CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49420 – net: annotate races around sk->sk_bound_dev_if
https://notcve.org/view.php?id=CVE-2022-49420
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk->sk_bound_dev_if UDP sendmsg() is lockless, and reads sk->sk_bound_dev_if while this field can be changed by another thread. Adds minimal annotations to avoid KCSAN splats for UDP. Following patches will add more annotations to potential lockless readers. BUG: KCSAN: data-race in __ip6_datagram_connect / udpv6_sendmsg write to 0xffff888136d47a94 of 4 bytes by task 7681 on cpu 0: __ip6_datagram_connect+0x6e2/0x9... • https://git.kernel.org/stable/c/20b2f61797873a2b18b5ff1a304ad2674fa1e0a5 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49419 – video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup
https://notcve.org/view.php?id=CVE-2022-49419
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup Commit b3c9a924aab6 ("fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove") fixed a use-after-free error due the vesafb driver freeing the fb_info in the .remove handler instead of doing it in .fb_destroy. This can happen if the .fb_destroy callback is executed after the .remove callback, since the former tries to access a pointer freed by the latter. But tha... • https://git.kernel.org/stable/c/f94aa46efaa087ec075c83e4508f943fb5e43977 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49418 – NFSv4: Fix free of uninitialized nfs4_label on referral lookup.
https://notcve.org/view.php?id=CVE-2022-49418
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix free of uninitialized nfs4_label on referral lookup. Send along the already-allocated fattr along with nfs4_fs_locations, and drop the memcpy of fattr. We end up growing two more allocations, but this fixes up a crash as: PID: 790 TASK: ffff88811b43c000 CPU: 0 COMMAND: "ls" #0 [ffffc90000857920] panic at ffffffff81b9bfde #1 [ffffc900008579c0] do_trap at ffffffff81023a9b #2 [ffffc90000857a10] do_error_trap at ffffffff81023b78 #3 [... • https://git.kernel.org/stable/c/9558a007dbc383d48e7f5a123d0b5ff656c71068 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49417 – iwlwifi: mei: fix potential NULL-ptr deref
https://notcve.org/view.php?id=CVE-2022-49417
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mei: fix potential NULL-ptr deref If SKB allocation fails, continue rather than using the NULL pointer. Coverity CID: 1497650 In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mei: fix potential NULL-ptr deref If SKB allocation fails, continue rather than using the NULL pointer. Coverity CID: 1497650 • https://git.kernel.org/stable/c/2da4366f9e2c44afedec4acad65a99a3c7da1a35 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49416 – wifi: mac80211: fix use-after-free in chanctx code
https://notcve.org/view.php?id=CVE-2022-49416
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211_vif_use_reserved_context(), when we have an old context and the new context's replace_state is set to IEEE80211_CHANCTX_REPLACE_NONE, we free the old context in ieee80211_vif_use_reserved_reassign(). Therefore, we cannot check the old_ctx anymore, so we should set it to NULL after this point. However, since the new_ctx replace state is clearly not IEEE80211_CHANCTX_REPLACES_OTH... • https://git.kernel.org/stable/c/5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49415 – ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe
https://notcve.org/view.php?id=CVE-2022-49415
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Ad... • https://git.kernel.org/stable/c/00d93611f00219bd142aa119c5121793cac30ff0 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49414 – ext4: fix race condition between ext4_write and ext4_convert_inline_data
https://notcve.org/view.php?id=CVE-2022-49414
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix race condition between ext4_write and ext4_convert_inline_data Hulk Robot reported a BUG_ON: ================================================================== EXT4-fs error (device loop3): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free clusters kernel BUG at fs/ext4/ext4_jbd2.c:53! invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 25371 Comm: syz-executor.3 Not tainted 5.10.0+... • https://git.kernel.org/stable/c/0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49413 – bfq: Update cgroup information before merging bio
https://notcve.org/view.php?id=CVE-2022-49413
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-f... • https://git.kernel.org/stable/c/e21b7a0b988772e82e7147e1c659a5afe2ae003c • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49412 – bfq: Avoid merging queues with different parents
https://notcve.org/view.php?id=CVE-2022-49412
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Avoid merging queues with different parents It can happen that the parent of a bfqq changes between the moment we decide two queues are worth to merge (and set bic->stable_merge_bfqq) and the moment bfq_setup_merge() is called. This can happen e.g. because the process submitted IO for a different cgroup and thus bfqq got reparented. It can even happen that the bfqq we are merging with has parent cgroup that is already offline and going... • https://git.kernel.org/stable/c/430a67f9d6169a7b3e328bceb2ef9542e4153c7c • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49411 – bfq: Make sure bfqg for which we are queueing requests is online
https://notcve.org/view.php?id=CVE-2022-49411
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgroup that was already offlined. This may then cause insertion of this bfq_group into a service tree. But this bfq_group will get freed as soon as last bio associated with it is completed leading to use after free issues for service tree users. Fix the problem by making sure we always operate on online bfq_group. If t... • https://git.kernel.org/stable/c/e21b7a0b988772e82e7147e1c659a5afe2ae003c •