CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49406 – block: Fix potential deadlock in blk_ia_range_sysfs_show()
https://notcve.org/view.php?id=CVE-2022-49406
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: Fix potential deadlock in blk_ia_range_sysfs_show() When being read, a sysfs attribute is already protected against removal with the kobject node active reference counter. As a result, in blk_ia_range_sysfs_show(), there is no need to take the queue sysfs lock when reading the value of a range attribute. Using the queue sysfs lock in this function creates a potential deadlock situation with the disk removal, something that a lockdep ... • https://git.kernel.org/stable/c/a2247f19ee1c5ad75ef095cdfb909a3244b88aa8 •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49405 – staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan()
https://notcve.org/view.php?id=CVE-2022-49405
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ssid[] array. In the Linux kernel, the following vulnerability has been resolved: staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ss... • https://git.kernel.org/stable/c/2b42bd58b32155a1be4dd78991845dec05aaef9e •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49404 – RDMA/hfi1: Fix potential integer multiplication overflow errors
https://notcve.org/view.php?id=CVE-2022-49404
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix potential integer multiplication overflow errors When multiplying of different types, an overflow is possible even when storing the result in a larger type. This is because the conversion is done after the multiplication. So arithmetic overflow and thus in incorrect value is possible. Correct an instance of this in the inter packet delay calculation. Fix by ensuring one of the operands is u64 which will promote the other to u... • https://git.kernel.org/stable/c/7724105686e718ac476a6ad3304fea2fbcfcffde •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49403 – lib/string_helpers: fix not adding strarray to device's resource list
https://notcve.org/view.php?id=CVE-2022-49403
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: lib/string_helpers: fix not adding strarray to device's resource list Add allocated strarray to device's resource list. This is a must to automatically release strarray when the device disappears. Without this fix we have a memory leak in the few drivers which use devm_kasprintf_strarray(). In the Linux kernel, the following vulnerability has been resolved: lib/string_helpers: fix not adding strarray to device's resource list Add allocated ... • https://git.kernel.org/stable/c/acdb89b6c87a2d7b5c48a82756e6f5c6f599f60a •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49402 – ftrace: Clean up hash direct_functions on register failures
https://notcve.org/view.php?id=CVE-2022-49402
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Clean up hash direct_functions on register failures We see the following GPF when register_ftrace_direct fails: [ ] general protection fault, probably for non-canonical address \ 0x200000000000010: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [...] [ ] RIP: 0010:ftrace_find_rec_direct+0x53/0x70 [ ] Code: 48 c1 e0 03 48 03 42 08 48 8b 10 31 c0 48 85 d2 74 [...] [ ] RSP: 0018:ffffc9000138bc10 EFLAGS: 00010206 [ ] RAX: 0000000000000000 RB... • https://git.kernel.org/stable/c/763e34e74bb7d5c316015e2e39fcc8520bfd071c •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49401 – mm/page_owner: use strscpy() instead of strlcpy()
https://notcve.org/view.php?id=CVE-2022-49401
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/page_owner: use strscpy() instead of strlcpy() current->comm[] is not a string (no guarantee for a zero byte in it). strlcpy(s1, s2, l) is calling strlen(s2), potentially causing out-of-bound access, as reported by syzbot: detected buffer overflow in __fortify_strlen ------------[ cut here ]------------ kernel BUG at lib/string_helpers.c:980! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 4087 Comm: dhcpcd-run-hooks Not tainted ... • https://git.kernel.org/stable/c/865ed6a3278654ce4a55eb74c5283eeb82ad4699 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49400 – md: Don't set mddev private to NULL in raid0 pers->free
https://notcve.org/view.php?id=CVE-2022-49400
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers->free In normal stop process, it does like this: do_md_stop | __md_stop (pers->free(); mddev->private=NULL) | md_free (free mddev) __md_stop sets mddev->private to NULL after pers->free. The raid device will be stopped and mddev memory is free. But in reshape, it doesn't free the mddev and mddev will still be used in new raid. In reshape, it first sets mddev->private to new_pers and then run... • https://git.kernel.org/stable/c/00e3d58f50a875343124bcf5a9637520a492b0d1 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49399 – tty: goldfish: Use tty_port_destroy() to destroy port
https://notcve.org/view.php?id=CVE-2022-49399
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Use tty_port_destroy() to destroy port In goldfish_tty_probe(), the port initialized through tty_port_init() should be destroyed in error paths.In goldfish_tty_remove(), qtty->port also should be destroyed or else might leak resources. Fix the above by calling tty_port_destroy(). In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Use tty_port_destroy() to destroy port In goldfish_tty_probe(), t... • https://git.kernel.org/stable/c/666b7793d4bfa9f150b5c2007ab48c755ddc53ca •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49398 – usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback
https://notcve.org/view.php?id=CVE-2022-49398
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback The list_for_each_entry_safe() macro saves the current item (n) and the item after (n+1), so that n can be safely removed without corrupting the list. However, when traversing the list and removing items using gadget giveback, the DWC3 lock is briefly released, allowing other routines to execute. There is a situation where, while items are being removed from the cancell... • https://git.kernel.org/stable/c/d4f1afe5e896c18ae01099a85dab5e1a198bd2a8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49397 – phy: qcom-qmp: fix struct clk leak on probe errors
https://notcve.org/view.php?id=CVE-2022-49397
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference in case of a late probe error (e.g. probe deferral). In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference in case of a late probe error (e.g. probe deferral). • https://git.kernel.org/stable/c/e78f3d15e115e8e764d4b1562b4fa538f2e22f6b •