CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49157 – scsi: qla2xxx: Fix premature hw access after PCI error
https://notcve.org/view.php?id=CVE-2022-49157
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix premature hw access after PCI error After a recoverable PCI error has been detected and recovered, qla driver needs to check to see if the error condition still persist and/or wait for the OS to give the resume signal. Sep 8 22:26:03 localhost kernel: WARNING: CPU: 9 PID: 124606 at qla_tmpl.c:440 qla27xx_fwdt_entry_t266+0x55/0x60 [qla2xxx] Sep 8 22:26:03 localhost kernel: RIP: 0010:qla27xx_fwdt_entry_t266+0x55/0x60 [qla2x... • https://git.kernel.org/stable/c/5ef6319f9882699613d5182fbd7929b017e8c5ab •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49156 – scsi: qla2xxx: Fix scheduling while atomic
https://notcve.org/view.php?id=CVE-2022-49156
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer (fc_remote_port_delete) which can put the thread to sleep. The thread that originates the call is in interrupt context. The combination of the two trigger a crash. Schedule the call in non-interrupt context where it is more safe. kernel: BUG: scheduling while atomic: swapper/7/0/0x00010000 kernel: Call Trace: kernel:
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49155 – scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
https://notcve.org/view.php?id=CVE-2022-49155
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() [ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020 [ 12.332297] caller is qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx] [ 12.338417] CPU: 7 PID: 1020 Comm: systemd-udevd Tainted: G I --------- --- 5.14.0-29.el9.x86_64 #1 [ 12.348827] Hardware name: Dell Inc. PowerEdge R610/0F0XJ6, BIOS 6.6.0 05/22/2018 [ 12.356356] Call Trace: [ 12.35882... • https://git.kernel.org/stable/c/43195a0c620761fbb88db04e2475313855b948a4 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49154 – KVM: SVM: fix panic on out-of-bounds guest IRQ
https://notcve.org/view.php?id=CVE-2022-49154
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guest_irq is coming from KVM_IRQFD API call, it may trigger crash in svm_update_pi_irte() due to out-of-bounds: crash> bt PID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: "vcpu8" #0 [ffffb1ba6707fa40] machine_kexec at ffffffff8565b397 #1 [ffffb1ba6707fa90] __crash_kexec at ffffffff85788a6d #2 [ffffb1ba6707fb58] crash_kexec at ffffffff8578995d #3 [ffffb1ba6707fb70] oops_end at ffffffff85623... • https://git.kernel.org/stable/c/0fb470eb48892e131d10aa3be6915239e65758f3 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49153 – wireguard: socket: free skb in send6 when ipv6 is disabled
https://notcve.org/view.php?id=CVE-2022-49153
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 (size 232): comm "kworker/u17:0", pid 23193, jiffies 4295238848 (age 3464.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49151 – can: mcba_usb: properly check endpoint type
https://notcve.org/view.php?id=CVE-2022-49151
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. We should check that in endpoint is actually present to prevent this warning. Found pipes are now saved to struct mcba_priv and code uses them directly instead of making pipes in place. Fail log: | usb 5-1: BOGUS urb xfer, pipe 3 != type 1 | WARNING: CPU: 1 PID: 49 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2... • https://git.kernel.org/stable/c/51f3baad7de943780ce0c17bd7975df567dd6e14 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49149 – rxrpc: Fix call timer start racing with call destruction
https://notcve.org/view.php?id=CVE-2022-49149
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpc_call struct has a timer used to handle various timed events relating to a call. This timer can get started from the packet input routines that are run in softirq mode with just the RCU read lock held. Unfortunately, because only the RCU read lock is held - and neither ref or other lock is taken - the call can start getting destroyed at the same time a packet comes in address... • https://git.kernel.org/stable/c/a158bdd3247b9656df36ba133235fff702e9fdc3 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49148 – watch_queue: Free the page array when watch_queue is dismantled
https://notcve.org/view.php?id=CVE-2022-49148
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: watch_queue: Free the page array when watch_queue is dismantled Commit 7ea1a0124b6d ("watch_queue: Free the alloc bitmap when the watch_queue is torn down") took care of the bitmap, but not the page array. BUG: memory leak unreferenced object 0xffff88810d9bc140 (size 32): comm "syz-executor335", pid 3603, jiffies 4294946994 (age 12.840s) hex dump (first 32 bytes): 40 a7 40 04 00 ea ff ff 00 00 00 00 00 00 00 00 @.@............. 00 00 00 00 ... • https://git.kernel.org/stable/c/c73be61cede5882f9605a852414db559c0ebedfd •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49147 – block: Fix the maximum minor value is blk_alloc_ext_minor()
https://notcve.org/view.php?id=CVE-2022-49147
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, inclusive. So, NR_EXT_DEVT is a valid idx returned by blk_alloc_ext_minor(). This is an issue because in device_add_disk(), this value is used in: ddev->devt = MKDEV(disk->major, disk->first_minor); and NR_EXT_DEVT is '(1 << MINORBITS)'. So, should 'disk->first_minor' be NR_EXT_DEVT, it would overflow. • https://git.kernel.org/stable/c/22ae8ce8b89241c94ac00c237752c0ffa37ba5ae •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49145 – ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
https://notcve.org/view.php?id=CVE-2022-49145
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may not be present then. BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/ • https://git.kernel.org/stable/c/337aadff8e4567e39669e07d9a88b789d78458b5 •