CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49413 – bfq: Update cgroup information before merging bio
https://notcve.org/view.php?id=CVE-2022-49413
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-f... • https://git.kernel.org/stable/c/e21b7a0b988772e82e7147e1c659a5afe2ae003c • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49412 – bfq: Avoid merging queues with different parents
https://notcve.org/view.php?id=CVE-2022-49412
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Avoid merging queues with different parents It can happen that the parent of a bfqq changes between the moment we decide two queues are worth to merge (and set bic->stable_merge_bfqq) and the moment bfq_setup_merge() is called. This can happen e.g. because the process submitted IO for a different cgroup and thus bfqq got reparented. It can even happen that the bfqq we are merging with has parent cgroup that is already offline and going... • https://git.kernel.org/stable/c/430a67f9d6169a7b3e328bceb2ef9542e4153c7c • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49411 – bfq: Make sure bfqg for which we are queueing requests is online
https://notcve.org/view.php?id=CVE-2022-49411
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgroup that was already offlined. This may then cause insertion of this bfq_group into a service tree. But this bfq_group will get freed as soon as last bio associated with it is completed leading to use after free issues for service tree users. Fix the problem by making sure we always operate on online bfq_group. If t... • https://git.kernel.org/stable/c/e21b7a0b988772e82e7147e1c659a5afe2ae003c •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49410 – tracing: Fix potential double free in create_var_ref()
https://notcve.org/view.php?id=CVE-2022-49410
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential double free in create_var_ref() In create_var_ref(), init_var_ref() is called to initialize the fields of variable ref_field, which is allocated in the previous function call to create_hist_field(). Function init_var_ref() allocates the corresponding fields such as ref_field->system, but frees these fields when the function encounters an error. The caller later calls destroy_hist_field() to conduct error handling, whi... • https://git.kernel.org/stable/c/067fe038e70f6e64960d26a79c4df5f1413d0f13 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-49409 – ext4: fix bug_on in __es_tree_search
https://notcve.org/view.php?id=CVE-2022-49409
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: ================================================================== kernel BUG at fs/ext4/extents_status.c:199! [...] RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline] RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217 [...] Call Trace: ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766 ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561... • https://git.kernel.org/stable/c/5946d089379a35dda0e531710b48fca05446a196 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49407 – dlm: fix plock invalid read
https://notcve.org/view.php?id=CVE-2022-49407
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dlm: fix plock invalid read This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plock_op" and a followed send_op() will append it to a global send_list data structure. In some cases a followed dev_read() moves it to recv_list and dev_write() will cast it to "struct plock_xop" and access fields which are only available in those structures. At this point an invalid read happens by accessing those fields. To fix ... • https://git.kernel.org/stable/c/586759f03e2e9031ac5589912a51a909ed53c30a •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49405 – staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan()
https://notcve.org/view.php?id=CVE-2022-49405
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ssid[] array. In the Linux kernel, the following vulnerability has been resolved: staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ss... • https://git.kernel.org/stable/c/2b42bd58b32155a1be4dd78991845dec05aaef9e •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49404 – RDMA/hfi1: Fix potential integer multiplication overflow errors
https://notcve.org/view.php?id=CVE-2022-49404
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix potential integer multiplication overflow errors When multiplying of different types, an overflow is possible even when storing the result in a larger type. This is because the conversion is done after the multiplication. So arithmetic overflow and thus in incorrect value is possible. Correct an instance of this in the inter packet delay calculation. Fix by ensuring one of the operands is u64 which will promote the other to u... • https://git.kernel.org/stable/c/7724105686e718ac476a6ad3304fea2fbcfcffde •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49402 – ftrace: Clean up hash direct_functions on register failures
https://notcve.org/view.php?id=CVE-2022-49402
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Clean up hash direct_functions on register failures We see the following GPF when register_ftrace_direct fails: [ ] general protection fault, probably for non-canonical address \ 0x200000000000010: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [...] [ ] RIP: 0010:ftrace_find_rec_direct+0x53/0x70 [ ] Code: 48 c1 e0 03 48 03 42 08 48 8b 10 31 c0 48 85 d2 74 [...] [ ] RSP: 0018:ffffc9000138bc10 EFLAGS: 00010206 [ ] RAX: 0000000000000000 RB... • https://git.kernel.org/stable/c/763e34e74bb7d5c316015e2e39fcc8520bfd071c •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49400 – md: Don't set mddev private to NULL in raid0 pers->free
https://notcve.org/view.php?id=CVE-2022-49400
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers->free In normal stop process, it does like this: do_md_stop | __md_stop (pers->free(); mddev->private=NULL) | md_free (free mddev) __md_stop sets mddev->private to NULL after pers->free. The raid device will be stopped and mddev memory is free. But in reshape, it doesn't free the mddev and mddev will still be used in new raid. In reshape, it first sets mddev->private to new_pers and then run... • https://git.kernel.org/stable/c/00e3d58f50a875343124bcf5a9637520a492b0d1 •