CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2022-49337 – ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
https://notcve.org/view.php?id=CVE-2022-49337
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock When user_dlm_destroy_lock failed, it didn't clean up the flags it set before exit. For USER_LOCK_IN_TEARDOWN, if this function fails because of lock is still in used, next time when unlink invokes this function, it will return succeed, and then unlink will remove inode and dentry if lock is not in used(file closed), but the dlm lock is still linked in dlm lock resource, then when ba... • https://git.kernel.org/stable/c/1434cd71ad9f3a6beda3036972983b6c4869207c •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49336 – drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
https://notcve.org/view.php?id=CVE-2022-49336
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem When the mapping is already reaped the unmap must be a no-op, as we would otherwise try to remove the mapping twice, corrupting the involved data structures. In the Linux kernel, the following vulnerability has been resolved: drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem When the mapping is already reaped the unmap must be a no-op, as we would otherwise try ... • https://git.kernel.org/stable/c/19323b3671a85788569d15685c8f83a05ec48cbb •
CVSS: 7.1EPSS: %CPEs: 9EXPL: 0CVE-2022-49335 – drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
https://notcve.org/view.php?id=CVE-2022-49335
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. Submitting a cs with 0 chunks, causes an oops later, found trying to execute the wrong userspace driver. MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo [172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8 [172536.665188] #PF: supervisor read access in kernel mode [172536.665189] #PF: error_code(0x0000) - not-present page [172536.665191] PGD 6712a0067 P4D 6712a... • https://git.kernel.org/stable/c/8189f44270db1be78169e11eec51a3eeb980bc63 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49334 – mm/huge_memory: Fix xarray node memory leak
https://notcve.org/view.php?id=CVE-2022-49334
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: Fix xarray node memory leak If xas_split_alloc() fails to allocate the necessary nodes to complete the xarray entry split, it sets the xa_state to -ENOMEM, which xas_nomem() then interprets as "Please allocate more memory", not as "Please free any unnecessary memory" (which was the intended outcome). It's confusing to use xas_nomem() to free memory in this context, so call xas_destroy() instead. In the Linux kernel, the foll... • https://git.kernel.org/stable/c/6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2022-49333 – net/mlx5: E-Switch, pair only capable devices
https://notcve.org/view.php?id=CVE-2022-49333
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, pair only capable devices OFFLOADS paring using devcom is possible only on devices that support LAG. Filter based on lag capabilities. This fixes an issue where mlx5_get_next_phys_dev() was called without holding the interface lock. This issue was found when commit bc4c2f2e0179 ("net/mlx5: Lag, filter non compatible devices") added an assert that verifies the interface lock is held. WARNING: CPU: 9 PID: 1706 at drivers/n... • https://git.kernel.org/stable/c/dd3fddb82780bfa24124834edd90bbc63bd689cc •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49332 – scsi: lpfc: Address NULL pointer dereference after starget_to_rport()
https://notcve.org/view.php?id=CVE-2022-49332
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Address NULL pointer dereference after starget_to_rport() Calls to starget_to_rport() may return NULL. Add check for NULL rport before dereference. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Address NULL pointer dereference after starget_to_rport() Calls to starget_to_rport() may return NULL. Add check for NULL rport before dereference. • https://git.kernel.org/stable/c/bb21fc9911eea92afd476f7e64b327716e042a25 •
CVSS: 5.6EPSS: %CPEs: 9EXPL: 0CVE-2022-49331 – nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
https://notcve.org/view.php?id=CVE-2022-49331
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() to those failure paths. In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() to those failure paths. • https://git.kernel.org/stable/c/26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 •
CVSS: 8.5EPSS: %CPEs: 9EXPL: 0CVE-2022-49330 – tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
https://notcve.org/view.php?id=CVE-2022-49330
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd syzbot got a new report [1] finally pointing to a very old bug, added in initial support for MTU probing. tcp_mtu_probe() has checks about starting an MTU probe if tcp_snd_cwnd(tp) >= 11. But nothing prevents tcp_snd_cwnd(tp) to be reduced later and before the MTU probe succeeds. This bug would lead to potential zero-divides. Debugging added in commit 40570375356c ("tcp: add accessors to rea... • https://git.kernel.org/stable/c/5d424d5a674f782d0659a3b66d951f412901faee •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2022-49329 – vduse: Fix NULL pointer dereference on sysfs access
https://notcve.org/view.php?id=CVE-2022-49329
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vduse: Fix NULL pointer dereference on sysfs access The control device has no drvdata. So we will get a NULL pointer dereference when accessing control device's msg_timeout attribute via sysfs: [ 132.841881][ T3644] BUG: kernel NULL pointer dereference, address: 00000000000000f8 [ 132.850619][ T3644] RIP: 0010:msg_timeout_show (drivers/vdpa/vdpa_user/vduse_dev.c:1271) [ 132.869447][ T3644] dev_attr_show (drivers/base/core.c:2094) [ 132.8702... • https://git.kernel.org/stable/c/c8a6153b6c59d95c0e091f053f6f180952ade91e •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2022-49328 – mt76: fix use-after-free by removing a non-RCU wcid pointer
https://notcve.org/view.php?id=CVE-2022-49328
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: fix use-after-free by removing a non-RCU wcid pointer Fixes an issue caught by KASAN about use-after-free in mt76_txq_schedule by protecting mtxq->wcid with rcu_lock between mt76_txq_schedule and sta_info_[alloc, free]. [18853.876689] ================================================================== [18853.876751] BUG: KASAN: use-after-free in mt76_txq_schedule+0x204/0xaf8 [mt76] [18853.876773] Read of size 8 at addr ffffffaf989a2138... • https://git.kernel.org/stable/c/7bc04215a66b60e198aecaee8418f6d79fa19faa •