CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49864 – drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
https://notcve.org/view.php?id=CVE-2022-49864
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() ./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p is NULL but dereferenced. • https://git.kernel.org/stable/c/3c1bb6187e566143f15dbf0367ae671584aead5b •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49856 – net: tun: call napi_schedule_prep() to ensure we own a napi
https://notcve.org/view.php?id=CVE-2022-49856
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tun: call napi_schedule_prep() to ensure we own a napi A recent patch exposed another issue in napi_get_frags() caught by syzbot [1] Before feeding packets to GRO, and calling napi_complete() we must first grab NAPI_STATE_SCHED. [1] WARNING: CPU: 0 PID: 3612 at net/core/dev.c:6076 napi_complete_done+0x45b/0x880 net/core/dev.c:6076 Modules linked in: CPU: 0 PID: 3612 Comm: syz-executor408 Not tainted 6.1.0-rc3-syzkaller-00175-g1118b2049... • https://git.kernel.org/stable/c/07d120aa33cc9d9115753d159f64d20c94458781 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49850 – nilfs2: fix deadlock in nilfs_count_free_blocks()
https://notcve.org/view.php?id=CVE-2022-49850
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadata corruption while locating data blocks and a superblock writeback occurs at the same time: task 1 task 2 ------ ------ * A file operation * nilfs_truncate() nilfs_get_block() down_read(rwsem A) <-- nilfs_bmap_lookup_contig() ... generic_shutdown_super() nilfs_put_super() * Prepare to write superblock * down_write(rwsem B) <-... • https://git.kernel.org/stable/c/e828949e5b42bfd234ee537cdb7c5e3a577958a3 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49843 – drm/amdkfd: Migrate in CPU page fault use current mm
https://notcve.org/view.php?id=CVE-2022-49843
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Migrate in CPU page fault use current mm migrate_vma_setup shows below warning because we don't hold another process mm mmap_lock. We should use current vmf->vma->vm_mm instead, the caller already hold current mmap lock inside CPU page fault handler. WARNING: CPU: 10 PID: 3054 at include/linux/mmap_lock.h:155 find_vma Call Trace: walk_page_range+0x76/0x150 migrate_vma_setup+0x18a/0x640 svm_migrate_vram_to_ram+0x245/0xa10 [amdgpu... • https://git.kernel.org/stable/c/3a876060892ba52dd67d197c78b955e62657d906 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49842 – ASoC: core: Fix use-after-free in snd_soc_exit()
https://notcve.org/view.php?id=CVE-2022-49842
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 Comm: rmmod Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49839 – scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
https://notcve.org/view.php?id=CVE-2022-49839
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_remove_host(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)... • https://git.kernel.org/stable/c/c7ebbbce366c02e5657ac6b6059933fe0353b175 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49835 – ALSA: hda: fix potential memleak in 'add_widget_node'
https://notcve.org/view.php?id=CVE-2022-49835
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call 'kobject_put' to recycling resources. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return err... • https://git.kernel.org/stable/c/b688a3ec235222d9a84e43a48a6f31acb95baf2d •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49834 – nilfs2: fix use-after-free bug of ns_writer on remount
https://notcve.org/view.php?id=CVE-2022-49834
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if emergency read-only remount is performed, detaching a log writer and synchronizing the filesystem can be done at the same time. In these cases, use-after-free of the log writer (hereinafter nilfs->ns_writer) can happen as shown in the scenario below: Task1 Task2 ------... • https://git.kernel.org/stable/c/b2fbf10040216ef5ee270773755fc2f5da65b749 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49833 – btrfs: zoned: clone zoned device info when cloning a device
https://notcve.org/view.php?id=CVE-2022-49833
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: clone zoned device info when cloning a device When cloning a btrfs_device, we're not cloning the associated btrfs_zoned_device_info structure of the device in case of a zoned filesystem. Later on this leads to a NULL pointer dereference when accessing the device's zone_info for instance when setting a zone as active. This was uncovered by fstests' testcase btrfs/161. In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/ad88cabcec942c033f980cd1e28d56ecdaf5f3b8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49832 – pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
https://notcve.org/view.php?id=CVE-2022-49832
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 0000000000000000 by task python3/2640 Call Trace: strcmp __of_find_property of_find_property pinctrl_dt_to_map kasprintf() would return NULL pointer when kmalloc() fail to allocate. So directly return ENOMEM, if kasprintf() return NULL p... • https://git.kernel.org/stable/c/57291ce295c0aca738dd284c4a9c591c09ebee71 •