CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49207 – bpf, sockmap: Fix memleak in sk_psock_queue_msg
https://notcve.org/view.php?id=CVE-2022-49207
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in sk_psock_queue_msg If tcp_bpf_sendmsg is running during a tear down operation we may enqueue data on the ingress msg queue while tear down is trying to free it. sk1 (redirect sk2) sk2 ------------------- --------------- tcp_bpf_sendmsg() tcp_bpf_send_verdict() tcp_bpf_sendmsg_redir() bpf_tcp_ingress() sock_map_close() lock_sock() lock_sock() ... blocking sk_psock_stop sk_psock_clear_state(psock, SK_PSOCK_TX_ENAB... • https://git.kernel.org/stable/c/9635720b7c88592214562cb72605bdab6708006c •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49206 – RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
https://notcve.org/view.php?id=CVE-2022-49206
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in error flow for subscribe event routine In case the second xa_insert() fails, the obj_event is not released. Fix the error unwind flow to free that memory to avoid a memory leak. • https://git.kernel.org/stable/c/7597385371425febdaa8c6a1da3625d4ffff16f5 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49205 – bpf, sockmap: Fix double uncharge the mem of sk_msg
https://notcve.org/view.php?id=CVE-2022-49205
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix double uncharge the mem of sk_msg If tcp_bpf_sendmsg is running during a tear down operation, psock may be freed. tcp_bpf_sendmsg() tcp_bpf_send_verdict() sk_msg_return() tcp_bpf_sendmsg_redir() unlikely(!psock)) sk_msg_free() The mem of msg has been uncharged in tcp_bpf_send_verdict() by sk_msg_return(), and would be uncharged by sk_msg_free() again. When psock is null, we can simply returning an error code, this would th... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49204 – bpf, sockmap: Fix more uncharged while msg has more_data
https://notcve.org/view.php?id=CVE-2022-49204
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix more uncharged while msg has more_data In tcp_bpf_send_verdict(), if msg has more data after tcp_bpf_sendmsg_redir(): tcp_bpf_send_verdict() tosend = msg->sg.size //msg->sg.size = 22220 case __SK_REDIRECT: sk_msg_return() //uncharged msg->sg.size(22220) sk->sk_forward_alloc tcp_bpf_sendmsg_redir() //after tcp_bpf_sendmsg_redir, msg->sg.size=11000 goto more_data; tosend = msg->sg.size //msg->sg.size = 11000 case __SK_REDIRE... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49202 – Bluetooth: hci_uart: add missing NULL check in h5_enqueue
https://notcve.org/view.php?id=CVE-2022-49202
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: add missing NULL check in h5_enqueue Syzbot hit general protection fault in __pm_runtime_resume(). The problem was in missing NULL check. hu->serdev can be NULL and we should not blindly pass &serdev->dev somewhere, since it will cause GPF. • https://git.kernel.org/stable/c/d9dd833cf6d29695682ec7e7924c0d0992b906bc •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49201 – ibmvnic: fix race between xmit and reset
https://notcve.org/view.php?id=CVE-2022-49201
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnic_xmit() accessing an scrq after it has been freed in the reset path. It can result in a crash like: Kernel attempted to read user page (0) - exploit attempt? (uid: 0) BUG: Kernel NULL pointer dereference on read at 0x00000000 Faulting instruction address: 0xc0080000016189f8 Oops: Kernel access of bad area, sig: 11 [#1] ... N... • https://git.kernel.org/stable/c/7ed5b31f4a6695a21f617df07646e9b15c6c1d29 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49200 – Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
https://notcve.org/view.php?id=CVE-2022-49200
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt Fix the following kernel oops in btmtksdio_interrrupt [ 14.339134] btmtksdio_interrupt+0x28/0x54 [ 14.339139] process_sdio_pending_irqs+0x68/0x1a0 [ 14.339144] sdio_irq_work+0x40/0x70 [ 14.339154] process_one_work+0x184/0x39c [ 14.339160] worker_thread+0x228/0x3e8 [ 14.339168] kthread+0x148/0x3ac [ 14.339176] ret_from_fork+0x10/0x30 That happened because hdev->power_on is already ... • https://git.kernel.org/stable/c/9aebfd4a2200ab8075e44379c758bccefdc589bb •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49199 – RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit()
https://notcve.org/view.php?id=CVE-2022-49199
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() This code checks "index" for an upper bound but it does not check for negatives. Change the type to unsigned to prevent underflows. • https://git.kernel.org/stable/c/3c3c1f1416392382faa0238e76a70d7810aab2ef •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49198 – mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
https://notcve.org/view.php?id=CVE-2022-49198
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb Got crash when doing pressure test of mptcp: =========================================================================== dst_release: dst:ffffa06ce6e5c058 refcnt:-1 kernel tried to execute NX-protected page - exploit attempt? (uid: 0) BUG: unable to handle kernel paging request at ffffa06ce6e5c058 PGD 190a01067 P4D 190a01067 PUD 43fffb067 PMD 22e403063 PTE 8000000... • https://git.kernel.org/stable/c/f70cad1085d1e01d3ec73c1078405f906237feee •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49197 – af_netlink: Fix shift out of bounds in group mask calculation
https://notcve.org/view.php?id=CVE-2022-49197
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: af_netlink: Fix shift out of bounds in group mask calculation When a netlink message is received, netlink_recvmsg() fills in the address of the sender. One of the fields is the 32-bit bitfield nl_groups, which carries the multicast group on which the message was received. The least significant bit corresponds to group 1, and therefore the highest group that the field can represent is 32. Above that, the UB sanitizer flags the out-of-bounds ... • https://git.kernel.org/stable/c/f7fa9b10edbb9391bdd4ec8e8b3d621d0664b198 •