CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49329 – vduse: Fix NULL pointer dereference on sysfs access
https://notcve.org/view.php?id=CVE-2022-49329
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vduse: Fix NULL pointer dereference on sysfs access The control device has no drvdata. So we will get a NULL pointer dereference when accessing control device's msg_timeout attribute via sysfs: [ 132.841881][ T3644] BUG: kernel NULL pointer dereference, address: 00000000000000f8 [ 132.850619][ T3644] RIP: 0010:msg_timeout_show (drivers/vdpa/vdpa_user/vduse_dev.c:1271) [ 132.869447][ T3644] dev_attr_show (drivers/base/core.c:2094) [ 132.8702... • https://git.kernel.org/stable/c/c8a6153b6c59d95c0e091f053f6f180952ade91e •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49328 – mt76: fix use-after-free by removing a non-RCU wcid pointer
https://notcve.org/view.php?id=CVE-2022-49328
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: fix use-after-free by removing a non-RCU wcid pointer Fixes an issue caught by KASAN about use-after-free in mt76_txq_schedule by protecting mtxq->wcid with rcu_lock between mt76_txq_schedule and sta_info_[alloc, free]. [18853.876689] ================================================================== [18853.876751] BUG: KASAN: use-after-free in mt76_txq_schedule+0x204/0xaf8 [mt76] [18853.876773] Read of size 8 at addr ffffffaf989a2138... • https://git.kernel.org/stable/c/4448327b41738dbfcda680eb4935ff835568f468 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49327 – bcache: avoid journal no-space deadlock by reserving 1 journal bucket
https://notcve.org/view.php?id=CVE-2022-49327
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bcache: avoid journal no-space deadlock by reserving 1 journal bucket The journal no-space deadlock was reported time to time. Such deadlock can happen in the following situation. When all journal buckets are fully filled by active jset with heavy write I/O load, the cache set registration (after a reboot) will load all active jsets and inserting them into the btree again (which is called journal replay). If a journaled bkey is inserted int... • https://git.kernel.org/stable/c/59afd4f287900c8187e968a4153ed35e6b48efce •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49326 – rtl818x: Prevent using not initialized queues
https://notcve.org/view.php?id=CVE-2022-49326
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtl818x: Prevent using not initialized queues Using not existing queues can panic the kernel with rtl8180/rtl8185 cards. Ignore the skb priority for those cards, they only have one tx queue. Pierre Asselin (pa@panix.com) reported the kernel crash in the Gentoo forum: https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html He also confirmed that this patch fixes the issue. In summary this happened: After updating... • https://git.kernel.org/stable/c/b5dca2cd3f0239512da808598b4e70557eb4c2a1 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49325 – tcp: add accessors to read/set tp->snd_cwnd
https://notcve.org/view.php?id=CVE-2022-49325
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp->snd_cwnd We had various bugs over the years with code breaking the assumption that tp->snd_cwnd is greater than zero. Lately, syzbot reported the WARN_ON_ONCE(!tp->prior_cwnd) added in commit 8b8a321ff72c ("tcp: fix zero cwnd in tcp_cwnd_reduction") can trigger, and without a repro we would have to spend considerable time finding the bug. Instead of complaining too late, we want to catch where and when tp-... • https://git.kernel.org/stable/c/3308676ec525901bf1656014003c443a60730a04 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49324 – mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
https://notcve.org/view.php?id=CVE-2022-49324
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Add the missing of_node_put() to release the refcount incremented by of_find_compatible_node(). • https://git.kernel.org/stable/c/bed702566dcdb6ebe300bc0c62bf3600cf4d5874 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49323 – iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe()
https://notcve.org/view.php?id=CVE-2022-49323
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() It will cause null-ptr-deref when using 'res', if platform_get_resource() returns NULL, so move using 'res' after devm_ioremap_resource() that will check it to avoid null-ptr-deref. And use devm_platform_get_and_ioremap_resource() to simplify code. • https://git.kernel.org/stable/c/3660db29b0305f9a1d95979c7af0f5db6ea99f5d •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49322 – tracing: Fix sleeping function called from invalid context on RT kernel
https://notcve.org/view.php?id=CVE-2022-49322
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix sleeping function called from invalid context on RT kernel When setting bootparams="trace_event=initcall:initcall_start tp_printk=1" in the cmdline, the output_printk() was called, and the spin_lock_irqsave() was called in the atomic and irq disable interrupt context suitation. On the PREEMPT_RT kernel, these locks are replaced with sleepable rt-spinlock, so the stack calltrace will be triggered. Fix it by raw_spin_lock_irqsave... • https://git.kernel.org/stable/c/be1f323fb9d9b14a505ca22d742d321769454de1 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49321 – xprtrdma: treat all calls not a bcall when bc_serv is NULL
https://notcve.org/view.php?id=CVE-2022-49321
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: xprtrdma: treat all calls not a bcall when bc_serv is NULL When a rdma server returns a fault format reply, nfs v3 client may treats it as a bcall when bc service is not exist. The debug message at rpcrdma_bc_receive_call are, [56579.837169] RPC: rpcrdma_bc_receive_call: callback XID 00000001, length=20 [56579.837174] RPC: rpcrdma_bc_receive_call: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 After that, rpcrdma_bc_receive_cal... • https://git.kernel.org/stable/c/8e3943c50764dc7c5f25911970c3ff062ec1f18c •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49320 – dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
https://notcve.org/view.php?id=CVE-2022-49320
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type In zynqmp_dma_alloc/free_chan_resources functions there is a potential overflow in the below expressions. dma_alloc_coherent(chan->dev, (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS), &chan->desc_pool_p, GFP_KERNEL); dma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) * ZYNQMP_DMA_NUM_DESCS), chan->desc_pool_v, chan->desc_pool_p); The arguments desc_size and ZYNQ... • https://git.kernel.org/stable/c/83960276ffc9bf5570d4106490346b61e61be5f3 •