CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49124 – x86/mce: Work around an erratum on fast string copy instructions
https://notcve.org/view.php?id=CVE-2022-49124
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1) An uncorrected error. 2) That error must be in first cache line of a page. 3) Kernel must execute page_copy from the page immediately before that page. The fast string copy instructions ("REP; MOVS*") could consume an uncorrectable memory error i... • https://git.kernel.org/stable/c/ba37c73be3d5632f6fb9fa20b250ce45560ca85d • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49122 – dm ioctl: prevent potential spectre v1 gadget
https://notcve.org/view.php?id=CVE-2022-49122
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec. A vulnerability was found in the Linux kernel's `dm-ioctl` interface in the `lookup_ioctl()` function, which accepts a user-provided `cmd` value that is used to index the... • https://git.kernel.org/stable/c/76c94651005f58885facf9c973007f5ea01ab01f •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49121 – scsi: pm8001: Fix tag leaks on error
https://notcve.org/view.php?id=CVE-2022-49121
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix tag leaks on error In pm8001_chip_set_dev_state_req(), pm8001_chip_fw_flash_update_req(), pm80xx_chip_phy_ctl_req() and pm8001_chip_reg_dev_req() add missing calls to pm8001_tag_free() to free the allocated tag when pm8001_mpi_build_cmd() fails. Similarly, in pm8001_exec_internal_task_abort(), if the chip ->task_abort method fails, the tag allocated for the abort request task must be freed. Add the missing call to pm8001_t... • https://git.kernel.org/stable/c/a0bb65eadbf942024226241d9d99fed17168940b •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49120 – scsi: pm8001: Fix task leak in pm8001_send_abort_all()
https://notcve.org/view.php?id=CVE-2022-49120
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix task leak in pm8001_send_abort_all() In pm8001_send_abort_all(), make sure to free the allocated sas task if pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail. • https://git.kernel.org/stable/c/2051044d7901f1a9d7be95d0d32e53b88e9548f7 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49119 – scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()
https://notcve.org/view.php?id=CVE-2022-49119
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() In pm8001_chip_fw_flash_update_build(), if pm8001_chip_fw_flash_update_build() fails, the struct fw_control_ex allocated must be freed. • https://git.kernel.org/stable/c/d83574666bac4b1462e90df393fbed6c5f57d1a3 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49117 – mips: ralink: fix a refcount leak in ill_acc_of_setup()
https://notcve.org/view.php?id=CVE-2022-49117
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mips: ralink: fix a refcount leak in ill_acc_of_setup() of_node_put(np) needs to be called when pdev == NULL. • https://git.kernel.org/stable/c/060a485df4ec1183d543317511cb4caa43468b5d •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49114 – scsi: libfc: Fix use after free in fc_exch_abts_resp()
https://notcve.org/view.php?id=CVE-2022-49114
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix use after free in fc_exch_abts_resp() fc_exch_release(ep) will decrease the ep's reference count. When the reference count reaches zero, it is freed. But ep is still used in the following code, which will lead to a use after free. Return after the fc_exch_release() call to avoid use after free. A vulnerability was found in the Linux kernel's SCSI libfc library in the `fc_exch_abts_resp()` function, which can lead to a use-a... • https://git.kernel.org/stable/c/42e9a92fe6a9095bd68a379aaec7ad2be0337f7a • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49113 – powerpc/secvar: fix refcount leak in format_show()
https://notcve.org/view.php?id=CVE-2022-49113
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/secvar: fix refcount leak in format_show() Refcount leak will happen when format_show returns failure in multiple cases. Unified management of of_node_put can fix this problem. • https://git.kernel.org/stable/c/02222bf4f0a27f6eba66d1f597cdb5daadd51829 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49111 – Bluetooth: Fix use after free in hci_send_acl
https://notcve.org/view.php?id=CVE-2022-49111
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receiving HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without first checking if conn->type is in fact AMP_LINK and in case it is do properly cleanup upper layers with hci_disconn_cfm: ================================================================== BUG: KASAN: use-after-free in hci_send_acl+0xaba/0xc50 Read of size 8 at addr ffff88800e... • https://git.kernel.org/stable/c/c41de54b0a963e59e4dd04c029a4a6d73f45ef9c • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49110 – netfilter: conntrack: revisit gc autotuning
https://notcve.org/view.php?id=CVE-2022-49110
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: revisit gc autotuning as of commit 4608fdfc07e1 ("netfilter: conntrack: collect all entries in one cycle") conntrack gc was changed to run every 2 minutes. On systems where conntrack hash table is set to large value, most evictions happen from gc worker rather than the packet path due to hash table distribution. This causes netlink event overflows when events are collected. This change collects average expiry of scanne... • https://git.kernel.org/stable/c/58d52743ae85d28c9335c6034d6ce350b8689951 •