CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2022-49666 – powerpc/memhotplug: Add add_pages override for PPC
https://notcve.org/view.php?id=CVE-2022-49666
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add add_pages override for PPC With commit ffa0b64e3be5 ("powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit") the kernel now validate the addr against high_memory value. This results in the below BUG_ON with dax pfns. [ 635.798741][T26531] kernel BUG at mm/page_alloc.c:5521! 1:mon> e cpu 0x1: Vector: 700 (Program Check) at [c000000007287630] pc: c00000000055ed48: free_pages.part.0+0x48/0x110 lr: c00000000053ca70:... • https://git.kernel.org/stable/c/fddb88bd266f4513abab7c36bca98935c9148a98 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2022-49664 – tipc: move bc link creation back to tipc_node_create
https://notcve.org/view.php?id=CVE-2022-49664
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipc_node_create Shuang Li reported a NULL pointer dereference crash: [] BUG: kernel NULL pointer dereference, address: 0000000000000068 [] RIP: 0010:tipc_link_is_up+0x5/0x10 [tipc] [] Call Trace: []
CVSS: 5.6EPSS: %CPEs: 4EXPL: 0CVE-2022-49663 – tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
https://notcve.org/view.php?id=CVE-2022-49663
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() Recently added debug in commit f9aefd6b2aa3 ("net: warn if mac header was not set") caught a bug in skb_tunnel_check_pmtu(), as shown in this syzbot report [1]. In ndo_start_xmit() paths, there is really no need to use skb->mac_header, because skb->data is supposed to point at it. [1] WARNING: CPU: 1 PID: 8604 at include/linux/skbuff.h:2784 skb_mac_header_len include/linux/... • https://git.kernel.org/stable/c/4cb47a8644cc9eb8ec81190a50e79e6530d0297f •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49662 – ipv6: fix lockdep splat in in6_dump_addrs()
https://notcve.org/view.php?id=CVE-2022-49662
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: fix lockdep splat in in6_dump_addrs() As reported by syzbot, we should not use rcu_dereference() when rcu_read_lock() is not held. WARNING: suspicious RCU usage 5.19.0-rc2-syzkaller #0 Not tainted net/ipv6/addrconf.c:5175 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor326/3617: #0: ffffffff8d5848e8 (rtnl_mutex){+.+.}-{3:3}, at: ne... • https://git.kernel.org/stable/c/88e2ca3080947fe22eb520c1f8231e79a105d011 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49661 – can: gs_usb: gs_usb_open/close(): fix memory leak
https://notcve.org/view.php?id=CVE-2022-49661
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_open/close(): fix memory leak The gs_usb driver appears to suffer from a malady common to many USB CAN adapter drivers in that it performs usb_alloc_coherent() to allocate a number of USB request blocks (URBs) for RX, and then later relies on usb_kill_anchored_urbs() to free them, but this doesn't actually free them. As a result, this may be leaking DMA memory that's been used by the driver. This commit is an adaptation ... • https://git.kernel.org/stable/c/d08e973a77d128b25e01a08c34d89593fdf222da •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49659 – can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits
https://notcve.org/view.php?id=CVE-2022-49659
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits In commit 1be37d3b0414 ("can: m_can: fix periph RX path: use rx-offload to ensure skbs are sent from softirq context") the RX path for peripheral devices was switched to RX-offload. Received CAN frames are pushed to RX-offload together with a timestamp. RX-offload is designed to handle overflows of the timestamp correctly, if 32 bit timestamps are provided. The t... • https://git.kernel.org/stable/c/1be37d3b0414e3db47f6fcba6c16286bbae0cb65 •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2022-49658 – bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
https://notcve.org/view.php?id=CVE-2022-49658
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals Kuee reported a corner case where the tnum becomes constant after the call to __reg_bound_offset(), but the register's bounds are not, that is, its min bounds are still not equal to the register's max bounds. This in turn allows to leak pointers through turning a pointer register as is into an unknown scalar via adjust_ptr_min_max_vals(). Before: func#0 @0 0: R1=ctx(of... • https://git.kernel.org/stable/c/b03c9f9fdc37dab81ea04d5dacdc5995d4c224c2 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49657 – usbnet: fix memory leak in error case
https://notcve.org/view.php?id=CVE-2022-49657
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer • https://git.kernel.org/stable/c/877bd862f32b815d54ab5fc10a4fd903d7bf3012 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49656 – ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
https://notcve.org/view.php?id=CVE-2022-49656
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: meson: Fix refcount leak in meson_smp_prepare_cpus of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ARM: meson: Fix refcount leak in meson_smp_prepare_cpus of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_... • https://git.kernel.org/stable/c/d850f3e5d2966e5c9eb55f66181cee960737e04c •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2022-49654 – net: dsa: qca8k: reset cpu port on MTU change
https://notcve.org/view.php?id=CVE-2022-49654
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: qca8k: reset cpu port on MTU change It was discovered that the Documentation lacks of a fundamental detail on how to correctly change the MAX_FRAME_SIZE of the switch. In fact if the MAX_FRAME_SIZE is changed while the cpu port is on, the switch panics and cease to send any packet. This cause the mgmt ethernet system to not receive any packet (the slow fallback still works) and makes the device not reachable. To recover from this ... • https://git.kernel.org/stable/c/f58d2598cf70d41f73e761b62a114d2e8f94a676 •