CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49347 – ext4: fix bug_on in ext4_writepages
https://notcve.org/view.php?id=CVE-2022-49347
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in ext4_writepages we got issue as follows: EXT4-fs error (device loop0): ext4_mb_generate_buddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------[ cut here ]------------ kernel BUG at fs/ext4/inode.c:2708! invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 2 PID: 2147 Comm: rep Not tainted 5.18.0-rc2-next-20220413+ #155 RIP: 0010:ext4_writepages+0x1977/0x1c10 RSP: 0018:ffff8881... • https://git.kernel.org/stable/c/19918ec7717d87d5ab825884a46b26b21375d7ce •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49346 – net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
https://notcve.org/view.php?id=CVE-2022-49346
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list Every iteration of for_each_available_child_of_node() decrements the reference count of the previous node. when breaking early from a for_each_available_child_of_node() loop, we need to explicitly call of_node_put() on the gphy_fw_np. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: Fix... • https://git.kernel.org/stable/c/14fceff4771e51b23b4485b575cf9e5b3414b89b •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49345 – net: xfrm: unexport __init-annotated xfrm4_protocol_init()
https://notcve.org/view.php?id=CVE-2022-49345
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: xfrm: unexport __init-annotated xfrm4_protocol_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next bui... • https://git.kernel.org/stable/c/2f32b51b609faea1e40bb8c5bd305f1351740936 •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2022-49344 – af_unix: Fix a data-race in unix_dgram_peer_wake_me().
https://notcve.org/view.php?id=CVE-2022-49344
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s lock held and check if its receive queue is full. Here we need to use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise KCSAN will report a data-race. In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_d... • https://git.kernel.org/stable/c/7d267278a9ece963d77eefec61630223fce08c6c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49343 – ext4: avoid cycles in directory h-tree
https://notcve.org/view.php?id=CVE-2022-49343
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already verified under its hands while doing a node split and consequently accessing unallocated memory. Fix the problem by verifying traversed block numbers are unique. In the Linux kernel, the following vulnerability has been resolved: ext4:... • https://git.kernel.org/stable/c/24b8206fec1db21d7e82f21f0b2ff5e5672cf5b3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49342 – net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register
https://notcve.org/view.php?id=CVE-2022-49342
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register of_get_child_by_name() returns a node pointer with refcount incr... • https://git.kernel.org/stable/c/55954f3bfdacc5908515b0c306cea23e77fab740 •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49341 – bpf, arm64: Clear prog->jited_len along prog->jited
https://notcve.org/view.php?id=CVE-2022-49341
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog->jited_len along prog->jited syzbot reported an illegal copy_to_user() attempt from bpf_prog_get_info_by_fd() [1] There was no repro yet on this bug, but I think that commit 0aef499f3172 ("mm/usercopy: Detect vmalloc overruns") is exposing a prior bug in bpf arm64. bpf_prog_get_info_by_fd() looks at prog->jited_len to determine if the JIT image can be copied out to user space. My theory is that syzbot managed to get a... • https://git.kernel.org/stable/c/db496944fdaaf2a67d2f60529f5dc23abf809506 •
CVSS: 3.6EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49340 – ip_gre: test csum_start instead of transport header
https://notcve.org/view.php?id=CVE-2022-49340
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ip_gre: test csum_start instead of transport header GRE with TUNNEL_CSUM will apply local checksum offload on CHECKSUM_PARTIAL packets. ipgre_xmit must validate csum_start after an optional skb_pull, else lco_csum may trigger an overflow. The original check was if (csum && skb_checksum_start(skb) < skb->data) return -EINVAL; This had false positives when skb_checksum_start is undefined: when ip_summed is not CHECKSUM_PARTIAL. A discussed re... • https://git.kernel.org/stable/c/774430026bd9a472d08c5d3c33351a782315771a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49339 – net: ipv6: unexport __init-annotated seg6_hmac_init()
https://notcve.org/view.php?id=CVE-2022-49339
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport __init-annotated seg6_hmac_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. ... • https://git.kernel.org/stable/c/bf355b8d2c30a289232042cacc1cfaea4923936c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49338 – net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules
https://notcve.org/view.php?id=CVE-2022-49338
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules CT cleanup assumes that all tc rules were deleted first, and so is free to delete the CT shared resources (e.g the dr_action fwd_action which is shared for all tuples). But currently for uplink, this is happens in reverse, causing the below trace. CT cleanup is called from: mlx5e_cleanup_rep_tx()->mlx5e_cleanup_uplink_rep_tx()-> mlx5e_rep_tc_cleanup()->mlx5e_tc_esw_cleanup()-> m... • https://git.kernel.org/stable/c/d1a3138f7913014e0714cb1d3d44793d76fc38a1 •