CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49208 – RDMA/irdma: Prevent some integer underflows
https://notcve.org/view.php?id=CVE-2022-49208
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Prevent some integer underflows My static checker complains that: drivers/infiniband/hw/irdma/ctrl.c:3605 irdma_sc_ceq_init() warn: can subtract underflow 'info->dev->hmc_fpm_misc.max_ceqs'? It appears that "info->dev->hmc_fpm_misc.max_ceqs" comes from the firmware in irdma_sc_parse_fpm_query_buf() so, yes, there is a chance that it could be zero. Even if we trust the firmware, it's easy enough to change the condition just as a ... • https://git.kernel.org/stable/c/3f49d684256963d3f27dfb9d9ff228e2255be78d •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49207 – bpf, sockmap: Fix memleak in sk_psock_queue_msg
https://notcve.org/view.php?id=CVE-2022-49207
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in sk_psock_queue_msg If tcp_bpf_sendmsg is running during a tear down operation we may enqueue data on the ingress msg queue while tear down is trying to free it. sk1 (redirect sk2) sk2 ------------------- --------------- tcp_bpf_sendmsg() tcp_bpf_send_verdict() tcp_bpf_sendmsg_redir() bpf_tcp_ingress() sock_map_close() lock_sock() lock_sock() ... blocking sk_psock_stop sk_psock_clear_state(psock, SK_PSOCK_TX_ENAB... • https://git.kernel.org/stable/c/9635720b7c88592214562cb72605bdab6708006c •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49206 – RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
https://notcve.org/view.php?id=CVE-2022-49206
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in error flow for subscribe event routine In case the second xa_insert() fails, the obj_event is not released. Fix the error unwind flow to free that memory to avoid a memory leak. • https://git.kernel.org/stable/c/7597385371425febdaa8c6a1da3625d4ffff16f5 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49205 – bpf, sockmap: Fix double uncharge the mem of sk_msg
https://notcve.org/view.php?id=CVE-2022-49205
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix double uncharge the mem of sk_msg If tcp_bpf_sendmsg is running during a tear down operation, psock may be freed. tcp_bpf_sendmsg() tcp_bpf_send_verdict() sk_msg_return() tcp_bpf_sendmsg_redir() unlikely(!psock)) sk_msg_free() The mem of msg has been uncharged in tcp_bpf_send_verdict() by sk_msg_return(), and would be uncharged by sk_msg_free() again. When psock is null, we can simply returning an error code, this would th... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49204 – bpf, sockmap: Fix more uncharged while msg has more_data
https://notcve.org/view.php?id=CVE-2022-49204
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix more uncharged while msg has more_data In tcp_bpf_send_verdict(), if msg has more data after tcp_bpf_sendmsg_redir(): tcp_bpf_send_verdict() tosend = msg->sg.size //msg->sg.size = 22220 case __SK_REDIRECT: sk_msg_return() //uncharged msg->sg.size(22220) sk->sk_forward_alloc tcp_bpf_sendmsg_redir() //after tcp_bpf_sendmsg_redir, msg->sg.size=11000 goto more_data; tosend = msg->sg.size //msg->sg.size = 11000 case __SK_REDIRE... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49202 – Bluetooth: hci_uart: add missing NULL check in h5_enqueue
https://notcve.org/view.php?id=CVE-2022-49202
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: add missing NULL check in h5_enqueue Syzbot hit general protection fault in __pm_runtime_resume(). The problem was in missing NULL check. hu->serdev can be NULL and we should not blindly pass &serdev->dev somewhere, since it will cause GPF. • https://git.kernel.org/stable/c/d9dd833cf6d29695682ec7e7924c0d0992b906bc •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49201 – ibmvnic: fix race between xmit and reset
https://notcve.org/view.php?id=CVE-2022-49201
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnic_xmit() accessing an scrq after it has been freed in the reset path. It can result in a crash like: Kernel attempted to read user page (0) - exploit attempt? (uid: 0) BUG: Kernel NULL pointer dereference on read at 0x00000000 Faulting instruction address: 0xc0080000016189f8 Oops: Kernel access of bad area, sig: 11 [#1] ... N... • https://git.kernel.org/stable/c/7ed5b31f4a6695a21f617df07646e9b15c6c1d29 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49200 – Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
https://notcve.org/view.php?id=CVE-2022-49200
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt Fix the following kernel oops in btmtksdio_interrrupt [ 14.339134] btmtksdio_interrupt+0x28/0x54 [ 14.339139] process_sdio_pending_irqs+0x68/0x1a0 [ 14.339144] sdio_irq_work+0x40/0x70 [ 14.339154] process_one_work+0x184/0x39c [ 14.339160] worker_thread+0x228/0x3e8 [ 14.339168] kthread+0x148/0x3ac [ 14.339176] ret_from_fork+0x10/0x30 That happened because hdev->power_on is already ... • https://git.kernel.org/stable/c/9aebfd4a2200ab8075e44379c758bccefdc589bb •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49199 – RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit()
https://notcve.org/view.php?id=CVE-2022-49199
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() This code checks "index" for an upper bound but it does not check for negatives. Change the type to unsigned to prevent underflows. • https://git.kernel.org/stable/c/3c3c1f1416392382faa0238e76a70d7810aab2ef •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49198 – mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
https://notcve.org/view.php?id=CVE-2022-49198
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb Got crash when doing pressure test of mptcp: =========================================================================== dst_release: dst:ffffa06ce6e5c058 refcnt:-1 kernel tried to execute NX-protected page - exploit attempt? (uid: 0) BUG: unable to handle kernel paging request at ffffa06ce6e5c058 PGD 190a01067 P4D 190a01067 PUD 43fffb067 PMD 22e403063 PTE 8000000... • https://git.kernel.org/stable/c/f70cad1085d1e01d3ec73c1078405f906237feee •