CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49153 – wireguard: socket: free skb in send6 when ipv6 is disabled
https://notcve.org/view.php?id=CVE-2022-49153
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 (size 232): comm "kworker/u17:0", pid 23193, jiffies 4295238848 (age 3464.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49151 – can: mcba_usb: properly check endpoint type
https://notcve.org/view.php?id=CVE-2022-49151
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. We should check that in endpoint is actually present to prevent this warning. Found pipes are now saved to struct mcba_priv and code uses them directly instead of making pipes in place. Fail log: | usb 5-1: BOGUS urb xfer, pipe 3 != type 1 | WARNING: CPU: 1 PID: 49 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2... • https://git.kernel.org/stable/c/51f3baad7de943780ce0c17bd7975df567dd6e14 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49149 – rxrpc: Fix call timer start racing with call destruction
https://notcve.org/view.php?id=CVE-2022-49149
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpc_call struct has a timer used to handle various timed events relating to a call. This timer can get started from the packet input routines that are run in softirq mode with just the RCU read lock held. Unfortunately, because only the RCU read lock is held - and neither ref or other lock is taken - the call can start getting destroyed at the same time a packet comes in address... • https://git.kernel.org/stable/c/a158bdd3247b9656df36ba133235fff702e9fdc3 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49148 – watch_queue: Free the page array when watch_queue is dismantled
https://notcve.org/view.php?id=CVE-2022-49148
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: watch_queue: Free the page array when watch_queue is dismantled Commit 7ea1a0124b6d ("watch_queue: Free the alloc bitmap when the watch_queue is torn down") took care of the bitmap, but not the page array. BUG: memory leak unreferenced object 0xffff88810d9bc140 (size 32): comm "syz-executor335", pid 3603, jiffies 4294946994 (age 12.840s) hex dump (first 32 bytes): 40 a7 40 04 00 ea ff ff 00 00 00 00 00 00 00 00 @.@............. 00 00 00 00 ... • https://git.kernel.org/stable/c/c73be61cede5882f9605a852414db559c0ebedfd •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49147 – block: Fix the maximum minor value is blk_alloc_ext_minor()
https://notcve.org/view.php?id=CVE-2022-49147
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, inclusive. So, NR_EXT_DEVT is a valid idx returned by blk_alloc_ext_minor(). This is an issue because in device_add_disk(), this value is used in: ddev->devt = MKDEV(disk->major, disk->first_minor); and NR_EXT_DEVT is '(1 << MINORBITS)'. So, should 'disk->first_minor' be NR_EXT_DEVT, it would overflow. • https://git.kernel.org/stable/c/22ae8ce8b89241c94ac00c237752c0ffa37ba5ae •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49145 – ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
https://notcve.org/view.php?id=CVE-2022-49145
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may not be present then. BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/ • https://git.kernel.org/stable/c/337aadff8e4567e39669e07d9a88b789d78458b5 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49144 – io_uring: fix memory leak of uid in files registration
https://notcve.org/view.php?id=CVE-2022-49144
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak of uid in files registration When there are no files for __io_sqe_files_scm() to process in the range, it'll free everything and return. However, it forgets to put uid. • https://git.kernel.org/stable/c/08a451739a9b5783f67de51e84cb6d9559bb9dc4 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49143 – nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
https://notcve.org/view.php?id=CVE-2022-49143
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: fix possible overflow on 'first_minor' in nbd_dev_add() When 'index' is a big numbers, it may become negative which forced to 'int'. then 'index << part_shift' might overflow to a positive value that is not greater than '0xfffff', then sysfs might complains about duplicate creation. Because of this, move the 'index' judgment to the front will fix it and be better. • https://git.kernel.org/stable/c/b0d9111a2d53785847763c64c40af2d4c4c5a8b7 •
CVSS: -EPSS: %CPEs: 11EXPL: 0CVE-2022-49142 – net: preserve skb_end_offset() in skb_unclone_keeptruesize()
https://notcve.org/view.php?id=CVE-2022-49142
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta < len) in skb_try_coalesce() [1] I was able to root cause the issue to kfence. When kfence is in action, the following assertion is no longer true: int size = xxxx; void *ptr1 = kmalloc(size, gfp); void *ptr2 = kmalloc(size, gfp); if (ptr1 && ptr2) ASSERT(ksize(ptr1) == ksize(ptr2)); We attempted to fix these issu... • https://git.kernel.org/stable/c/097b9146c0e26aabaa6ff3e5ea536a53f5254a79 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49140 – Revert "nbd: fix possible overflow on 'first_minor' in nbd_dev_add()"
https://notcve.org/view.php?id=CVE-2022-49140
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "nbd: fix possible overflow on 'first_minor' in nbd_dev_add()" This reverts commit 6d35d04a9e18990040e87d2bbf72689252669d54. Both Gabriel and Borislav report that this commit casues a regression with nbd: sysfs: cannot create duplicate filename '/dev/block/43:0' Revert it before 5.18-rc1 and we'll investigage this separately in due time. • https://git.kernel.org/stable/c/3b14aa053181709d42319d4145855025c23ddd12 •