CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49274 – ocfs2: fix crash when mount with quota enabled
https://notcve.org/view.php?id=CVE-2022-49274
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix crash when mount with quota enabled There is a reported crash when mounting ocfs2 with quota enabled. RIP: 0010:ocfs2_qinfo_lock_res_init+0x44/0x50 [ocfs2] Call Trace: ocfs2_local_read_info+0xb9/0x6f0 [ocfs2] dquot_load_quota_sb+0x216/0x470 dquot_load_quota_inode+0x85/0x100 ocfs2_enable_quotas+0xa0/0x1c0 [ocfs2] ocfs2_fill_super.cold+0xc8/0x1bf [ocfs2] mount_bdev+0x185/0x1b0 legacy_get_tree+0x27/0x40 vfs_get_tree+0x25/0xb0 path_m... • https://git.kernel.org/stable/c/6c85c2c728193d19d6a908ae9fb312d0325e65ca •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49273 – rtc: pl031: fix rtc features null pointer dereference
https://notcve.org/view.php?id=CVE-2022-49273
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtc: pl031: fix rtc features null pointer dereference When there is no interrupt line, rtc alarm feature is disabled. The clearing of the alarm feature bit was being done prior to allocations of ldata->rtc device, resulting in a null pointer dereference. Clear RTC_FEATURE_ALARM after the rtc device is allocated. • https://git.kernel.org/stable/c/d9b0dd54a1943f47a381a474f8ea2c94466110c0 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49272 – ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
https://notcve.org/view.php?id=CVE-2022-49272
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock syzbot caught a potential deadlock between the PCM runtime->buffer_mutex and the mm->mmap_lock. It was brought by the recent fix to cover the racy read/write and other ioctls, and in that commit, I overlooked a (hopefully only) corner case that may take the revert lock, namely, the OSS mmap. The OSS mmap operation exceptionally allows to re-configure the parameters inside t... • https://git.kernel.org/stable/c/8527c8f052fb42091c6569cb928e472376a4a889 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49271 – cifs: prevent bad output lengths in smb2_ioctl_query_info()
https://notcve.org/view.php?id=CVE-2022-49271
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: prevent bad output lengths in smb2_ioctl_query_info() When calling smb2_ioctl_query_info() with smb_query_info::flags=PASSTHRU_FSCTL and smb_query_info::output_buffer_length=0, the following would return 0x10 buffer = memdup_user(arg + sizeof(struct smb_query_info), qi.output_buffer_length); if (IS_ERR(buffer)) { kfree(vars); return PTR_ERR(buffer); } rather than a valid pointer thus making IS_ERR() check fail. This would then cause a... • https://git.kernel.org/stable/c/9963ccea6087268e1275b992dca5d0dd4b938765 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49270 – dm: fix use-after-free in dm_cleanup_zoned_dev()
https://notcve.org/view.php?id=CVE-2022-49270
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm: fix use-after-free in dm_cleanup_zoned_dev() dm_cleanup_zoned_dev() uses queue, so it must be called before blk_cleanup_disk() starts its killing: blk_cleanup_disk->blk_cleanup_queue()->kobject_put()->blk_release_queue()-> ->...RCU...->blk_free_queue_rcu()->kmem_cache_free() Otherwise, RCU callback may be executed first and dm_cleanup_zoned_dev() will touch free'd memory: BUG: KASAN: use-after-free in dm_cleanup_zoned_dev+0x33/0xd0 Read... • https://git.kernel.org/stable/c/bb37d77239af25cde59693dbe3fac04dd17d7b29 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49269 – can: isotp: sanitize CAN ID checks in isotp_bind()
https://notcve.org/view.php?id=CVE-2022-49269
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: isotp: sanitize CAN ID checks in isotp_bind() Syzbot created an environment that lead to a state machine status that can not be reached with a compliant CAN ID address configuration. The provided address information consisted of CAN ID 0x6000001 and 0xC28001 which both boil down to 11 bit CAN IDs 0x001 in sending and receiving. Sanitize the SFF/EFF CAN ID values before performing the address checks. • https://git.kernel.org/stable/c/e057dd3fc20ffb3d7f150af46542a51b59b90127 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49268 – ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
https://notcve.org/view.php?id=CVE-2022-49268
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM Do not call snd_dma_free_pages() when snd_dma_alloc_pages() returns -ENOMEM because it leads to a NULL pointer dereference bug. The dmesg says: [ T1387] sof-audio-pci-intel-tgl 0000:00:1f.3: error: memory alloc failed: -12 [ T1387] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ T1387] #PF: supervisor read access in kernel mode [ T1387] #PF: error_code(0x0000) - not-pr... • https://git.kernel.org/stable/c/d16046ffa6de040bf580a64d5f4d0aa18258a854 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49267 – mmc: core: use sysfs_emit() instead of sprintf()
https://notcve.org/view.php?id=CVE-2022-49267
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. • https://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49266 – block: fix rq-qos breakage from skipping rq_qos_done_bio()
https://notcve.org/view.php?id=CVE-2022-49266
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: fix rq-qos breakage from skipping rq_qos_done_bio() a647a524a467 ("block: don't call rq_qos_ops->done_bio if the bio isn't tracked") made bio_endio() skip rq_qos_done_bio() if BIO_TRACKED is not set. While this fixed a potential oops, it also broke blk-iocost by skipping the done_bio callback for merged bios. Before, whether a bio goes through rq_qos_throttle() or rq_qos_merge(), rq_qos_done_bio() would be called on the bio on comple... • https://git.kernel.org/stable/c/a647a524a46736786c95cdb553a070322ca096e3 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49265 – PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()
https://notcve.org/view.php?id=CVE-2022-49265
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() When a genpd with GENPD_FLAG_IRQ_SAFE gets removed, the following sleep-in-atomic bug will be seen, as genpd_debug_remove() will be called with a spinlock being held. [ 0.029183] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1460 [ 0.029204] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0 [ 0.029219] preempt_count: ... • https://git.kernel.org/stable/c/718072ceb211833f3c71724f49d733d636067191 •