CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2022-49540 – rcu-tasks: Fix race in schedule and flush work
https://notcve.org/view.php?id=CVE-2022-49540
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix race in schedule and flush work While booting secondary CPUs, cpus_read_[lock/unlock] is not keeping online cpumask stable. The transient online mask results in below calltrace. [ 0.324121] CPU1: Booted secondary processor 0x0000000001 [0x410fd083] [ 0.346652] Detected PIPT I-cache on CPU2 [ 0.347212] CPU2: Booted secondary processor 0x0000000002 [0x410fd083] [ 0.377255] Detected PIPT I-cache on CPU3 [ 0.377823] CPU3: Booted ... • https://git.kernel.org/stable/c/1c6c3f2336642fb3074593911f5176565f47ec41 •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49539 – rtw89: ser: fix CAM leaks occurring in L2 reset
https://notcve.org/view.php?id=CVE-2022-49539
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtw89: ser: fix CAM leaks occurring in L2 reset The CAM, meaning address CAM and bssid CAM here, will get leaks during SER (system error recover) L2 reset process and ieee80211_restart_hw() which is called by L2 reset process eventually. The normal flow would be like -> add interface (acquire 1) -> enter ips (release 1) -> leave ips (acquire 1) -> connection (occupy 1) <(A) 1 leak after L2 reset if non-sec connection> The ieee80211_restart_... • https://git.kernel.org/stable/c/f6aff772c9978844529618d86aafb53e5d3ae161 •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2022-49538 – ALSA: jack: Access input_dev under mutex
https://notcve.org/view.php?id=CVE-2022-49538
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_report, which causes NULL pointer dereference. In order to prevent this serialize access to input_dev using mutex lock. In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_repo... • https://git.kernel.org/stable/c/74bab3bcf422593c582e47130aa8eb41ebb2dc09 •
CVSS: 7.1EPSS: %CPEs: 4EXPL: 0CVE-2022-49537 – scsi: lpfc: Fix call trace observed during I/O with CMF enabled
https://notcve.org/view.php?id=CVE-2022-49537
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smp_processor_id() in preemptible code: systemd-udevd/31711 kernel: caller is lpfc_update_cmf_cmd+0x214/0x420 [lpfc] kernel: CPU: 12 PID: 31711 Comm: systemd-udevd kernel: Call Trace: kernel:
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2022-49536 – scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
https://notcve.org/view.php?id=CVE-2022-49536
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: native_queued_spin_lock_slowpath+0x192 _raw_spin_lock_irqsave+0x32 lpfc_handle_fcp_err+0x4c6 lpfc_fcp_io_cmd_wqe_cmpl+0x964 lpfc_sli4_fp_handle_cqe+0x266 __lpfc_sli4_process_cq+0x105 __lpfc_sli4_hba_process_cq+0x3c lpfc_cq_poll_hdler+0x16 irq_poll_softirq+0x76 __softirqentry_text_start+0xe4 ir... • https://git.kernel.org/stable/c/7625e81de2164a082810e1f27547d388406da610 •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49535 – scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
https://notcve.org/view.php?id=CVE-2022-49535
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfc_issue_els_flogi() fails and returns non-zero status, the node reference count is decremented to trigger the release of the nodelist structure. However, if there is a prior registration or dev-loss-evt work pending, the node may be released prematurely. When dev-loss-evt completes, the released node is referenced causing a use-after-free null pointer dere... • https://git.kernel.org/stable/c/10663ebec0ad5c78493a0dd34c9ee4d73d7ca0df •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49534 – scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
https://notcve.org/view.php?id=CVE-2022-49534
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s login_mbox). Check if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(), and then free it back to phba->mbox_mem_pool along with mbox->ctx_buf for service parameters. For lpfc_els_rsp_reject() failure, free both the ctx_... • https://git.kernel.org/stable/c/c00df0f34a6d5e14da379f96ea67e501ce67b002 •
CVSS: 6.5EPSS: %CPEs: 9EXPL: 0CVE-2022-49532 – drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
https://notcve.org/view.php?id=CVE-2022-49532
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: [ 168.567394] FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 [ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1 [ 168.567406] Hardware name... • https://git.kernel.org/stable/c/e0828456578cc8ba0a69147f7ae3428392eec287 •
CVSS: 5.6EPSS: %CPEs: 2EXPL: 0CVE-2022-49531 – loop: implement ->free_disk
https://notcve.org/view.php?id=CVE-2022-49531
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: implement ->free_disk Ensure that the lo_device which is stored in the gendisk private data is valid until the gendisk is freed. Currently the loop driver uses a lot of effort to make sure a device is not freed when it is still in use, but to to fix a potential deadlock this will be relaxed a bit soon. In the Linux kernel, the following vulnerability has been resolved: loop: implement ->free_disk Ensure that the lo_device which is sto... • https://git.kernel.org/stable/c/aadd1443aae7fe8956e3b11157827067f034406a •
CVSS: 7.8EPSS: %CPEs: 9EXPL: 0CVE-2022-49530 – drm/amd/pm: fix double free in si_parse_power_table()
https://notcve.org/view.php?id=CVE-2022-49530
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix double free in si_parse_power_table() In function si_parse_power_table(), array adev->pm.dpm.ps and its member is allocated. If the allocation of each member fails, the array itself is freed and returned with an error code. However, the array is later freed again in si_dpm_fini() function which is called when the function returns an error. This leads to potential double free of the array adev->pm.dpm.ps, as well as leak of i... • https://git.kernel.org/stable/c/2615464854505188f909d0c07c37a6623693b5c7 •