CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2022-49648 – tracing/histograms: Fix memory leak problem
https://notcve.org/view.php?id=CVE-2022-49648
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Fix memory leak problem This reverts commit 46bbe5c671e06f070428b9be142cc4ee5cedebac. As commit 46bbe5c671e0 ("tracing: fix double free") said, the "double free" problem reported by clang static analyzer is: > In parse_var_defs() if there is a problem allocating > var_defs.expr, the earlier var_defs.name is freed. > This free is duplicated by free_var_defs() which frees > the rest of the list. However, if there is a prob... • https://git.kernel.org/stable/c/240dd5118a9e0454f280ffeae63f22bd14735733 •
CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2022-49647 – cgroup: Use separate src/dst nodes when preloading css_sets for migration
https://notcve.org/view.php?id=CVE-2022-49647
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading css_sets for migration Each cset (css_set) is pinned by its tasks. When we're moving tasks around across csets for a migration, we need to hold the source and destination csets to ensure that they don't go away while we're moving tasks about. This is done by linking cset->mg_preload_node on either the mgctx->preloaded_src_csets or mgctx->preloaded_dst_csets list. Using the same cset->mg_pre... • https://git.kernel.org/stable/c/f817de98513d060023be4fa1d061b29a6515273e •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-49646 – wifi: mac80211: fix queue selection for mesh/OCB interfaces
https://notcve.org/view.php?id=CVE-2022-49646
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue for broadcast packets, using the BE queue. Allowing non-BE queue marking violates that assumption and txq->ac == skb_queue_mapping is no longer guaranteed. This can cause issues with queue handling in the driver and also causes issues with the recent ATF change, resulting in an AQL underflow warning. In the Linux ke... • https://git.kernel.org/stable/c/444be5a02b77f3b7a8ac9c1a0b074fbb3bd89cd0 •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-49645 – drm/panfrost: Fix shrinker list corruption by madvise IOCTL
https://notcve.org/view.php?id=CVE-2022-49645
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix shrinker list corruption by madvise IOCTL Calling madvise IOCTL twice on BO causes memory shrinker list corruption and crashes kernel because BO is already on the list and it's added to the list again, while BO should be removed from the list before it's re-added. Fix it. In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix shrinker list corruption by madvise IOCTL Calling madvise IOCTL twi... • https://git.kernel.org/stable/c/013b6510131568ce4e01856d5360bfdfe9c3632f •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-49644 – drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
https://notcve.org/view.php?id=CVE-2022-49644
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() If drm_connector_init fails, intel_connector_free will be called to take care of proper free. So it is necessary to drop the refcount of port before intel_connector_free. (cherry picked from commit cea9ed611e85d36a05db52b6457bf584b7d969e2) In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix a possible refcount leak in intel_dp_add_mst_connec... • https://git.kernel.org/stable/c/091a4f91942a4396c67e5747f5cb38c6396d1fc5 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49643 – ima: Fix a potential integer overflow in ima_appraise_measurement
https://notcve.org/view.php?id=CVE-2022-49643
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ima: Fix a potential integer overflow in ima_appraise_measurement When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be negative, which may cause the integer overflow problem. In the Linux kernel, the following vulnerability has been resolved: ima: Fix a potential integer overflow in ima_appraise_measurement When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be negative, which may cause the integer ov... • https://git.kernel.org/stable/c/39b07096364a42c516415d5f841069e885234e61 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2022-49642 – net: stmmac: dwc-qos: Disable split header for Tegra194
https://notcve.org/view.php?id=CVE-2022-49642
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for Tegra194 where random system crashes have been observed [0]. The problem occurs when the split header feature is enabled in the stmmac driver. In the bad case, a larger than expected buffer length is received and causes the calculation of the total buffer length to overflow. This results in a very large buffer len... • https://git.kernel.org/stable/c/67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee •
CVSS: 4.7EPSS: %CPEs: 6EXPL: 0CVE-2022-49641 – sysctl: Fix data races in proc_douintvec().
https://notcve.org/view.php?id=CVE-2022-49641
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_douintvec() itself is tolerant to a data-race, but we still need to add annotations on the oth... • https://git.kernel.org/stable/c/e7d316a02f683864a12389f8808570e37fb90aa3 •
CVSS: 4.7EPSS: %CPEs: 4EXPL: 0CVE-2022-49640 – sysctl: Fix data races in proc_douintvec_minmax().
https://notcve.org/view.php?id=CVE-2022-49640
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec_minmax(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch changes proc_douintvec_minmax() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_douintvec_minmax() itself is tolerant to a data-race, but we still need to add a... • https://git.kernel.org/stable/c/61d9b56a89208d8cccd0b4cfec7e6959717e16e3 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49639 – cipso: Fix data-races around sysctl.
https://notcve.org/view.php?id=CVE-2022-49639
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. • https://git.kernel.org/stable/c/446fda4f26822b2d42ab3396aafcedf38a9ff2b6 •