CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49667 – net: bonding: fix use-after-free after 802.3ad slave unbind
https://notcve.org/view.php?id=CVE-2022-49667
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free after 802.3ad slave unbind commit 0622cab0341c ("bonding: fix 802.3ad aggregator reselection"), resolve case, when there is several aggregation groups in the same bond. bond_3ad_unbind_slave will invalidate (clear) aggregator when __agg_active_ports return zero. So, ad_clear_agg can be executed even, when num_of_ports!=0. Than bond_3ad_unbind_slave can be executed again for, previously cleared aggregator. NO... • https://git.kernel.org/stable/c/0622cab0341cac6b30da177b0faa39fae0680e71 •
CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2022-49666 – powerpc/memhotplug: Add add_pages override for PPC
https://notcve.org/view.php?id=CVE-2022-49666
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add add_pages override for PPC With commit ffa0b64e3be5 ("powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit") the kernel now validate the addr against high_memory value. This results in the below BUG_ON with dax pfns. [ 635.798741][T26531] kernel BUG at mm/page_alloc.c:5521! 1:mon> e cpu 0x1: Vector: 700 (Program Check) at [c000000007287630] pc: c00000000055ed48: free_pages.part.0+0x48/0x110 lr: c00000000053ca70:... • https://git.kernel.org/stable/c/fddb88bd266f4513abab7c36bca98935c9148a98 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2022-49664 – tipc: move bc link creation back to tipc_node_create
https://notcve.org/view.php?id=CVE-2022-49664
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipc_node_create Shuang Li reported a NULL pointer dereference crash: [] BUG: kernel NULL pointer dereference, address: 0000000000000068 [] RIP: 0010:tipc_link_is_up+0x5/0x10 [tipc] [] Call Trace: []
CVSS: 5.6EPSS: %CPEs: 4EXPL: 0CVE-2022-49663 – tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
https://notcve.org/view.php?id=CVE-2022-49663
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() Recently added debug in commit f9aefd6b2aa3 ("net: warn if mac header was not set") caught a bug in skb_tunnel_check_pmtu(), as shown in this syzbot report [1]. In ndo_start_xmit() paths, there is really no need to use skb->mac_header, because skb->data is supposed to point at it. [1] WARNING: CPU: 1 PID: 8604 at include/linux/skbuff.h:2784 skb_mac_header_len include/linux/... • https://git.kernel.org/stable/c/4cb47a8644cc9eb8ec81190a50e79e6530d0297f •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49662 – ipv6: fix lockdep splat in in6_dump_addrs()
https://notcve.org/view.php?id=CVE-2022-49662
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: fix lockdep splat in in6_dump_addrs() As reported by syzbot, we should not use rcu_dereference() when rcu_read_lock() is not held. WARNING: suspicious RCU usage 5.19.0-rc2-syzkaller #0 Not tainted net/ipv6/addrconf.c:5175 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor326/3617: #0: ffffffff8d5848e8 (rtnl_mutex){+.+.}-{3:3}, at: ne... • https://git.kernel.org/stable/c/88e2ca3080947fe22eb520c1f8231e79a105d011 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49661 – can: gs_usb: gs_usb_open/close(): fix memory leak
https://notcve.org/view.php?id=CVE-2022-49661
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_open/close(): fix memory leak The gs_usb driver appears to suffer from a malady common to many USB CAN adapter drivers in that it performs usb_alloc_coherent() to allocate a number of USB request blocks (URBs) for RX, and then later relies on usb_kill_anchored_urbs() to free them, but this doesn't actually free them. As a result, this may be leaking DMA memory that's been used by the driver. This commit is an adaptation ... • https://git.kernel.org/stable/c/d08e973a77d128b25e01a08c34d89593fdf222da •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49659 – can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits
https://notcve.org/view.php?id=CVE-2022-49659
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits In commit 1be37d3b0414 ("can: m_can: fix periph RX path: use rx-offload to ensure skbs are sent from softirq context") the RX path for peripheral devices was switched to RX-offload. Received CAN frames are pushed to RX-offload together with a timestamp. RX-offload is designed to handle overflows of the timestamp correctly, if 32 bit timestamps are provided. The t... • https://git.kernel.org/stable/c/1be37d3b0414e3db47f6fcba6c16286bbae0cb65 •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2022-49658 – bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
https://notcve.org/view.php?id=CVE-2022-49658
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals Kuee reported a corner case where the tnum becomes constant after the call to __reg_bound_offset(), but the register's bounds are not, that is, its min bounds are still not equal to the register's max bounds. This in turn allows to leak pointers through turning a pointer register as is into an unknown scalar via adjust_ptr_min_max_vals(). Before: func#0 @0 0: R1=ctx(of... • https://git.kernel.org/stable/c/b03c9f9fdc37dab81ea04d5dacdc5995d4c224c2 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49657 – usbnet: fix memory leak in error case
https://notcve.org/view.php?id=CVE-2022-49657
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer • https://git.kernel.org/stable/c/877bd862f32b815d54ab5fc10a4fd903d7bf3012 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49656 – ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
https://notcve.org/view.php?id=CVE-2022-49656
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: meson: Fix refcount leak in meson_smp_prepare_cpus of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ARM: meson: Fix refcount leak in meson_smp_prepare_cpus of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_... • https://git.kernel.org/stable/c/d850f3e5d2966e5c9eb55f66181cee960737e04c •