CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49100 – virtio_console: eliminate anonymous module_init & module_exit
https://notcve.org/view.php?id=CVE-2022-49100
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_console: eliminate anonymous module_init & module_exit Eliminate anonymous module_init() and module_exit(), which can lead to confusion or ambiguity when reading System.map, crashes/oops/bugs, or an initcall_debug log. Give each of these init and exit functions unique driver-specific names to eliminate the anonymous names. Example 1: (System.map) ffffffff832fc78c t init ffffffff832fc79e t init ffffffff832fc8f8 t init Example 2: (init... • https://git.kernel.org/stable/c/93e3d88321d2274fa4e26b006e19cc10fec331c2 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49098 – Drivers: hv: vmbus: Fix potential crash on module unload
https://notcve.org/view.php?id=CVE-2022-49098
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix potential crash on module unload The vmbus driver relies on the panic notifier infrastructure to perform some operations when a panic event is detected. Since vmbus can be built as module, it is required that the driver handles both registering and unregistering such panic notifier callback. After commit 74347a99e73a ("x86/Hyper-V: Unload vmbus channel in hv panic callback") though, the panic notifier registration is... • https://git.kernel.org/stable/c/5e059fc0f054309036d3f612bc8b0a502ca58545 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49097 – NFS: Avoid writeback threads getting stuck in mempool_alloc()
https://notcve.org/view.php?id=CVE-2022-49097
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempool_alloc() In a low memory situation, allow the NFS writeback code to fail without getting stuck in infinite loops in mempool_alloc(). • https://git.kernel.org/stable/c/c74e2f6ecc51bd08bb5b0335477dba954a50592e •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49096 – net: sfc: add missing xdp queue reinitialization
https://notcve.org/view.php?id=CVE-2022-49096
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sfc: add missing xdp queue reinitialization After rx/tx ring buffer size is changed, kernel panic occurs when it acts XDP_TX or XDP_REDIRECT. When tx/rx ring buffer size is changed(ethtool -G), sfc driver reallocates and reinitializes rx and tx queues and their buffer (tx_queue->buffer). But it misses reinitializing xdp queues(efx->xdp_tx_queues). So, while it is acting XDP_TX or XDP_REDIRECT, it uses the uninitialized tx_queue->buffer... • https://git.kernel.org/stable/c/3990a8fffbdad5765f47ea593f9de66c91762059 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49095 – scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
https://notcve.org/view.php?id=CVE-2022-49095
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() The error handling path of the probe releases a resource that is not freed in the remove function. In some cases, a ioremap() must be undone. Add the missing iounmap() call in the remove function. • https://git.kernel.org/stable/c/45804fbb00eea27bdf4d62751681228a9e2844e9 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49094 – net/tls: fix slab-out-of-bounds bug in decrypt_internal
https://notcve.org/view.php?id=CVE-2022-49094
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decrypt_internal The memory size of tls_ctx->rx.iv for AES128-CCM is 12 setting in tls_set_sw_offload(). The return value of crypto_aead_ivsize() for "ccm(aes)" is 16. So memcpy() require 16 bytes from 12 bytes memory space will trigger slab-out-of-bounds bug as following: ================================================================== BUG: KASAN: slab-out-of-bounds in decrypt_internal+0x385/0xc40 [... • https://git.kernel.org/stable/c/f295b3ae9f5927e084bd5decdff82390e3471801 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49092 – net: ipv4: fix route with nexthop object delete warning
https://notcve.org/view.php?id=CVE-2022-49092
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix route with nexthop object delete warning FRR folks have hit a kernel warning[1] while deleting routes[2] which is caused by trying to delete a route pointing to a nexthop id without specifying nhid but matching on an interface. That is, a route is found but we hit a warning while matching it. The warning is from fib_info_nh() in include/net/nexthop.h because we run it on a fib_info with nexthop object. The call chain is: inet... • https://git.kernel.org/stable/c/4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49091 – drm/imx: Fix memory leak in imx_pd_connector_get_modes
https://notcve.org/view.php?id=CVE-2022-49091
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/imx: Fix memory leak in imx_pd_connector_get_modes Avoid leaking the display mode variable if of_get_drm_display_mode fails. Addresses-Coverity-ID: 1443943 ("Resource leak") • https://git.kernel.org/stable/c/76ecd9c9fb24b014a6f33fbb1287ede3be12158b •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49089 – IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
https://notcve.org/view.php?id=CVE-2022-49089
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition The documentation of the function rvt_error_qp says both r_lock and s_lock need to be held when calling that function. It also asserts using lockdep that both of those locks are held. However, the commit I referenced in Fixes accidentally makes the call to rvt_error_qp in rvt_ruc_loopback no longer covered by r_lock. This results in the lockdep assertion failing and als... • https://git.kernel.org/stable/c/d757c60eca9b22f4d108929a24401e0fdecda0b1 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49088 – dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
https://notcve.org/view.php?id=CVE-2022-49088
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe This node pointer is returned by of_find_compatible_node() with refcount incremented. Calling of_node_put() to aovid the refcount leak. • https://git.kernel.org/stable/c/d346c9e86d8685d7cdceddf5b2e9c4376334620c •