CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49429 – RDMA/hfi1: Prevent panic when SDMA is disabled
https://notcve.org/view.php?id=CVE-2022-49429
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent panic when SDMA is disabled If the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to hfi1_write_iter() will dereference a NULL pointer and panic. A typical stack frame is: sdma_select_user_engine [hfi1] hfi1_user_sdma_process_request [hfi1] hfi1_write_iter [hfi1] do_iter_readv_writev do_iter_write vfs_writev do_writev do_syscall_64 The fix is to test for SDMA in hfi1_write_iter() and fail the I/O with EINVAL. In the... • https://git.kernel.org/stable/c/33794e8e9bcb4affc0ebff9cdec85acc8b8a1762 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49428 – f2fs: fix to do sanity check on inline_dots inode
https://notcve.org/view.php?id=CVE-2022-49428
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on inline_dots inode As Wenqing reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215765 It will cause a kernel panic with steps: - mkdir mnt - mount tmp40.img mnt - ls mnt folio_mark_dirty+0x33/0x50 f2fs_add_regular_entry+0x541/0xad0 [f2fs] f2fs_add_dentry+0x6c/0xb0 [f2fs] f2fs_do_add_link+0x182/0x230 [f2fs] __recover_dot_dentries+0x2d6/0x470 [f2fs] f2fs_lookup+0x5af/0x6a0 [f2fs] __lookup_slow+0... • https://git.kernel.org/stable/c/510022a85839a8409d1e6a519bb86ce71a84f30a •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49427 – iommu/mediatek: Remove clk_disable in mtk_iommu_remove
https://notcve.org/view.php?id=CVE-2022-49427
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Remove clk_disable in mtk_iommu_remove After the commit b34ea31fe013 ("iommu/mediatek: Always enable the clk on resume"), the iommu clock is controlled by the runtime callback. thus remove the clk control in the mtk_iommu_remove. Otherwise, it will warning like: echo 14018000.iommu > /sys/bus/platform/drivers/mtk-iommu/unbind [ 51.413044] ------------[ cut here ]------------ [ 51.413648] vpp0_smi_iommu already disabled [ 51.... • https://git.kernel.org/stable/c/b34ea31fe013569d42b7e8681ef3f717f77c5b72 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49426 – iommu/arm-smmu-v3-sva: Fix mm use-after-free
https://notcve.org/view.php?id=CVE-2022-49426
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3-sva: Fix mm use-after-free We currently call arm64_mm_context_put() without holding a reference to the mm, which can result in use-after-free. Call mmgrab()/mmdrop() to ensure the mm only gets freed after we unpinned the ASID. In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3-sva: Fix mm use-after-free We currently call arm64_mm_context_put() without holding a reference to the mm, which ... • https://git.kernel.org/stable/c/32784a9562fb0518b12e9797ee2aec52214adf6f • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49425 – f2fs: fix dereference of stale list iterator after loop body
https://notcve.org/view.php?id=CVE-2022-49425
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix dereference of stale list iterator after loop body The list iterator variable will be a bogus pointer if no break was hit. Dereferencing it (cur->page in this case) could load an out-of-bounds/undefined value making it unsafe to use that in the comparision to determine if the specific element was found. Since 'cur->page' *can* be out-ouf-bounds it cannot be guaranteed that by chance (or intention of an attacker) it matches the val... • https://git.kernel.org/stable/c/8c242db9b8c01b252290e23827163787f07e01d1 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49424 – iommu/mediatek: Fix NULL pointer dereference when printing dev_name
https://notcve.org/view.php?id=CVE-2022-49424
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer dereference when printing dev_name When larbdev is NULL (in the case I hit, the node is incorrectly set iommus = <&iommu NUM>), it will cause device_link_add() fail and kernel crashes when we try to print dev_name(larbdev). Let's fail the probe if a larbdev is NULL to avoid invalid inputs from dts. It should work for normal correct setting and avoid the crash caused by my incorrect setting. Error log: [ 18.1... • https://git.kernel.org/stable/c/77fbe028d5a3f7fc6060c4454ead9510533acd1e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49423 – rtla: Avoid record NULL pointer dereference
https://notcve.org/view.php?id=CVE-2022-49423
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtla: Avoid record NULL pointer dereference Fix the following null/deref_null.cocci errors: ./tools/tracing/rtla/src/osnoise_hist.c:870:31-36: ERROR: record is NULL but dereferenced. ./tools/tracing/rtla/src/osnoise_top.c:650:31-36: ERROR: record is NULL but dereferenced. ./tools/tracing/rtla/src/timerlat_hist.c:905:31-36: ERROR: record is NULL but dereferenced. ./tools/tracing/rtla/src/timerlat_top.c:700:31-36: ERROR: record is NULL but de... • https://git.kernel.org/stable/c/51d64c3a181938da8fb56404524e15776e9c6bf8 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49422 – dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
https://notcve.org/view.php?id=CVE-2022-49422
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix the error handling path in idxd_cdev_register() If a call to alloc_chrdev_region() fails, the already allocated resources are leaking. Add the needed error handling path to fix the leak. In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix the error handling path in idxd_cdev_register() If a call to alloc_chrdev_region() fails, the already allocated resources are leaking. Add the need... • https://git.kernel.org/stable/c/42d279f9137ab7d5503836baec2739284b278d8f •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49421 – video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
https://notcve.org/view.php?id=CVE-2022-49421
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup of_parse_phandle() returns a node pointer with refcount incremented, we ... • https://git.kernel.org/stable/c/d10715be03bd8bad59ddc50236cb140c3bd73c7b •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49420 – net: annotate races around sk->sk_bound_dev_if
https://notcve.org/view.php?id=CVE-2022-49420
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk->sk_bound_dev_if UDP sendmsg() is lockless, and reads sk->sk_bound_dev_if while this field can be changed by another thread. Adds minimal annotations to avoid KCSAN splats for UDP. Following patches will add more annotations to potential lockless readers. BUG: KCSAN: data-race in __ip6_datagram_connect / udpv6_sendmsg write to 0xffff888136d47a94 of 4 bytes by task 7681 on cpu 0: __ip6_datagram_connect+0x6e2/0x9... • https://git.kernel.org/stable/c/20b2f61797873a2b18b5ff1a304ad2674fa1e0a5 •