CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49072 – gpio: Restrict usage of GPIO chip irq members before initialization
https://notcve.org/view.php?id=CVE-2022-49072
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: Restrict usage of GPIO chip irq members before initialization GPIO chip irq members are exposed before they could be completely initialized and this leads to race conditions. One such issue was observed for the gc->irq.domain variable which was accessed through the I2C interface in gpiochip_to_irq() before it could be initialized by gpiochip_add_irqchip(). This resulted in Kernel NULL pointer dereference. Following are the logs for re... • https://git.kernel.org/stable/c/7e88a50704b0c49ad3f2d11e8b963341cf68a89f •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49069 – drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw
https://notcve.org/view.php?id=CVE-2022-49069
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw [Why] Below general protection fault observed when WebGL Aquarium is run for longer duration. If drm debug logs are enabled and set to 0x1f then the issue is observed within 10 minutes of run. [ 100.717056] general protection fault, probably for non-canonical address 0x2d33302d32323032: 0000 [#1] PREEMPT SMP NOPTI [ 100.727921] CPU: 3 PID: 1906 Comm: DrmThread Tain... • https://git.kernel.org/stable/c/e995c5d52ec7415644eee617fc7e906b51aec7ae •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49067 – powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
https://notcve.org/view.php?id=CVE-2022-49067
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way __pa() works we have: __pa(0x8000000000000000) == 0, and therefore virt_to_pfn(0x8000000000000000) == 0, and therefore virt_addr_valid(0x8000000000000000) == true Which is wrong, virt_addr_valid() should be false for vmalloc space. In fact all vmalloc addresses that alias with a valid PFN will return... • https://git.kernel.org/stable/c/deab81144d5a043f42804207fb76cfbd8a806978 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49066 – veth: Ensure eth header is in skb's linear part
https://notcve.org/view.php?id=CVE-2022-49066
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with act_mirred, skb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(), which expects at least ETH_HLEN byte of linear data (as __dev_forward_skb2() calls eth_type_trans(), which pulls ETH_HLEN bytes unconditionally). Use pskb_may_pull() to ensure veth_xmit() respects this constraint. kernel BUG at include/linux/skbuff.h:2328! RI... • https://git.kernel.org/stable/c/e314dbdc1c0dc6a548ecf0afce28ecfd538ff568 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49065 – SUNRPC: Fix the svc_deferred_event trace class
https://notcve.org/view.php?id=CVE-2022-49065
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix the svc_deferred_event trace class Fix a NULL deref crash that occurs when an svc_rqst is deferred while the sunrpc tracing subsystem is enabled. svc_revisit() sets dr->xprt to NULL, so it can't be relied upon in the tracepoint to provide the remote's address. Unfortunately we can't revert the "svc_deferred_class" hunk in commit ece200ddd54b ("sunrpc: Save remote presentation address in svc_xprt for trace events") because there ... • https://git.kernel.org/stable/c/ece200ddd54b9ce840cfee554fb812560c545c7d •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49061 – net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
https://notcve.org/view.php?id=CVE-2022-49061
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link When using a fixed-link, the altr_tse_pcs driver crashes due to null-pointer dereference as no phy_device is provided to tse_pcs_fix_mac_speed function. Fix this by adding a check for phy_dev before calling the tse_pcs_fix_mac_speed() function. Also clean up the tse_pcs_fix_mac_speed function a bit. There is no need to check for splitter_base and sgmii_adapter_base bec... • https://git.kernel.org/stable/c/fb3bbdb859891e6bc27fd1afb3a07319f82c2ee4 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49059 – nfc: nci: add flush_workqueue to prevent uaf
https://notcve.org/view.php?id=CVE-2022-49059
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flush_workqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism (timer and workqueue). The race can be demonstrated below: Thread-1 Thread-2 | nci_dev_up() | nci_open_device() | __nci_request(nci_reset_req) | nci_send_cmd | queue_work(cmd_work) nci_unregister_device() | nci_close_device()... • https://git.kernel.org/stable/c/6a2968aaf50c7a22fced77a5e24aa636281efca8 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49058 – cifs: potential buffer overflow in handling symlinks
https://notcve.org/view.php?id=CVE-2022-49058
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'link_len' as untrusted since it comes from sscanf(). Add a check to ensure that 'link_len' is not larger than the size of the 'link_str' buffer. • https://git.kernel.org/stable/c/c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49055 – drm/amdkfd: Check for potential null return of kmalloc_array()
https://notcve.org/view.php?id=CVE-2022-49055
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmalloc_array() As the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference. Therefore, it is better to check the return value of kmalloc_array() to avoid this confusion. • https://git.kernel.org/stable/c/32cf90a521dcc0f136db7ee5ba32bfe5f79e460e •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49054 – Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests
https://notcve.org/view.php?id=CVE-2022-49054
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests hv_panic_page might contain guest-sensitive information, do not dump it over to Hyper-V by default in isolated guests. While at it, update some comments in hyperv_{panic,die}_event(). • https://git.kernel.org/stable/c/1b576e81d31b56b248316b8ff816b1cc5c4407c7 •