CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49090 – arch/arm64: Fix topology initialization for core scheduling
https://notcve.org/view.php?id=CVE-2022-49090
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on store_cpu_topology() to call update_siblings_masks() to transfer the toplogy to the various cpu masks. This needs to be done before the call to notify_cpu_starting() which tells the scheduler about each cpu found, otherwise the core scheduling data structures are setup in a way that does not match the actual topology. With smt_mask not setup correctly we bail ... • https://git.kernel.org/stable/c/9edeaea1bc452372718837ed2ba775811baf1ba1 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49089 – IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
https://notcve.org/view.php?id=CVE-2022-49089
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition The documentation of the function rvt_error_qp says both r_lock and s_lock need to be held when calling that function. It also asserts using lockdep that both of those locks are held. However, the commit I referenced in Fixes accidentally makes the call to rvt_error_qp in rvt_ruc_loopback no longer covered by r_lock. This results in the lockdep assertion failing and als... • https://git.kernel.org/stable/c/d757c60eca9b22f4d108929a24401e0fdecda0b1 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49088 – dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
https://notcve.org/view.php?id=CVE-2022-49088
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe This node pointer is returned by of_find_compatible_node() with refcount incremented. Calling of_node_put() to aovid the refcount leak. • https://git.kernel.org/stable/c/d346c9e86d8685d7cdceddf5b2e9c4376334620c •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49087 – rxrpc: fix a race in rxrpc_exit_net()
https://notcve.org/view.php?id=CVE-2022-49087
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix a race in rxrpc_exit_net() Current code can lead to the following race: CPU0 CPU1 rxrpc_exit_net() rxrpc_peer_keepalive_worker() if (rxnet->live) rxnet->live = false; del_timer_sync(&rxnet->peer_keepalive_timer); timer_reduce(&rxnet->peer_keepalive_timer, jiffies + delay); cancel_work_sync(&rxnet->peer_keepalive_work); rxrpc_exit_net() exits while peer_keepalive_timer is still armed, leading to use-after-free. syzbot report was: ... • https://git.kernel.org/stable/c/ace45bec6d77bc061c3c3d8ad99e298ea9800c2b •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49086 – net: openvswitch: fix leak of nested actions
https://notcve.org/view.php?id=CVE-2022-49086
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate memory and store pointers in the internal copy of the actions. So this memory has to be freed while destroying the actions. Currently there are only two such actions: ct() and set(). However, there are many actions that can hold nested lists of actions and ovs_nla_free_flow_actions() just jumps over them leaking the ... • https://git.kernel.org/stable/c/34ae932a40369be6bd6ea97d66b6686361b4370d •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49085 – drbd: Fix five use after free bugs in get_initial_state
https://notcve.org/view.php?id=CVE-2022-49085
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in get_initial_state In get_initial_state, it calls notify_initial_state_done(skb,..) if cb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(), the skb will be freed by nlmsg_free(skb). Then get_initial_state will goto out and the freed skb will be used by return value skb->len, which is a uaf bug. What's worse, the same problem goes even further: skb can also be freed in the notify_*_stat... • https://git.kernel.org/stable/c/a29728463b254ce81ecefdf20c1a02e01d9361da •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49084 – qede: confirm skb is allocated before using
https://notcve.org/view.php?id=CVE-2022-49084
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: qede: confirm skb is allocated before using qede_build_skb() assumes build_skb() always works and goes straight to skb_reserve(). However, build_skb() can fail under memory pressure. This results in a kernel panic because the skb to reserve is NULL. Add a check in case build_skb() failed to allocate and return NULL. The NULL return is handled correctly in callers to qede_build_skb(). • https://git.kernel.org/stable/c/8a8633978b842c88fbcfe00d4e5dde96048f630e •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49083 – iommu/omap: Fix regression in probe for NULL pointer dereference
https://notcve.org/view.php?id=CVE-2022-49083
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/omap: Fix regression in probe for NULL pointer dereference Commit 3f6634d997db ("iommu: Use right way to retrieve iommu_ops") started triggering a NULL pointer dereference for some omap variants: __iommu_probe_device from probe_iommu_group+0x2c/0x38 probe_iommu_group from bus_for_each_dev+0x74/0xbc bus_for_each_dev from bus_iommu_probe+0x34/0x2e8 bus_iommu_probe from bus_set_iommu+0x80/0xc8 bus_set_iommu from omap_iommu_init+0x88/0xcc... • https://git.kernel.org/stable/c/6785eb9105e3363aa51408c700a55e8b5f88fcf6 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49082 – scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()
https://notcve.org/view.php?id=CVE-2022-49082
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() The function mpt3sas_transport_port_remove() called in _scsih_expander_node_remove() frees the port field of the sas_expander structure, leading to the following use-after-free splat from KASAN when the ioc_info() call following that function is executed (e.g. when doing rmmod of the driver module): [ 3479.371167] =============================================================... • https://git.kernel.org/stable/c/7d310f241001e090cf1ec0f3ae836b38d8c6ebec •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49081 – highmem: fix checks in __kmap_local_sched_{in,out}
https://notcve.org/view.php?id=CVE-2022-49081
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: highmem: fix checks in __kmap_local_sched_{in,out} When CONFIG_DEBUG_KMAP_LOCAL is enabled __kmap_local_sched_{in,out} check that even slots in the tsk->kmap_ctrl.pteval are unmapped. The slots are initialized with 0 value, but the check is done with pte_none. 0 pte however does not necessarily mean that pte_none will return true. e.g. on xtensa it returns false, resulting in the following runtime warnings: WARNING: CPU: 0 PID: 101 at mm/hi... • https://git.kernel.org/stable/c/5fbda3ecd14a5343644979c98d6eb65b7e7de9d8 •