CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49172 – parisc: Fix non-access data TLB cache flush faults
https://notcve.org/view.php?id=CVE-2022-49172
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Fix non-access data TLB cache flush faults When a page is not present, we get non-access data TLB faults from the fdc and fic instructions in flush_user_dcache_range_asm and flush_user_icache_range_asm. When these occur, the cache line is not invalidated and potentially we get memory corruption. The problem was hidden by the nullification of the flush instructions. These faults also affect performance. With pa8800/pa8900 processors,... • https://git.kernel.org/stable/c/b3d6adb3a49d82e4e557c5fc16f50c9ff731da5d •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49171 – ext4: don't BUG if someone dirty pages without asking ext4 first
https://notcve.org/view.php?id=CVE-2022-49171
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: don't BUG if someone dirty pages without asking ext4 first [un]pin_user_pages_remote is dirtying pages without properly warning the file system in advance. A related race was noted by Jan Kara in 2018[1]; however, more recently instead of it being a very hard-to-hit race, it could be reliably triggered by process_vm_writev(2) which was discovered by Syzbot[2]. This is technically a bug in mm/gup.c, but arguably ext4 is fragile in that... • https://git.kernel.org/stable/c/5db60e76edf5680ff1f3a7221036fc44b308f146 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49170 – f2fs: fix to do sanity check on curseg->alloc_type
https://notcve.org/view.php?id=CVE-2022-49170
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg->alloc_type As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215657 - Overview UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and operate a corrupted image - Reproduce tested on kernel 5.17-rc4, 5.17-rc6 1. mkdir test_crash 2. cd test_crash 3. unzip tmp2.zip 4. mkdir mnt 5. ./single_test.sh f2fs 2 - Kernel dump [ 46.434454] loop0: detected capaci... • https://git.kernel.org/stable/c/498b7088db71f9707359448cd6800bbb1882f4c3 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49169 – f2fs: use spin_lock to avoid hang
https://notcve.org/view.php?id=CVE-2022-49169
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: use spin_lock to avoid hang [14696.634553] task:cat state:D stack: 0 pid:1613738 ppid:1613735 flags:0x00000004 [14696.638285] Call Trace: [14696.639038]
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49168 – btrfs: do not clean up repair bio if submit fails
https://notcve.org/view.php?id=CVE-2022-49168
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails The submit helper will always run bio_endio() on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-after-free and NULL pointer dereference bugs because we race with the endio function that is cleaning up the bio. Instead just return BLK_STS_OK as the repair function has to continue to process the rest of the pages, and the endio for the repair bio will do t... • https://git.kernel.org/stable/c/e76c78c48902dae6fa612749f59162bca0a79e0b •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49167 – btrfs: do not double complete bio on errors during compressed reads
https://notcve.org/view.php?id=CVE-2022-49167
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not double complete bio on errors during compressed reads I hit some weird panics while fixing up the error handling from btrfs_lookup_bio_sums(). Turns out the compression path will complete the bio we use if we set up any of the compression bios and then return an error, and then btrfs_submit_data_bio() will also call bio_endio() on the bio. Fix this by making btrfs_submit_compressed_read() responsible for calling bio_endio() on... • https://git.kernel.org/stable/c/4a4ceb2b990771c374d85d496a1a45255dde48e3 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49166 – ntfs: add sanity check on allocation size
https://notcve.org/view.php?id=CVE-2022-49166
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs: add sanity check on allocation size ntfs_read_inode_mount invokes ntfs_malloc_nofs with zero allocation size. It triggers one BUG in the __ntfs_malloc function. Fix this by adding sanity check on ni->attr_list_size. • https://git.kernel.org/stable/c/bd8d7daa0e53b184a2f3c6e0d47330780d0a0650 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49165 – media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers
https://notcve.org/view.php?id=CVE-2022-49165
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers If the application queues an NV12M jpeg as output buffer, but then queues a single planar capture buffer, the kernel will crash with "Unable to handle kernel NULL pointer dereference" in mxc_jpeg_addrs, prevent this by finishing the job with error. • https://git.kernel.org/stable/c/eff76b180751e5e55c872d17755680c3b83ba9ab •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49164 – powerpc/tm: Fix more userspace r13 corruption
https://notcve.org/view.php?id=CVE-2022-49164
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/tm: Fix more userspace r13 corruption Commit cf13435b730a ("powerpc/tm: Fix userspace r13 corruption") fixes a problem in treclaim where a SLB miss can occur on the thread_struct->ckpt_regs while SCRATCH0 is live with the saved user r13 value, clobbering it with the kernel r13 and ultimately resulting in kernel r13 being stored in ckpt_regs. There is an equivalent problem in trechkpt where the user r13 value is loaded into r13 from ... • https://git.kernel.org/stable/c/98ae22e15b430bfed5def01ac1a88ec9396284c8 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49163 – media: imx-jpeg: fix a bug of accessing array out of bounds
https://notcve.org/view.php?id=CVE-2022-49163
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: fix a bug of accessing array out of bounds When error occurs in parsing jpeg, the slot isn't acquired yet, it may be the default value MXC_MAX_SLOTS. If the driver access the slot using the incorrect slot number, it will access array out of bounds. The result is the driver will change num_domains, which follows slot_data in struct mxc_jpeg_dev. Then the driver won't detach the pm domain at rmmod, which will lead to kernel p... • https://git.kernel.org/stable/c/02f9f97d54ffc85b50ad77f5b1f3c8f69cd17747 •