CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49359 – drm/panfrost: Job should reference MMU not file_priv
https://notcve.org/view.php?id=CVE-2022-49359
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Job should reference MMU not file_priv For a while now it's been allowed for a MMU context to outlive it's corresponding panfrost_priv, however the job structure still references panfrost_priv to get hold of the MMU context. If panfrost_priv has been freed this is a use-after-free which I've been able to trigger resulting in a splat. To fix this, drop the reference to panfrost_priv in the job structure and add a direct referen... • https://git.kernel.org/stable/c/7fdc48cc63a30fa3480d18bdd8c5fff2b9b15212 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49358 – netfilter: nf_tables: memleak flow rule from commit path
https://notcve.org/view.php?id=CVE-2022-49358
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: memleak flow rule from commit path Abort path release flow rule object, however, commit path does not. Update code to destroy these objects before releasing the transaction. In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: memleak flow rule from commit path Abort path release flow rule object, however, commit path does not. Update code to destroy these objects before releasing t... • https://git.kernel.org/stable/c/c9626a2cbdb20e26587b3fad99960520a023432b •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49357 – efi: Do not import certificates from UEFI Secure Boot for T2 Macs
https://notcve.org/view.php?id=CVE-2022-49357
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: efi: Do not import certificates from UEFI Secure Boot for T2 Macs On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables at early boot to load UEFI Secure Boot certificates, a page fault occurs in Apple firmware code and EFI runtime services are disabled with the following logs: [Firmware Bug]: Page fault caused by firmware at PA: 0xffffb1edc0068000 WARNING: CPU: 3 PID: 104 at arch/x86/platform/efi/quirks.c:735 efi_crash... • https://git.kernel.org/stable/c/b1cda6dd2c44771f042d65f0d17bec322ef99a0a •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49356 – SUNRPC: Trap RDMA segment overflows
https://notcve.org/view.php?id=CVE-2022-49356
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Trap RDMA segment overflows Prevent svc_rdma_build_writes() from walking off the end of a Write chunk's segment array. Caught with KASAN. The test that this fix replaces is invalid, and might have been left over from an earlier prototype of the PCL work. In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Trap RDMA segment overflows Prevent svc_rdma_build_writes() from walking off the end of a Write chunk's s... • https://git.kernel.org/stable/c/7a1cbfa18059a40d4752dab057384c3ca2de326c •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49354 – ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
https://notcve.org/view.php?id=CVE-2022-49354
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe of_find_device_by_node() takes reference, we should use put_device() to release it when not need anymore. Add missing put_device() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe of_find_device_by_node() takes reference, we should use put_device() to release it when not need anymore.... • https://git.kernel.org/stable/c/43f01da0f2794b464ade2ffe1f780c69d7ce7b75 •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49352 – ext4: fix warning in ext4_handle_inode_extension
https://notcve.org/view.php?id=CVE-2022-49352
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_handle_inode_extension We got issue as follows: EXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memory EXT4-fs error (device loop0): ext4_setattr:5462: inode #13: comm syz-executor.0: mark_inode_dirty error EXT4-fs error (device loop0) in ext4_setattr:5519: Out of memory EXT4-fs error (device loop0): ext4_ind_map_blocks:595: inode #13: comm syz-executor.0: Can't allocate blocks for non-extent ... • https://git.kernel.org/stable/c/0ab308d72af7548f21e4499d025c25887da0c26a •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49351 – net: altera: Fix refcount leak in altera_tse_mdio_create
https://notcve.org/view.php?id=CVE-2022-49351
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: altera: Fix refcount leak in altera_tse_mdio_create Every iteration of for_each_child_of_node() decrements the reference count of the previous node. When break from a for_each_child_of_node() loop, we need to explicitly call of_node_put() on the child node when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: net: altera: Fix refcount leak in altera_... • https://git.kernel.org/stable/c/bbd2190ce96d8fce031f0526c1f970b68adc9d1a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49350 – net: mdio: unexport __init-annotated mdio_bus_init()
https://notcve.org/view.php?id=CVE-2022-49350
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mdio: unexport __init-annotated mdio_bus_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. T... • https://git.kernel.org/stable/c/90eff9096c01ba90cdae504a6b95ee87fe2556a3 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49349 – ext4: fix use-after-free in ext4_rename_dir_prepare
https://notcve.org/view.php?id=CVE-2022-49349
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_rename_dir_prepare We got issue as follows: EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue ext4_get_first_dir_block: bh->b_data=0xffff88810bee6000 len=34478 ext4_get_first_dir_block: *parent_de=0xffff88810beee6ae bh->b_data=0xffff88810bee6000 ext4_rename_dir_prepare: [1] parent_de=0xffff88810beee6ae ================================================================== BUG: KASAN: us... • https://git.kernel.org/stable/c/1a3a15bf6f9963d755270cbdb282863b84839195 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49348 – ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state
https://notcve.org/view.php?id=CVE-2022-49348
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state The EXT4_FC_REPLAY bit in sbi->s_mount_state is used to indicate that we are in the middle of replay the fast commit journal. This was actually a mistake, since the sbi->s_mount_info is initialized from es->s_state. Arguably s_mount_state is misleadingly named, but the name is historical --- s_mount_state and s_state dates back to ext2. What should have been used is the e... • https://git.kernel.org/stable/c/cc5b09cb6dacd4b32640537929ab4ee8fb2b9e04 •