabling sriov Use after free is detected by kfence when disabling sriov. What was read after being freed was vf->pci_dev: it was freed from pci_disable_sriov and later read in efx_ef10_sriov_free_vf_vports, called from efx_ef10_sriov_free_vf_vswitching. Set the pointer to NULL at release time to not trying to read it later. Reproducer and dmesg log (note that kfence doesn't detect it every time): $ echo 1 > /s... • https://git.kernel.org/stable/c/3c5eb87605e85146a78de589b5070a37862425db •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49625 – sfc: fix kernel panic when creating VF
https://notcve.org/view.php?id=CVE-2022-49625
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to efx_ef10_try_update_nic_stats_vf. When releasing a DMA coherent buffer, sometimes, I don't know in what specific circumstances, it has to unmap memory with vunmap. It is disallowed to do that in IRQ context or with BH disabled. Otherwise, we hit this line in vunmap, causing the crash: BUG_ON(in_interrupt()); This patch reenables BH to release ... • https://git.kernel.org/stable/c/d778819609a27efd5358da8151a0ad3507243e19 •
CVSS: 7.7EPSS: %CPEs: 3EXPL: 0CVE-2022-49623 – powerpc/xive/spapr: correct bitmap allocation size
https://notcve.org/view.php?id=CVE-2022-49623
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/xive/spapr: correct bitmap allocation size kasan detects access beyond the end of the xibm->bitmap allocation: BUG: KASAN: slab-out-of-bounds in _find_first_zero_bit+0x40/0x140 Read of size 8 at addr c00000001d1d0118 by task swapper/0/1 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc2-00001-g90df023b36dd #28 Call Trace: [c00000001d98f770] [c0000000012baab8] dump_stack_lvl+0xac/0x108 (unreliable) [c00000001d98f7b0] [c00000000068f... • https://git.kernel.org/stable/c/10f2cd373e65bcd3be8f3cdc71c330c25763dfd8 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2022-49622 – netfilter: nf_tables: avoid skb access on nf_stolen
https://notcve.org/view.php?id=CVE-2022-49622
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid skb access on nf_stolen When verdict is NF_STOLEN, the skb might have been freed. When tracing is enabled, this can result in a use-after-free: 1. access to skb->nf_trace 2. access to skb->mark 3. computation of trace id 4. dump of packet payload To avoid 1, keep a cached copy of skb->nf_trace in the trace state struct. Refresh this copy whenever verdict is != STOLEN. Avoid 2 by skipping skb->mark access if verdi... • https://git.kernel.org/stable/c/0016d5d46d7440729a3132f61a8da3bf7f84e2ba •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49621 – cpufreq: pmac32-cpufreq: Fix refcount leak bug
https://notcve.org/view.php?id=CVE-2022-49621
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: pmac32-cpufreq: Fix refcount leak bug In pmac_cpufreq_init_MacRISC3(), we need to add corresponding of_node_put() for the three node pointers whose refcount have been incremented by of_find_node_by_name(). In the Linux kernel, the following vulnerability has been resolved: cpufreq: pmac32-cpufreq: Fix refcount leak bug In pmac_cpufreq_init_MacRISC3(), we need to add corresponding of_node_put() for the three node pointers whose refc... • https://git.kernel.org/stable/c/4f242486bf46d314b2e3838cc64b56f008a3c4d7 •