CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49977 – ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
https://notcve.org/view.php?id=CVE-2022-49977
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_ops_list when ftrace_startup_enable fails: register_ftrace_function ftrace_startup __register_ftrace_function ... add_ftrace_ops(&ftrace_ops_list, ops) ... ... ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1 ... return 0 // ops is in the ftrace_ops_list. When ftrace_disabled = 1, un... • https://git.kernel.org/stable/c/8569b4ada1e0b9bfaa125bd0c0967918b6560fa2 •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49975 – bpf: Don't redirect packets with invalid pkt_len
https://notcve.org/view.php?id=CVE-2022-49975
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Don't redirect packets with invalid pkt_len Syzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any skbs, that is, the flow->head is null. The root cause, as the [2] says, is because that bpf_prog_test_run_skb() run a bpf prog which redirects empty skbs. So we should determine whether the length of the packet modified by bpf prog or others like bpf_prog_test is valid before forwarding it directly. In the Linux kernel,... • https://git.kernel.org/stable/c/8b68e53d56697a59b5c53893b53f508bbdf272a0 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49969 – drm/amd/display: clear optc underflow before turn off odm clock
https://notcve.org/view.php?id=CVE-2022-49969
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock [Why] After ODM clock off, optc underflow bit will be kept there always and clear not work. We need to clear that before clock off. [How] Clear that if have when clock off. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock [Why] After ODM clock off, optc underflow bit will be kept there always and... • https://git.kernel.org/stable/c/443687798d6f094412b7312b64b3bb4d99aedff7 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49964 – arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
https://notcve.org/view.php?id=CVE-2022-49964
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level Though acpi_find_last_cache_level() always returned signed value and the document states it will return any errors caused by lack of a PPTT table, it never returned negative values before. Commit 0c80f9e165f8 ("ACPI: PPTT: Leave the table mapped for the runtime usage") however changed it by returning -ENOENT if no PPTT was found. The value returned from ac... • https://git.kernel.org/stable/c/1668c38ef2e5bb80dbee88afcecfcdc3e7abc2aa •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49956 – staging: rtl8712: fix use after free bugs
https://notcve.org/view.php?id=CVE-2022-49956
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl() functions don't do anything except free the "pcmd" pointer. It results in a use after free. Delete them. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl() functions don't do anything except free the "pcmd... • https://git.kernel.org/stable/c/2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49954 – Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
https://notcve.org/view.php?id=CVE-2022-49954
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], for iforce_close() waiting at wait_event_interruptible() with dev->mutex held is blocking input_disconnect_device() from __input_unregister_device(). It seems that the cause is simply that commit c2b27ef672992a20 ("Input: iforce - wait for command completion when closing the device") forgot to call wake_up() afte... • https://git.kernel.org/stable/c/c2b27ef672992a206e5b221b8676972dd840ffa5 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49948 – vt: Clear selection before changing the font
https://notcve.org/view.php?id=CVE-2022-49948
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: vt: Clear selection before changing the font When changing the console font with ioctl(KDFONTOP) the new font size can be bigger than the previous font. A previous selection may thus now be outside of the new screen size and thus trigger out-of-bounds accesses to graphics memory if the selection is removed in vc_do_resize(). Prevent such out-of-memory accesses by dropping the selection before the various con_font_set() console handlers are ... • https://git.kernel.org/stable/c/c555cf04684fde39b5b0dd9fd80730030ee10c4a •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49939 – binder: fix UAF of ref->proc caused by race condition
https://notcve.org/view.php?id=CVE-2022-49939
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of ref->proc caused by race condition A transaction of type BINDER_TYPE_WEAK_HANDLE can fail to increment the reference for a node. In this case, the target proc normally releases the failed reference upon close as expected. However, if the target is dying in parallel the call will race with binder_deferred_release(), so the target could have released all of its references by now leaving the cleanup of the new failed referen... • https://git.kernel.org/stable/c/229f47603dd306bc0eb1a831439adb8e48bb0eae •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49938 – cifs: fix small mempool leak in SMB2_negotiate()
https://notcve.org/view.php?id=CVE-2022-49938
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the request is sent, the checks would return -EIO when they should be rather setting rc = -EIO and jumping to neg_exit to free the response buffer from mempool. In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches... • https://git.kernel.org/stable/c/9e3c9efa7caf16e5acc05eab5e4d0a714e1610b0 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49937 – media: mceusb: Use new usb_control_msg_*() routines
https://notcve.org/view.php?id=CVE-2022-49937
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction in the mceusb driver: ------------[ cut here ]------------ usb 6-1: BOGUS control dir, pipe 80000380 doesn't match bRequestType 40 WARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410 usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410 Modules linked in: CPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-0020... • https://git.kernel.org/stable/c/587f793c64d99d92be8ef01c4c69d885a3f2edb6 •