CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49061 – net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
https://notcve.org/view.php?id=CVE-2022-49061
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link When using a fixed-link, the altr_tse_pcs driver crashes due to null-pointer dereference as no phy_device is provided to tse_pcs_fix_mac_speed function. Fix this by adding a check for phy_dev before calling the tse_pcs_fix_mac_speed() function. Also clean up the tse_pcs_fix_mac_speed function a bit. There is no need to check for splitter_base and sgmii_adapter_base bec... • https://git.kernel.org/stable/c/fb3bbdb859891e6bc27fd1afb3a07319f82c2ee4 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49060 – net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
https://notcve.org/view.php?id=CVE-2022-49060
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() dev_name() was called with dev.parent as argument but without to NULL-check it before. Solve this by checking the pointer before the call to dev_name(). • https://git.kernel.org/stable/c/af5f60c7e3d593c2fa31b9a62c16eae75f074de3 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49059 – nfc: nci: add flush_workqueue to prevent uaf
https://notcve.org/view.php?id=CVE-2022-49059
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flush_workqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism (timer and workqueue). The race can be demonstrated below: Thread-1 Thread-2 | nci_dev_up() | nci_open_device() | __nci_request(nci_reset_req) | nci_send_cmd | queue_work(cmd_work) nci_unregister_device() | nci_close_device()... • https://git.kernel.org/stable/c/6a2968aaf50c7a22fced77a5e24aa636281efca8 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49058 – cifs: potential buffer overflow in handling symlinks
https://notcve.org/view.php?id=CVE-2022-49058
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'link_len' as untrusted since it comes from sscanf(). Add a check to ensure that 'link_len' is not larger than the size of the 'link_str' buffer. • https://git.kernel.org/stable/c/c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49055 – drm/amdkfd: Check for potential null return of kmalloc_array()
https://notcve.org/view.php?id=CVE-2022-49055
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmalloc_array() As the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference. Therefore, it is better to check the return value of kmalloc_array() to avoid this confusion. • https://git.kernel.org/stable/c/32cf90a521dcc0f136db7ee5ba32bfe5f79e460e •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49054 – Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests
https://notcve.org/view.php?id=CVE-2022-49054
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests hv_panic_page might contain guest-sensitive information, do not dump it over to Hyper-V by default in isolated guests. While at it, update some comments in hyperv_{panic,die}_event(). • https://git.kernel.org/stable/c/1b576e81d31b56b248316b8ff816b1cc5c4407c7 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49053 – scsi: target: tcmu: Fix possible page UAF
https://notcve.org/view.php?id=CVE-2022-49053
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not take refcount properly and just returns page pointer. When tcmu_try_get_data_page() returns, the returned page may have been freed by tcmu_blocks_release(). We need to get_page() under cmdr_lock to avoid concurrent tcmu_blocks_release(). • https://git.kernel.org/stable/c/d7c5d79e50be6e06b669141e3db1f977a0dd4e8e •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49052 – mm: fix unexpected zeroed page mapping with zram swap
https://notcve.org/view.php?id=CVE-2022-49052
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: fix unexpected zeroed page mapping with zram swap Two processes under CLONE_VM cloning, user process can be corrupted by seeing zeroed page unexpectedly. CPU A CPU B do_swap_page do_swap_page SWP_SYNCHRONOUS_IO path SWP_SYNCHRONOUS_IO path swap_readpage valid data swap_slot_free_notify delete zram entry swap_readpage zeroed(invalid) data pte_lock map the *zero data* to userspace pte_unlock pte_lock if (!pte_same) goto out_nomap; pte_unl... • https://git.kernel.org/stable/c/0bcac06f27d7528591c27ac2b093ccd71c5d0168 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49051 – net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
https://notcve.org/view.php?id=CVE-2022-49051
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup aqc111_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The metadata array (desc_offset..desc_offset+2*pkt_count) can be out of bounds, causing OOB reads and (on big-endian systems) OOB endianness flips. - A packet can overlap the metadata array, causing a later OOB endianness flip to corrupt data used ... • https://git.kernel.org/stable/c/404998a137bcb8a926f7c949030afbe285472593 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49050 – memory: renesas-rpc-if: fix platform-device leak in error path
https://notcve.org/view.php?id=CVE-2022-49050
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: memory: renesas-rpc-if: fix platform-device leak in error path Make sure to free the flash platform device in the event that registration fails during probe. • https://git.kernel.org/stable/c/ca7d8b980b67f133317525c4273e144116ee1ae5 •