CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49673 – dm raid: fix KASAN warning in raid5_add_disks
https://notcve.org/view.php?id=CVE-2022-49673
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5_add_disks There's a KASAN warning in raid5_add_disk when running the LVM testsuite. The warning happens in the test lvconvert-raid-reshape-linear_to_raid6-single-type.sh. We fix the warning by verifying that rdev->saved_raid_disk is within limits. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5_add_disks There's a KASAN warning in raid5_add_disk when... • https://git.kernel.org/stable/c/2d4e7c9898c20fb3d3f55381cab601761aab7d64 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49668 – PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events
https://notcve.org/view.php?id=CVE-2022-49668
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. This function only calls of_node_put() in normal path, missing it in error paths. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_d... • https://git.kernel.org/stable/c/f262f28c147051e7aa6daaf4fb5996833ffadff4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49661 – can: gs_usb: gs_usb_open/close(): fix memory leak
https://notcve.org/view.php?id=CVE-2022-49661
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_open/close(): fix memory leak The gs_usb driver appears to suffer from a malady common to many USB CAN adapter drivers in that it performs usb_alloc_coherent() to allocate a number of USB request blocks (URBs) for RX, and then later relies on usb_kill_anchored_urbs() to free them, but this doesn't actually free them. As a result, this may be leaking DMA memory that's been used by the driver. This commit is an adaptation ... • https://git.kernel.org/stable/c/d08e973a77d128b25e01a08c34d89593fdf222da •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49657 – usbnet: fix memory leak in error case
https://notcve.org/view.php?id=CVE-2022-49657
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer The SUSE Linux Enterpris... • https://git.kernel.org/stable/c/877bd862f32b815d54ab5fc10a4fd903d7bf3012 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49651 – srcu: Tighten cleanup_srcu_struct() GP checks
https://notcve.org/view.php?id=CVE-2022-49651
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanup_srcu_struct() GP checks Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does not check for a grace period that has not yet started but which might start at any time. Such a situation could result in a use-after-free bug, so this commit adds a check for a grace period that is needed but not yet started to cleanup_srcu_struct(). In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/e997dda6502eefbc1032d6b0da7b353c53344b07 • CWE-416: Use After Free CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49647 – cgroup: Use separate src/dst nodes when preloading css_sets for migration
https://notcve.org/view.php?id=CVE-2022-49647
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading css_sets for migration Each cset (css_set) is pinned by its tasks. When we're moving tasks around across csets for a migration, we need to hold the source and destination csets to ensure that they don't go away while we're moving tasks about. This is done by linking cset->mg_preload_node on either the mgctx->preloaded_src_csets or mgctx->preloaded_dst_csets list. Using the same cset->mg_pre... • https://git.kernel.org/stable/c/f817de98513d060023be4fa1d061b29a6515273e • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49639 – cipso: Fix data-races around sysctl.
https://notcve.org/view.php?id=CVE-2022-49639
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. • https://git.kernel.org/stable/c/446fda4f26822b2d42ab3396aafcedf38a9ff2b6 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49638 – icmp: Fix data-races around sysctl.
https://notcve.org/view.php?id=CVE-2022-49638
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. While reading icmp sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. A flaw was found in the Linux kernel's ICMP protocol. A race condition can occur when reading the ICMP sysctl variables due to a missing lock, potentially impacting system stability and resulting in a denial of service. In the Linux kernel, the following vulnerability has been resolve... • https://git.kernel.org/stable/c/4cdf507d54525842dfd9f6313fdafba039084046 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49632 – icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr.
https://notcve.org/view.php?id=CVE-2022-49632
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. While reading sysctl_icmp_errors_use_inbound_ifaddr, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. A flaw was found in the Linux kernel's ICMP protocol. A race condition can occur when reading the sysctl_icmp_errors_use_inbound_ifaddr resource due to a missing lock, potentially impacting system stability and resulting in a denial of service... • https://git.kernel.org/stable/c/1c2fb7f93cb20621772bf304f3dba0849942e5db • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49623 – powerpc/xive/spapr: correct bitmap allocation size
https://notcve.org/view.php?id=CVE-2022-49623
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/xive/spapr: correct bitmap allocation size kasan detects access beyond the end of the xibm->bitmap allocation: BUG: KASAN: slab-out-of-bounds in _find_first_zero_bit+0x40/0x140 Read of size 8 at addr c00000001d1d0118 by task swapper/0/1 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc2-00001-g90df023b36dd #28 Call Trace: [c00000001d98f770] [c0000000012baab8] dump_stack_lvl+0xac/0x108 (unreliable) [c00000001d98f7b0] [c00000000068f... • https://git.kernel.org/stable/c/10f2cd373e65bcd3be8f3cdc71c330c25763dfd8 •