CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49070 – fbdev: Fix unregistering of framebuffers without device
https://notcve.org/view.php?id=CVE-2022-49070
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix unregistering of framebuffers without device OF framebuffers do not have an underlying device in the Linux device hierarchy. Do a regular unregister call instead of hot unplugging such a non-existing device. Fixes a NULL dereference. An example error message on ppc64le is shown below. BUG: Kernel NULL pointer dereference on read at 0x00000060 Faulting instruction address: 0xc00000000080dfa4 Oops: Kernel access of bad area, sig: 1... • https://git.kernel.org/stable/c/c894ac44786cfed383a6c6b20c1bfb12eb96018a •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49069 – drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw
https://notcve.org/view.php?id=CVE-2022-49069
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw [Why] Below general protection fault observed when WebGL Aquarium is run for longer duration. If drm debug logs are enabled and set to 0x1f then the issue is observed within 10 minutes of run. [ 100.717056] general protection fault, probably for non-canonical address 0x2d33302d32323032: 0000 [#1] PREEMPT SMP NOPTI [ 100.727921] CPU: 3 PID: 1906 Comm: DrmThread Tain... • https://git.kernel.org/stable/c/e995c5d52ec7415644eee617fc7e906b51aec7ae •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49068 – btrfs: release correct delalloc amount in direct IO write path
https://notcve.org/view.php?id=CVE-2022-49068
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: release correct delalloc amount in direct IO write path Running generic/406 causes the following WARNING in btrfs_destroy_inode() which tells there are outstanding extents left. In btrfs_get_blocks_direct_write(), we reserve a temporary outstanding extents with btrfs_delalloc_reserve_metadata() (or indirectly from btrfs_delalloc_reserve_space(()). We then release the outstanding extents with btrfs_delalloc_release_extents(). However,... • https://git.kernel.org/stable/c/5afd80c393f4e87451f14eefb7f2f24daf434e06 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49067 – powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
https://notcve.org/view.php?id=CVE-2022-49067
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way __pa() works we have: __pa(0x8000000000000000) == 0, and therefore virt_to_pfn(0x8000000000000000) == 0, and therefore virt_addr_valid(0x8000000000000000) == true Which is wrong, virt_addr_valid() should be false for vmalloc space. In fact all vmalloc addresses that alias with a valid PFN will return... • https://git.kernel.org/stable/c/deab81144d5a043f42804207fb76cfbd8a806978 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49066 – veth: Ensure eth header is in skb's linear part
https://notcve.org/view.php?id=CVE-2022-49066
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with act_mirred, skb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(), which expects at least ETH_HLEN byte of linear data (as __dev_forward_skb2() calls eth_type_trans(), which pulls ETH_HLEN bytes unconditionally). Use pskb_may_pull() to ensure veth_xmit() respects this constraint. kernel BUG at include/linux/skbuff.h:2328! RI... • https://git.kernel.org/stable/c/e314dbdc1c0dc6a548ecf0afce28ecfd538ff568 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49065 – SUNRPC: Fix the svc_deferred_event trace class
https://notcve.org/view.php?id=CVE-2022-49065
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix the svc_deferred_event trace class Fix a NULL deref crash that occurs when an svc_rqst is deferred while the sunrpc tracing subsystem is enabled. svc_revisit() sets dr->xprt to NULL, so it can't be relied upon in the tracepoint to provide the remote's address. Unfortunately we can't revert the "svc_deferred_class" hunk in commit ece200ddd54b ("sunrpc: Save remote presentation address in svc_xprt for trace events") because there ... • https://git.kernel.org/stable/c/ece200ddd54b9ce840cfee554fb812560c545c7d •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49064 – cachefiles: unmark inode in use in error path
https://notcve.org/view.php?id=CVE-2022-49064
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: unmark inode in use in error path Unmark inode in use if error encountered. If the in-use flag leakage occurs in cachefiles_open_file(), Cachefiles will complain "Inode already in use" when later another cookie with the same index key is looked up. If the in-use flag leakage occurs in cachefiles_create_tmpfile(), though the "Inode already in use" warning won't be triggered, fix the leakage anyway. • https://git.kernel.org/stable/c/1f08c925e7a38002bde509e66f6f891468848511 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49063 – ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
https://notcve.org/view.php?id=CVE-2022-49063
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: arfs: fix use-after-free when freeing @rx_cpu_rmap The CI testing bots triggered the following splat: [ 718.203054] BUG: KASAN: use-after-free in free_irq_cpu_rmap+0x53/0x80 [ 718.206349] Read of size 4 at addr ffff8881bd127e00 by task sh/20834 [ 718.212852] CPU: 28 PID: 20834 Comm: sh Kdump: loaded Tainted: G S W IOE 5.17.0-rc8_nextqueue-devqueue-02643-g23f3121aca93 #1 [ 718.219695] Hardware name: Intel Corporation S2600WFT/S2600WFT, ... • https://git.kernel.org/stable/c/28bf26724fdb0e02267d19e280d6717ee810a10d •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49062 – cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr
https://notcve.org/view.php?id=CVE-2022-49062
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr Use the actual length of volume coherency data when setting the xattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in cachefiles_set_volume_xattr+0xa0/0x350 [cachefiles] Write of size 4 at addr ffff888101e02af4 by task kworker/6:0/1347 CPU: 6 PID: 1347 Comm: kworker/6:0 Kdump: loaded Not tainted 5.18.0-rc1-nfs-fscache-netfs+ #13 Hardware name: QEM... • https://git.kernel.org/stable/c/413a4a6b0b5553f2423d210f65e98c211b99c3f8 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49061 – net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
https://notcve.org/view.php?id=CVE-2022-49061
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link When using a fixed-link, the altr_tse_pcs driver crashes due to null-pointer dereference as no phy_device is provided to tse_pcs_fix_mac_speed function. Fix this by adding a check for phy_dev before calling the tse_pcs_fix_mac_speed() function. Also clean up the tse_pcs_fix_mac_speed function a bit. There is no need to check for splitter_base and sgmii_adapter_base bec... • https://git.kernel.org/stable/c/fb3bbdb859891e6bc27fd1afb3a07319f82c2ee4 •