CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49597 – tcp: Fix data-races around sysctl_tcp_base_mss.
https://notcve.org/view.php?id=CVE-2022-49597
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_base_mss. While reading sysctl_tcp_base_mss, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_base_mss. While reading sysctl_tcp_base_mss, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. • https://git.kernel.org/stable/c/5d424d5a674f782d0659a3b66d951f412901faee • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49575 – tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
https://notcve.org/view.php?id=CVE-2022-49575
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. While reading sysctl_tcp_thin_linear_timeouts, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. While reading sysctl_tcp_thin_linear_timeouts, it can be changed concurrently. • https://git.kernel.org/stable/c/36e31b0af58728071e8023cf8e20c5166b700717 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49573 – tcp: Fix a data-race around sysctl_tcp_early_retrans.
https://notcve.org/view.php?id=CVE-2022-49573
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_early_retrans. While reading sysctl_tcp_early_retrans, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_early_retrans. While reading sysctl_tcp_early_retrans, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. • https://git.kernel.org/stable/c/eed530b6c67624db3f2cf477bac7c4d005d8f7ba • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49572 – tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
https://notcve.org/view.php?id=CVE-2022-49572
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. While reading sysctl_tcp_slow_start_after_idle, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. While reading sysctl_tcp_slow_start_after_idle, it can be changed concurrently. • https://git.kernel.org/stable/c/35089bb203f44e33b6bbb6c4de0b0708f9a48921 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49545 – ALSA: usb-audio: Cancel pending work at closing a MIDI substream
https://notcve.org/view.php?id=CVE-2022-49545
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For fixing the race, make sure to cancel the pending work at closing. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB M... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49544 – ipw2x00: Fix potential NULL dereference in libipw_xmit()
https://notcve.org/view.php?id=CVE-2022-49544
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The fo... • https://git.kernel.org/stable/c/f1bf6638af9e9bbbb6fb0b769054fb7db1ae652f • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49534 – scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
https://notcve.org/view.php?id=CVE-2022-49534
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s login_mbox). Check if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(), and then free it back to phba->mbox_mem_pool along with mbox->ctx_buf for service parameters. For lpfc_els_rsp_reject() failure, free both the ctx_... • https://git.kernel.org/stable/c/858c9f6c19c6f9bf86cbbc64ce0d17c61d6131b8 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49531 – loop: implement ->free_disk
https://notcve.org/view.php?id=CVE-2022-49531
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: implement ->free_disk Ensure that the lo_device which is stored in the gendisk private data is valid until the gendisk is freed. Currently the loop driver uses a lot of effort to make sure a device is not freed when it is still in use, but to to fix a potential deadlock this will be relaxed a bit soon. In the Linux kernel, the following vulnerability has been resolved: loop: implement ->free_disk Ensure that the lo_device which is sto... • https://git.kernel.org/stable/c/73285082745045bcd64333c1fbaa88f8490f2626 • CWE-667: Improper Locking •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49526 – md/bitmap: don't set sb values if can't pass sanity check
https://notcve.org/view.php?id=CVE-2022-49526
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: md/bitmap: don't set sb values if can't pass sanity check If bitmap area contains invalid data, kernel will crash then mdadm triggers "Segmentation fault". This is cluster-md speical bug. In non-clustered env, mdadm will handle broken metadata case. In clustered array, only kernel space handles bitmap slot info. But even this bug only happened in clustered env, current sanity check is wrong, the code should be changed. How to trigger: (faul... • https://git.kernel.org/stable/c/ef99bf480de9bde9d3b2afdf05324670fab4e571 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49525 – media: cx25821: Fix the warning when removing the module
https://notcve.org/view.php?id=CVE-2022-49525
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix the warning when removing the module When removing the module, we will get the following warning: [ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least 'cx25821[1]' [ 14.747449] WARNING: CPU: 4 PID: 368 at fs/proc/generic.c:717 remove_proc_entry+0x389/0x3f0 [ 14.751611] RIP: 0010:remove_proc_entry+0x389/0x3f0 [ 14.759589] Call Trace: [ 14.759792]