CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49541 – cifs: fix potential double free during failed mount
https://notcve.org/view.php?id=CVE-2022-49541
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799 • https://git.kernel.org/stable/c/ce0008a0e410cdd95f0d8cd81b2902ec10a660c4 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49540 – rcu-tasks: Fix race in schedule and flush work
https://notcve.org/view.php?id=CVE-2022-49540
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix race in schedule and flush work While booting secondary CPUs, cpus_read_[lock/unlock] is not keeping online cpumask stable. The transient online mask results in below calltrace. [ 0.324121] CPU1: Booted secondary processor 0x0000000001 [0x410fd083] [ 0.346652] Detected PIPT I-cache on CPU2 [ 0.347212] CPU2: Booted secondary processor 0x0000000002 [0x410fd083] [ 0.377255] Detected PIPT I-cache on CPU3 [ 0.377823] CPU3: Booted ... • https://git.kernel.org/stable/c/1c6c3f2336642fb3074593911f5176565f47ec41 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49539 – rtw89: ser: fix CAM leaks occurring in L2 reset
https://notcve.org/view.php?id=CVE-2022-49539
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtw89: ser: fix CAM leaks occurring in L2 reset The CAM, meaning address CAM and bssid CAM here, will get leaks during SER (system error recover) L2 reset process and ieee80211_restart_hw() which is called by L2 reset process eventually. The normal flow would be like -> add interface (acquire 1) -> enter ips (release 1) -> leave ips (acquire 1) -> connection (occupy 1) <(A) 1 leak after L2 reset if non-sec connection> The ieee80211_restart_... • https://git.kernel.org/stable/c/f6aff772c9978844529618d86aafb53e5d3ae161 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49538 – ALSA: jack: Access input_dev under mutex
https://notcve.org/view.php?id=CVE-2022-49538
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_report, which causes NULL pointer dereference. In order to prevent this serialize access to input_dev using mutex lock. • https://git.kernel.org/stable/c/74bab3bcf422593c582e47130aa8eb41ebb2dc09 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49537 – scsi: lpfc: Fix call trace observed during I/O with CMF enabled
https://notcve.org/view.php?id=CVE-2022-49537
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smp_processor_id() in preemptible code: systemd-udevd/31711 kernel: caller is lpfc_update_cmf_cmd+0x214/0x420 [lpfc] kernel: CPU: 12 PID: 31711 Comm: systemd-udevd kernel: Call Trace: kernel:
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49536 – scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
https://notcve.org/view.php?id=CVE-2022-49536
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: native_queued_spin_lock_slowpath+0x192 _raw_spin_lock_irqsave+0x32 lpfc_handle_fcp_err+0x4c6 lpfc_fcp_io_cmd_wqe_cmpl+0x964 lpfc_sli4_fp_handle_cqe+0x266 __lpfc_sli4_process_cq+0x105 __lpfc_sli4_hba_process_cq+0x3c lpfc_cq_poll_hdler+0x16 irq_poll_softirq+0x76 __softirqentry_text_start+0xe4 ir... • https://git.kernel.org/stable/c/7625e81de2164a082810e1f27547d388406da610 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49535 – scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
https://notcve.org/view.php?id=CVE-2022-49535
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfc_issue_els_flogi() fails and returns non-zero status, the node reference count is decremented to trigger the release of the nodelist structure. However, if there is a prior registration or dev-loss-evt work pending, the node may be released prematurely. When dev-loss-evt completes, the released node is referenced causing a use-after-free null pointer dere... • https://git.kernel.org/stable/c/10663ebec0ad5c78493a0dd34c9ee4d73d7ca0df •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49534 – scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
https://notcve.org/view.php?id=CVE-2022-49534
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s login_mbox). Check if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(), and then free it back to phba->mbox_mem_pool along with mbox->ctx_buf for service parameters. For lpfc_els_rsp_reject() failure, free both the ctx_... • https://git.kernel.org/stable/c/c00df0f34a6d5e14da379f96ea67e501ce67b002 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49533 – ath11k: Change max no of active probe SSID and BSSID to fw capability
https://notcve.org/view.php?id=CVE-2022-49533
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: Change max no of active probe SSID and BSSID to fw capability The maximum number of SSIDs in a for active probe requests is currently reported as 16 (WLAN_SCAN_PARAMS_MAX_SSID) when registering the driver. The scan_req_params structure only has the capacity to hold 10 SSIDs. This leads to a buffer overflow which can be triggered from wpa_supplicant in userspace. When copying the SSIDs into the scan_req_params structure in the ath11k... • https://git.kernel.org/stable/c/210505788f1d243232e21ef660efcd4838890ce8 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49532 – drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
https://notcve.org/view.php?id=CVE-2022-49532
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: [ 168.567394] FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 [ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1 [ 168.567406] Hardware name... • https://git.kernel.org/stable/c/e0828456578cc8ba0a69147f7ae3428392eec287 •