CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49183 – net/sched: act_ct: fix ref leak when switching zones
https://notcve.org/view.php?id=CVE-2022-49183
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix ref leak when switching zones When switching zones or network namespaces without doing a ct clear in between, it is now leaking a reference to the old ct entry. That's because tcf_ct_skb_nfct_cached() returns false and tcf_ct_flow_table_lookup() may simply overwrite it. The fix is to, as the ct entry is not reusable, free it already at tcf_ct_skb_nfct_cached(). • https://git.kernel.org/stable/c/a95ea90deb3071c1ded77a05e91cfebc5238d908 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49182 – net: hns3: add vlan list lock to protect vlan list
https://notcve.org/view.php?id=CVE-2022-49182
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: add vlan list lock to protect vlan list When adding port base VLAN, vf VLAN need to remove from HW and modify the vlan state in vf VLAN list as false. If the periodicity task is freeing the same node, it may cause "use after free" error. This patch adds a vlan list lock to protect the vlan list. • https://git.kernel.org/stable/c/c6075b193462d9a3930fb41f587f94720658752a •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49180 – LSM: general protection fault in legacy_parse_param
https://notcve.org/view.php?id=CVE-2022-49180
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacy_parse_param The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular case Smack sees a mount option that it recognizes, and returns 0. A call to a BPF hook follows, which returns -ENOPARAM, which confuses the caller because Smack has processed its data. The SELinux hook incorrectl... • https://git.kernel.org/stable/c/ddcdda888e14ca451b3ee83d11b65b2a9c8e783b •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49179 – block, bfq: don't move oom_bfqq
https://notcve.org/view.php?id=CVE-2022-49179
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq Our test report a UAF: [ 2073.019181] ================================================================== [ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168 [ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584 [ 2073.019192] [ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5 [ 2073.019198] Hardware name: QEMU KVM Virtual Machine... • https://git.kernel.org/stable/c/c4f5a678add58a8a0e7ee5e038496b376ea6d205 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49178 – memstick/mspro_block: fix handling of read-only devices
https://notcve.org/view.php?id=CVE-2022-49178
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: memstick/mspro_block: fix handling of read-only devices Use set_disk_ro to propagate the read-only state to the block layer instead of checking for it in ->open and leaking a reference in case of a read-only device. • https://git.kernel.org/stable/c/057b53c4f87690d626203acef8b63d52a9bf2f43 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49177 – hwrng: cavium - fix NULL but dereferenced coccicheck error
https://notcve.org/view.php?id=CVE-2022-49177
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: hwrng: cavium - fix NULL but dereferenced coccicheck error Fix following coccicheck warning: ./drivers/char/hw_random/cavium-rng-vf.c:182:17-20: ERROR: pdev is NULL but dereferenced. • https://git.kernel.org/stable/c/e47b12f9415169eceda6770fcf45802e0c8d2a66 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49176 – bfq: fix use-after-free in bfq_dispatch_request
https://notcve.org/view.php?id=CVE-2022-49176
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: fix use-after-free in bfq_dispatch_request KASAN reports a use-after-free report when doing normal scsi-mq test [69832.239032] ================================================================== [69832.241810] BUG: KASAN: use-after-free in bfq_dispatch_request+0x1045/0x44b0 [69832.243267] Read of size 8 at addr ffff88802622ba88 by task kworker/3:1H/155 [69832.244656] [69832.245007] CPU: 3 PID: 155 Comm: kworker/3:1H Not tainted 5.10.0-1... • https://git.kernel.org/stable/c/74e610b5ee0d95e751280567100509eb11517efa •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49175 – PM: core: keep irq flags in device_pm_check_callbacks()
https://notcve.org/view.php?id=CVE-2022-49175
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in device_pm_check_callbacks() The function device_pm_check_callbacks() can be called under the spin lock (in the reported case it happens from genpd_add_device() -> dev_pm_domain_set(), when the genpd uses spinlocks rather than mutexes. However this function uncoditionally uses spin_lock_irq() / spin_unlock_irq(), thus not preserving the CPU flags. Use the irqsave/irqrestore instead. The backtrace for the reference... • https://git.kernel.org/stable/c/3ec80d52b9b74b9e691997632a543c73eddfeba0 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49174 – ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
https://notcve.org/view.php?id=CVE-2022-49174
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit In case of flex_bg feature (which is by default enabled), extents for any given inode might span across blocks from two different block group. ext4_mb_mark_bb() only reads the buffer_head of block bitmap once for the starting block group, but it fails to read it again when the extent length boundary overflows to another block group. Then in this below loop it accesses memory beyond t... • https://git.kernel.org/stable/c/cd6d719534af993210306f8a13f9cb3e615f7c8d •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49173 – spi: fsi: Implement a timeout for polling status
https://notcve.org/view.php?id=CVE-2022-49173
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: fsi: Implement a timeout for polling status The data transfer routines must poll the status register to determine when more data can be shifted in or out. If the hardware gets into a bad state, these polling loops may never exit. Prevent this by returning an error if a timeout is exceeded. • https://git.kernel.org/stable/c/d4982ceb137e6ecd2b466a6de639790a148cf19a •