CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49829 – drm/scheduler: fix fence ref counting
https://notcve.org/view.php?id=CVE-2022-49829
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: fix fence ref counting We leaked dependency fences when processes were beeing killed. Additional to that grab a reference to the last scheduled fence. • https://git.kernel.org/stable/c/e5f4b38362df93594cb426b04979d8834122f159 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49828 – hugetlbfs: don't delete error page from pagecache
https://notcve.org/view.php?id=CVE-2022-49828
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: don't delete error page from pagecache This change is very similar to the change that was made for shmem [1], and it solves the same problem but for HugeTLBFS instead. Currently, when poison is found in a HugeTLB page, the page is removed from the page cache. That means that attempting to map or read that hugepage in the future will result in a new hugepage being allocated instead of notifying the user that the page was poisoned.... • https://git.kernel.org/stable/c/30571f28bb35c826219971c63bcf60d2517112ed •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49825 – ata: libata-transport: fix error handling in ata_tport_add()
https://notcve.org/view.php?id=CVE-2022-49825
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ ... • https://git.kernel.org/stable/c/d9027470b88631d0956ac37cdadfdeb9cdcf2c99 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49824 – ata: libata-transport: fix error handling in ata_tlink_add()
https://notcve.org/view.php?id=CVE-2022-49824
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tlink_add() In ata_tlink_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ ... • https://git.kernel.org/stable/c/d9027470b88631d0956ac37cdadfdeb9cdcf2c99 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49823 – ata: libata-transport: fix error handling in ata_tdev_add()
https://notcve.org/view.php?id=CVE-2022-49823
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tdev_add() In ata_tdev_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #3... • https://git.kernel.org/stable/c/d9027470b88631d0956ac37cdadfdeb9cdcf2c99 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49821 – mISDN: fix possible memory leak in mISDN_dsp_element_register()
https://notcve.org/view.php?id=CVE-2022-49821
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_device() to give up the reference, so that the name can be freed in kobject_cleanup() when the refcount is 0. The 'entry' is going to be freed in mISDN_dsp_dev_release(), so the kfree() is removed. list_del() is called in mISDN_dsp_dev_r... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49816 – xen/pcpu: fix possible memory leak in register_pcpu()
https://notcve.org/view.php?id=CVE-2022-49816
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: xen/pcpu: fix possible memory leak in register_pcpu() In device_add(), dev_set_name() is called to allocate name, if it returns error, the name need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). • https://git.kernel.org/stable/c/f65c9bb3fb725551d3e405f4d092caf24929cebe •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49814 – kcm: close race conditions on sk_receive_queue
https://notcve.org/view.php?id=CVE-2022-49814
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: kcm: close race conditions on sk_receive_queue sk->sk_receive_queue is protected by skb queue lock, but for KCM sockets its RX path takes mux->rx_lock to protect more than just skb queue. However, kcm_recvmsg() still only grabs the skb queue lock, so race conditions still exist. We can teach kcm_recvmsg() to grab mux->rx_lock too but this would introduce a potential performance regression as struct kcm_mux can be shared by multiple KCM sock... • https://git.kernel.org/stable/c/ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49813 – net: ena: Fix error handling in ena_init()
https://notcve.org/view.php?id=CVE-2022-49813
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver() failed to prevent the resource leak. • https://git.kernel.org/stable/c/1738cd3ed342294360d6a74d4e58800004bff854 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49811 – drbd: use after free in drbd_create_device()
https://notcve.org/view.php?id=CVE-2022-49811
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe() iterator to prevent a use after free. • https://git.kernel.org/stable/c/b6f85ef9538b2111a8ba0bbfae9aaebabfc94961 •