CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2022-49418 – NFSv4: Fix free of uninitialized nfs4_label on referral lookup.
https://notcve.org/view.php?id=CVE-2022-49418
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix free of uninitialized nfs4_label on referral lookup. Send along the already-allocated fattr along with nfs4_fs_locations, and drop the memcpy of fattr. We end up growing two more allocations, but this fixes up a crash as: PID: 790 TASK: ffff88811b43c000 CPU: 0 COMMAND: "ls" #0 [ffffc90000857920] panic at ffffffff81b9bfde #1 [ffffc900008579c0] do_trap at ffffffff81023a9b #2 [ffffc90000857a10] do_error_trap at ffffffff81023b78 #3 [... • https://git.kernel.org/stable/c/9558a007dbc383d48e7f5a123d0b5ff656c71068 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49417 – iwlwifi: mei: fix potential NULL-ptr deref
https://notcve.org/view.php?id=CVE-2022-49417
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mei: fix potential NULL-ptr deref If SKB allocation fails, continue rather than using the NULL pointer. Coverity CID: 1497650 In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mei: fix potential NULL-ptr deref If SKB allocation fails, continue rather than using the NULL pointer. Coverity CID: 1497650 • https://git.kernel.org/stable/c/2da4366f9e2c44afedec4acad65a99a3c7da1a35 •
CVSS: 7.8EPSS: %CPEs: 9EXPL: 0CVE-2022-49416 – wifi: mac80211: fix use-after-free in chanctx code
https://notcve.org/view.php?id=CVE-2022-49416
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211_vif_use_reserved_context(), when we have an old context and the new context's replace_state is set to IEEE80211_CHANCTX_REPLACE_NONE, we free the old context in ieee80211_vif_use_reserved_reassign(). Therefore, we cannot check the old_ctx anymore, so we should set it to NULL after this point. However, since the new_ctx replace state is clearly not IEEE80211_CHANCTX_REPLACES_OTH... • https://git.kernel.org/stable/c/5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2022-49415 – ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe
https://notcve.org/view.php?id=CVE-2022-49415
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Ad... • https://git.kernel.org/stable/c/00d93611f00219bd142aa119c5121793cac30ff0 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2022-49414 – ext4: fix race condition between ext4_write and ext4_convert_inline_data
https://notcve.org/view.php?id=CVE-2022-49414
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix race condition between ext4_write and ext4_convert_inline_data Hulk Robot reported a BUG_ON: ================================================================== EXT4-fs error (device loop3): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free clusters kernel BUG at fs/ext4/ext4_jbd2.c:53! invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 25371 Comm: syz-executor.3 Not tainted 5.10.0+... • https://git.kernel.org/stable/c/0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49413 – bfq: Update cgroup information before merging bio
https://notcve.org/view.php?id=CVE-2022-49413
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-f... • https://git.kernel.org/stable/c/e21b7a0b988772e82e7147e1c659a5afe2ae003c •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49412 – bfq: Avoid merging queues with different parents
https://notcve.org/view.php?id=CVE-2022-49412
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Avoid merging queues with different parents It can happen that the parent of a bfqq changes between the moment we decide two queues are worth to merge (and set bic->stable_merge_bfqq) and the moment bfq_setup_merge() is called. This can happen e.g. because the process submitted IO for a different cgroup and thus bfqq got reparented. It can even happen that the bfqq we are merging with has parent cgroup that is already offline and going... • https://git.kernel.org/stable/c/430a67f9d6169a7b3e328bceb2ef9542e4153c7c •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2022-49411 – bfq: Make sure bfqg for which we are queueing requests is online
https://notcve.org/view.php?id=CVE-2022-49411
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgroup that was already offlined. This may then cause insertion of this bfq_group into a service tree. But this bfq_group will get freed as soon as last bio associated with it is completed leading to use after free issues for service tree users. Fix the problem by making sure we always operate on online bfq_group. If t... • https://git.kernel.org/stable/c/e21b7a0b988772e82e7147e1c659a5afe2ae003c •
CVSS: 7.1EPSS: %CPEs: 7EXPL: 0CVE-2022-49410 – tracing: Fix potential double free in create_var_ref()
https://notcve.org/view.php?id=CVE-2022-49410
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential double free in create_var_ref() In create_var_ref(), init_var_ref() is called to initialize the fields of variable ref_field, which is allocated in the previous function call to create_hist_field(). Function init_var_ref() allocates the corresponding fields such as ref_field->system, but frees these fields when the function encounters an error. The caller later calls destroy_hist_field() to conduct error handling, whi... • https://git.kernel.org/stable/c/067fe038e70f6e64960d26a79c4df5f1413d0f13 •
CVSS: 7.8EPSS: %CPEs: 10EXPL: 0CVE-2022-49409 – ext4: fix bug_on in __es_tree_search
https://notcve.org/view.php?id=CVE-2022-49409
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: ================================================================== kernel BUG at fs/ext4/extents_status.c:199! [...] RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline] RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217 [...] Call Trace: ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766 ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561... • https://git.kernel.org/stable/c/5946d089379a35dda0e531710b48fca05446a196 •