CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49093 – skbuff: fix coalescing for page_pool fragment recycling
https://notcve.org/view.php?id=CVE-2022-49093
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: skbuff: fix coalescing for page_pool fragment recycling Fix a use-after-free when using page_pool with page fragments. We encountered this problem during normal RX in the hns3 driver: (1) Initially we have three descriptors in the RX queue. The first one allocates PAGE1 through page_pool, and the other two allocate one half of PAGE2 each. Page references look like this: RX_BD1 _______ PAGE1 RX_BD2 _______ PAGE2 RX_BD3 _________/ (2) Handle ... • https://git.kernel.org/stable/c/53e0961da1c7bbdabd1abebb20de403ec237ec09 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49092 – net: ipv4: fix route with nexthop object delete warning
https://notcve.org/view.php?id=CVE-2022-49092
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix route with nexthop object delete warning FRR folks have hit a kernel warning[1] while deleting routes[2] which is caused by trying to delete a route pointing to a nexthop id without specifying nhid but matching on an interface. That is, a route is found but we hit a warning while matching it. The warning is from fib_info_nh() in include/net/nexthop.h because we run it on a fib_info with nexthop object. The call chain is: inet... • https://git.kernel.org/stable/c/4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49091 – drm/imx: Fix memory leak in imx_pd_connector_get_modes
https://notcve.org/view.php?id=CVE-2022-49091
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/imx: Fix memory leak in imx_pd_connector_get_modes Avoid leaking the display mode variable if of_get_drm_display_mode fails. Addresses-Coverity-ID: 1443943 ("Resource leak") • https://git.kernel.org/stable/c/76ecd9c9fb24b014a6f33fbb1287ede3be12158b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49090 – arch/arm64: Fix topology initialization for core scheduling
https://notcve.org/view.php?id=CVE-2022-49090
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on store_cpu_topology() to call update_siblings_masks() to transfer the toplogy to the various cpu masks. This needs to be done before the call to notify_cpu_starting() which tells the scheduler about each cpu found, otherwise the core scheduling data structures are setup in a way that does not match the actual topology. With smt_mask not setup correctly we bail ... • https://git.kernel.org/stable/c/9edeaea1bc452372718837ed2ba775811baf1ba1 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49089 – IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
https://notcve.org/view.php?id=CVE-2022-49089
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition The documentation of the function rvt_error_qp says both r_lock and s_lock need to be held when calling that function. It also asserts using lockdep that both of those locks are held. However, the commit I referenced in Fixes accidentally makes the call to rvt_error_qp in rvt_ruc_loopback no longer covered by r_lock. This results in the lockdep assertion failing and als... • https://git.kernel.org/stable/c/d757c60eca9b22f4d108929a24401e0fdecda0b1 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49088 – dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
https://notcve.org/view.php?id=CVE-2022-49088
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe This node pointer is returned by of_find_compatible_node() with refcount incremented. Calling of_node_put() to aovid the refcount leak. • https://git.kernel.org/stable/c/d346c9e86d8685d7cdceddf5b2e9c4376334620c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49087 – rxrpc: fix a race in rxrpc_exit_net()
https://notcve.org/view.php?id=CVE-2022-49087
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix a race in rxrpc_exit_net() Current code can lead to the following race: CPU0 CPU1 rxrpc_exit_net() rxrpc_peer_keepalive_worker() if (rxnet->live) rxnet->live = false; del_timer_sync(&rxnet->peer_keepalive_timer); timer_reduce(&rxnet->peer_keepalive_timer, jiffies + delay); cancel_work_sync(&rxnet->peer_keepalive_work); rxrpc_exit_net() exits while peer_keepalive_timer is still armed, leading to use-after-free. syzbot report was: ... • https://git.kernel.org/stable/c/ace45bec6d77bc061c3c3d8ad99e298ea9800c2b •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49086 – net: openvswitch: fix leak of nested actions
https://notcve.org/view.php?id=CVE-2022-49086
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate memory and store pointers in the internal copy of the actions. So this memory has to be freed while destroying the actions. Currently there are only two such actions: ct() and set(). However, there are many actions that can hold nested lists of actions and ovs_nla_free_flow_actions() just jumps over them leaking the ... • https://git.kernel.org/stable/c/34ae932a40369be6bd6ea97d66b6686361b4370d •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49085 – drbd: Fix five use after free bugs in get_initial_state
https://notcve.org/view.php?id=CVE-2022-49085
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in get_initial_state In get_initial_state, it calls notify_initial_state_done(skb,..) if cb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(), the skb will be freed by nlmsg_free(skb). Then get_initial_state will goto out and the freed skb will be used by return value skb->len, which is a uaf bug. What's worse, the same problem goes even further: skb can also be freed in the notify_*_stat... • https://git.kernel.org/stable/c/a29728463b254ce81ecefdf20c1a02e01d9361da •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49084 – qede: confirm skb is allocated before using
https://notcve.org/view.php?id=CVE-2022-49084
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: qede: confirm skb is allocated before using qede_build_skb() assumes build_skb() always works and goes straight to skb_reserve(). However, build_skb() can fail under memory pressure. This results in a kernel panic because the skb to reserve is NULL. Add a check in case build_skb() failed to allocate and return NULL. The NULL return is handled correctly in callers to qede_build_skb(). • https://git.kernel.org/stable/c/8a8633978b842c88fbcfe00d4e5dde96048f630e •