CVSS: 5.5EPSS: %CPEs: 15EXPL: 0CVE-2022-49708 – ext4: fix bug_on ext4_mb_use_inode_pa
https://notcve.org/view.php?id=CVE-2022-49708
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on ext4_mb_use_inode_pa Hulk Robot reported a BUG_ON: ================================================================== kernel BUG at fs/ext4/mballoc.c:3211! [...] RIP: 0010:ext4_mb_mark_diskspace_used.cold+0x85/0x136f [...] Call Trace: ext4_mb_new_blocks+0x9df/0x5d30 ext4_ext_map_blocks+0x1803/0x4d80 ext4_map_blocks+0x3a4/0x1a10 ext4_writepages+0x126d/0x2c30 do_writepages+0x7f/0x1b0 __filemap_fdatawrite_range+0x285/0x3b0 fil... • https://git.kernel.org/stable/c/fc6c2da174edd7a7b760b12c60d432d300e05cca •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49707 – ext4: add reserved GDT blocks check
https://notcve.org/view.php?id=CVE-2022-49707
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: add reserved GDT blocks check We capture a NULL pointer issue when resizing a corrupt ext4 image which is freshly clear resize_inode feature (not run e2fsck). It could be simply reproduced by following steps. The problem is because of the resize_inode feature was cleared, and it will convert the filesystem to meta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was not reduced to zero, so could we mistakenly call reserv... • https://git.kernel.org/stable/c/0dc2fca8e4f9ac4a40e8424a10163369cca0cc06 •
CVSS: 9.0EPSS: %CPEs: 8EXPL: 0CVE-2022-49700 – mm/slub: add missing TID updates on slab deactivation
https://notcve.org/view.php?id=CVE-2022-49700
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long as the TID stays the same. However, two places in __slab_alloc() currently don't update the TID when deactivating the CPU slab. If multiple operations race the right way, this could lead to an object getting lost; or, in an even more unlikely situation, it could even lead to an object being freed onto the wrong slab... • https://git.kernel.org/stable/c/03e404af26dc2ea0d278d7a342de0aab394793ce •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2022-49685 – iio: trigger: sysfs: fix use-after-free on remove
https://notcve.org/view.php?id=CVE-2022-49685
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irq_work has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irq_work_run_list Read of size 8 at addr 0000000064702248 by task python3/25 Call Trace: irq_work_run_list irq_work_tick update_process_times tick_sched_handle tick_sched_timer __hrtimer_run_queues hrtimer_interrupt Allocated by ... • https://git.kernel.org/stable/c/f38bc926d022ebd67baad6ac7fc22c95fbc6238c •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49682 – xtensa: Fix refcount leak bug in time.c
https://notcve.org/view.php?id=CVE-2022-49682
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: xtensa: Fix refcount leak bug in time.c In calibrate_ccount(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: xtensa: Fix refcount leak bug in time.c In calibrate_ccount(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when ... • https://git.kernel.org/stable/c/3e5eb904d9ba657308fc75a5de434b0e58dcb8d7 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49681 – xtensa: xtfpga: Fix refcount leak bug in setup
https://notcve.org/view.php?id=CVE-2022-49681
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: xtensa: xtfpga: Fix refcount leak bug in setup In machine_setup(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: xtensa: xtfpga: Fix refcount leak bug in setup In machine_setup(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put... • https://git.kernel.org/stable/c/b12d5c52f073a0420622aaf2f21b615cce8b36cc •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49679 – ARM: Fix refcount leak in axxia_boot_secondary
https://notcve.org/view.php?id=CVE-2022-49679
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: Fix refcount leak in axxia_boot_secondary of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ARM: Fix refcount leak in axxia_boot_secondary of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it w... • https://git.kernel.org/stable/c/1d22924e1c4e299337e86e290c02c3e3eb43b608 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49677 – ARM: cns3xxx: Fix refcount leak in cns3xxx_init
https://notcve.org/view.php?id=CVE-2022-49677
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: cns3xxx: Fix refcount leak in cns3xxx_init of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ARM: cns3xxx: Fix refcount leak in cns3xxx_init of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it... • https://git.kernel.org/stable/c/415f59142d9d9dd023deaeb3b4dfc1aecdd3983c •
CVSS: 10.0EPSS: %CPEs: 7EXPL: 0CVE-2022-49674 – dm raid: fix accesses beyond end of raid member array
https://notcve.org/view.php?id=CVE-2022-49674
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load (using raid_ctr), dm-raid allocates an array rs->devs[rs->raid_disks] for the raid device members. rs->raid_disks is defined by the number of raid metadata and image tupples passed into the target's constructor. In the case of RAID layout changes being requested, that number can be different from the current number of members for existing raid sets as defined in the... • https://git.kernel.org/stable/c/5e161a8826b63c0b8b43e4a7fad1f956780f42ab •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49673 – dm raid: fix KASAN warning in raid5_add_disks
https://notcve.org/view.php?id=CVE-2022-49673
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5_add_disks There's a KASAN warning in raid5_add_disk when running the LVM testsuite. The warning happens in the test lvconvert-raid-reshape-linear_to_raid6-single-type.sh. We fix the warning by verifying that rdev->saved_raid_disk is within limits. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5_add_disks There's a KASAN warning in raid5_add_disk when... • https://git.kernel.org/stable/c/2d4e7c9898c20fb3d3f55381cab601761aab7d64 •