CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49167 – btrfs: do not double complete bio on errors during compressed reads
https://notcve.org/view.php?id=CVE-2022-49167
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not double complete bio on errors during compressed reads I hit some weird panics while fixing up the error handling from btrfs_lookup_bio_sums(). Turns out the compression path will complete the bio we use if we set up any of the compression bios and then return an error, and then btrfs_submit_data_bio() will also call bio_endio() on the bio. Fix this by making btrfs_submit_compressed_read() responsible for calling bio_endio() on... • https://git.kernel.org/stable/c/4a4ceb2b990771c374d85d496a1a45255dde48e3 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49166 – ntfs: add sanity check on allocation size
https://notcve.org/view.php?id=CVE-2022-49166
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs: add sanity check on allocation size ntfs_read_inode_mount invokes ntfs_malloc_nofs with zero allocation size. It triggers one BUG in the __ntfs_malloc function. Fix this by adding sanity check on ni->attr_list_size. • https://git.kernel.org/stable/c/bd8d7daa0e53b184a2f3c6e0d47330780d0a0650 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49165 – media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers
https://notcve.org/view.php?id=CVE-2022-49165
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers If the application queues an NV12M jpeg as output buffer, but then queues a single planar capture buffer, the kernel will crash with "Unable to handle kernel NULL pointer dereference" in mxc_jpeg_addrs, prevent this by finishing the job with error. • https://git.kernel.org/stable/c/eff76b180751e5e55c872d17755680c3b83ba9ab •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49164 – powerpc/tm: Fix more userspace r13 corruption
https://notcve.org/view.php?id=CVE-2022-49164
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/tm: Fix more userspace r13 corruption Commit cf13435b730a ("powerpc/tm: Fix userspace r13 corruption") fixes a problem in treclaim where a SLB miss can occur on the thread_struct->ckpt_regs while SCRATCH0 is live with the saved user r13 value, clobbering it with the kernel r13 and ultimately resulting in kernel r13 being stored in ckpt_regs. There is an equivalent problem in trechkpt where the user r13 value is loaded into r13 from ... • https://git.kernel.org/stable/c/98ae22e15b430bfed5def01ac1a88ec9396284c8 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49163 – media: imx-jpeg: fix a bug of accessing array out of bounds
https://notcve.org/view.php?id=CVE-2022-49163
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: fix a bug of accessing array out of bounds When error occurs in parsing jpeg, the slot isn't acquired yet, it may be the default value MXC_MAX_SLOTS. If the driver access the slot using the incorrect slot number, it will access array out of bounds. The result is the driver will change num_domains, which follows slot_data in struct mxc_jpeg_dev. Then the driver won't detach the pm domain at rmmod, which will lead to kernel p... • https://git.kernel.org/stable/c/02f9f97d54ffc85b50ad77f5b1f3c8f69cd17747 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49162 – video: fbdev: sm712fb: Fix crash in smtcfb_write()
https://notcve.org/view.php?id=CVE-2022-49162
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: sm712fb: Fix crash in smtcfb_write() When the sm712fb driver writes three bytes to the framebuffer, the driver will crash: BUG: unable to handle page fault for address: ffffc90001ffffff RIP: 0010:smtcfb_write+0x454/0x5b0 Call Trace: vfs_write+0x291/0xd60 ? do_sys_openat2+0x27d/0x350 ? __fget_light+0x54/0x340 ksys_write+0xce/0x190 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Fix it by removing the open-coded... • https://git.kernel.org/stable/c/fb791514acf9070225eed46e1ccbb0aa7aae5da5 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49161 – ASoC: mediatek: Fix error handling in mt8183_da7219_max98357_dev_probe
https://notcve.org/view.php?id=CVE-2022-49161
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8183_da7219_max98357_dev_probe The device_node pointer is returned by of_parse_phandle() with refcount incremented. We should use of_node_put() on it when done. This function only calls of_node_put() in the regular path. And it will cause refcount leak in error paths. Fix this by calling of_node_put() in error handling too. • https://git.kernel.org/stable/c/9b9f6227e8d0c7c46b6d9d7b8a5c4e0536049fcf •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49160 – scsi: qla2xxx: Fix crash during module load unload test
https://notcve.org/view.php?id=CVE-2022-49160
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash during module load unload test During purex packet handling the driver was incorrectly freeing a pre-allocated structure. Fix this by skipping that entry. System crashed with the following stack during a module unload test. Call Trace: sbitmap_init_node+0x7f/0x1e0 sbitmap_queue_init_node+0x24/0x150 blk_mq_init_bitmaps+0x3d/0xa0 blk_mq_init_tags+0x68/0x90 blk_mq_alloc_map_and_rqs+0x44/0x120 blk_mq_alloc_set_map_and_r... • https://git.kernel.org/stable/c/62e9dd177732843ae6c5b9d2ed61e7c9538fa276 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49159 – scsi: qla2xxx: Implement ref count for SRB
https://notcve.org/view.php?id=CVE-2022-49159
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement ref count for SRB The timeout handler and the done function are racing. When qla2x00_async_iocb_timeout() starts to run it can be preempted by the normal response path (via the firmware?). qla24xx_async_gpsc_sp_done() releases the SRB unconditionally. When scheduling back to qla2x00_async_iocb_timeout() qla24xx_async_abort_cmd() will access an freed sp->qpair pointer: qla2xxx [0000:83:00.0]-2871:0: Async-gpsc timeou... • https://git.kernel.org/stable/c/e17111dd2fda81c35f309b1e5b6ab35809a375e7 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49158 – scsi: qla2xxx: Fix warning message due to adisc being flushed
https://notcve.org/view.php?id=CVE-2022-49158
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix warning message due to adisc being flushed Fix warning message due to adisc being flushed. Linux kernel triggered a warning message where a different error code type is not matching up with the expected type. Add additional translation of one error code type to another. WARNING: CPU: 2 PID: 1131623 at drivers/scsi/qla2xxx/qla_init.c:498 qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx] CPU: 2 PID: 1131623 Comm: drmgr Not ... • https://git.kernel.org/stable/c/7a3457777c4f700c64836e78dc71e6ce459f62b8 •