CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49063 – ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
https://notcve.org/view.php?id=CVE-2022-49063
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: arfs: fix use-after-free when freeing @rx_cpu_rmap The CI testing bots triggered the following splat: [ 718.203054] BUG: KASAN: use-after-free in free_irq_cpu_rmap+0x53/0x80 [ 718.206349] Read of size 4 at addr ffff8881bd127e00 by task sh/20834 [ 718.212852] CPU: 28 PID: 20834 Comm: sh Kdump: loaded Tainted: G S W IOE 5.17.0-rc8_nextqueue-devqueue-02643-g23f3121aca93 #1 [ 718.219695] Hardware name: Intel Corporation S2600WFT/S2600WFT, ... • https://git.kernel.org/stable/c/28bf26724fdb0e02267d19e280d6717ee810a10d •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49062 – cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr
https://notcve.org/view.php?id=CVE-2022-49062
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr Use the actual length of volume coherency data when setting the xattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in cachefiles_set_volume_xattr+0xa0/0x350 [cachefiles] Write of size 4 at addr ffff888101e02af4 by task kworker/6:0/1347 CPU: 6 PID: 1347 Comm: kworker/6:0 Kdump: loaded Not tainted 5.18.0-rc1-nfs-fscache-netfs+ #13 Hardware name: QEM... • https://git.kernel.org/stable/c/413a4a6b0b5553f2423d210f65e98c211b99c3f8 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49061 – net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
https://notcve.org/view.php?id=CVE-2022-49061
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link When using a fixed-link, the altr_tse_pcs driver crashes due to null-pointer dereference as no phy_device is provided to tse_pcs_fix_mac_speed function. Fix this by adding a check for phy_dev before calling the tse_pcs_fix_mac_speed() function. Also clean up the tse_pcs_fix_mac_speed function a bit. There is no need to check for splitter_base and sgmii_adapter_base bec... • https://git.kernel.org/stable/c/fb3bbdb859891e6bc27fd1afb3a07319f82c2ee4 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49060 – net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
https://notcve.org/view.php?id=CVE-2022-49060
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() dev_name() was called with dev.parent as argument but without to NULL-check it before. Solve this by checking the pointer before the call to dev_name(). • https://git.kernel.org/stable/c/af5f60c7e3d593c2fa31b9a62c16eae75f074de3 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49059 – nfc: nci: add flush_workqueue to prevent uaf
https://notcve.org/view.php?id=CVE-2022-49059
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flush_workqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism (timer and workqueue). The race can be demonstrated below: Thread-1 Thread-2 | nci_dev_up() | nci_open_device() | __nci_request(nci_reset_req) | nci_send_cmd | queue_work(cmd_work) nci_unregister_device() | nci_close_device()... • https://git.kernel.org/stable/c/6a2968aaf50c7a22fced77a5e24aa636281efca8 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49058 – cifs: potential buffer overflow in handling symlinks
https://notcve.org/view.php?id=CVE-2022-49058
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'link_len' as untrusted since it comes from sscanf(). Add a check to ensure that 'link_len' is not larger than the size of the 'link_str' buffer. • https://git.kernel.org/stable/c/c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49057 – block: null_blk: end timed out poll request
https://notcve.org/view.php?id=CVE-2022-49057
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: null_blk: end timed out poll request When poll request is timed out, it is removed from the poll list, but not completed, so the request is leaked, and never get chance to complete. Fix the issue by ending it in timeout handler. • https://git.kernel.org/stable/c/0a593fbbc245a85940ed34caa3aa1e4cb060c54b •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49056 – io_uring: abort file assignment prior to assigning creds
https://notcve.org/view.php?id=CVE-2022-49056
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring: abort file assignment prior to assigning creds We need to either restore creds properly if we fail on the file assignment, or just do the file assignment first instead. Let's do the latter as it's simpler, should make no difference here for file assignment. • https://git.kernel.org/stable/c/2c443b22756cf75dc594d4d32bf64505bf4ce84b •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49055 – drm/amdkfd: Check for potential null return of kmalloc_array()
https://notcve.org/view.php?id=CVE-2022-49055
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmalloc_array() As the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference. Therefore, it is better to check the return value of kmalloc_array() to avoid this confusion. • https://git.kernel.org/stable/c/32cf90a521dcc0f136db7ee5ba32bfe5f79e460e •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49054 – Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests
https://notcve.org/view.php?id=CVE-2022-49054
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests hv_panic_page might contain guest-sensitive information, do not dump it over to Hyper-V by default in isolated guests. While at it, update some comments in hyperv_{panic,die}_event(). • https://git.kernel.org/stable/c/1b576e81d31b56b248316b8ff816b1cc5c4407c7 •