CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49155 – scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
https://notcve.org/view.php?id=CVE-2022-49155
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() [ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020 [ 12.332297] caller is qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx] [ 12.338417] CPU: 7 PID: 1020 Comm: systemd-udevd Tainted: G I --------- --- 5.14.0-29.el9.x86_64 #1 [ 12.348827] Hardware name: Dell Inc. PowerEdge R610/0F0XJ6, BIOS 6.6.0 05/22/2018 [ 12.356356] Call Trace: [ 12.35882... • https://git.kernel.org/stable/c/43195a0c620761fbb88db04e2475313855b948a4 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49154 – KVM: SVM: fix panic on out-of-bounds guest IRQ
https://notcve.org/view.php?id=CVE-2022-49154
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guest_irq is coming from KVM_IRQFD API call, it may trigger crash in svm_update_pi_irte() due to out-of-bounds: crash> bt PID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: "vcpu8" #0 [ffffb1ba6707fa40] machine_kexec at ffffffff8565b397 #1 [ffffb1ba6707fa90] __crash_kexec at ffffffff85788a6d #2 [ffffb1ba6707fb58] crash_kexec at ffffffff8578995d #3 [ffffb1ba6707fb70] oops_end at ffffffff85623... • https://git.kernel.org/stable/c/0fb470eb48892e131d10aa3be6915239e65758f3 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49153 – wireguard: socket: free skb in send6 when ipv6 is disabled
https://notcve.org/view.php?id=CVE-2022-49153
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 (size 232): comm "kworker/u17:0", pid 23193, jiffies 4295238848 (age 3464.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49152 – XArray: Fix xas_create_range() when multi-order entry present
https://notcve.org/view.php?id=CVE-2022-49152
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_SHIFT when we call xas_create_range(), xas_create_range() will misinterpret that entry as a node and dereference xa_node->parent, generally leading to a crash that looks something like this: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-... • https://git.kernel.org/stable/c/6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49151 – can: mcba_usb: properly check endpoint type
https://notcve.org/view.php?id=CVE-2022-49151
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. We should check that in endpoint is actually present to prevent this warning. Found pipes are now saved to struct mcba_priv and code uses them directly instead of making pipes in place. Fail log: | usb 5-1: BOGUS urb xfer, pipe 3 != type 1 | WARNING: CPU: 1 PID: 49 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2... • https://git.kernel.org/stable/c/51f3baad7de943780ce0c17bd7975df567dd6e14 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49150 – rtc: gamecube: Fix refcount leak in gamecube_rtc_read_offset_from_sram
https://notcve.org/view.php?id=CVE-2022-49150
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtc: gamecube: Fix refcount leak in gamecube_rtc_read_offset_from_sram The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it when done Add the missing of_node_put() to release the refcount. • https://git.kernel.org/stable/c/86559400b3ef9de93ba50523cffe767c35cd531a •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49149 – rxrpc: Fix call timer start racing with call destruction
https://notcve.org/view.php?id=CVE-2022-49149
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpc_call struct has a timer used to handle various timed events relating to a call. This timer can get started from the packet input routines that are run in softirq mode with just the RCU read lock held. Unfortunately, because only the RCU read lock is held - and neither ref or other lock is taken - the call can start getting destroyed at the same time a packet comes in address... • https://git.kernel.org/stable/c/a158bdd3247b9656df36ba133235fff702e9fdc3 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49148 – watch_queue: Free the page array when watch_queue is dismantled
https://notcve.org/view.php?id=CVE-2022-49148
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: watch_queue: Free the page array when watch_queue is dismantled Commit 7ea1a0124b6d ("watch_queue: Free the alloc bitmap when the watch_queue is torn down") took care of the bitmap, but not the page array. BUG: memory leak unreferenced object 0xffff88810d9bc140 (size 32): comm "syz-executor335", pid 3603, jiffies 4294946994 (age 12.840s) hex dump (first 32 bytes): 40 a7 40 04 00 ea ff ff 00 00 00 00 00 00 00 00 @.@............. 00 00 00 00 ... • https://git.kernel.org/stable/c/c73be61cede5882f9605a852414db559c0ebedfd •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49147 – block: Fix the maximum minor value is blk_alloc_ext_minor()
https://notcve.org/view.php?id=CVE-2022-49147
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: Fix the maximum minor value is blk_alloc_ext_minor() ida_alloc_range(..., min, max, ...) returns values from min to max, inclusive. So, NR_EXT_DEVT is a valid idx returned by blk_alloc_ext_minor(). This is an issue because in device_add_disk(), this value is used in: ddev->devt = MKDEV(disk->major, disk->first_minor); and NR_EXT_DEVT is '(1 << MINORBITS)'. So, should 'disk->first_minor' be NR_EXT_DEVT, it would overflow. • https://git.kernel.org/stable/c/22ae8ce8b89241c94ac00c237752c0ffa37ba5ae •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49146 – virtio: use virtio_device_ready() in virtio_device_restore()
https://notcve.org/view.php?id=CVE-2022-49146
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio: use virtio_device_ready() in virtio_device_restore() After waking up a suspended VM, the kernel prints the following trace for virtio drivers which do not directly call virtio_device_ready() in the .restore: PM: suspend exit irq 22: nobody cared (try booting with the "irqpoll" option) Call Trace: