CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49829 – drm/scheduler: fix fence ref counting
https://notcve.org/view.php?id=CVE-2022-49829
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: fix fence ref counting We leaked dependency fences when processes were beeing killed. Additional to that grab a reference to the last scheduled fence. • https://git.kernel.org/stable/c/e5f4b38362df93594cb426b04979d8834122f159 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49828 – hugetlbfs: don't delete error page from pagecache
https://notcve.org/view.php?id=CVE-2022-49828
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: don't delete error page from pagecache This change is very similar to the change that was made for shmem [1], and it solves the same problem but for HugeTLBFS instead. Currently, when poison is found in a HugeTLB page, the page is removed from the page cache. That means that attempting to map or read that hugepage in the future will result in a new hugepage being allocated instead of notifying the user that the page was poisoned.... • https://git.kernel.org/stable/c/30571f28bb35c826219971c63bcf60d2517112ed •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49821 – mISDN: fix possible memory leak in mISDN_dsp_element_register()
https://notcve.org/view.php?id=CVE-2022-49821
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_device() to give up the reference, so that the name can be freed in kobject_cleanup() when the refcount is 0. The 'entry' is going to be freed in mISDN_dsp_dev_release(), so the kfree() is removed. list_del() is called in mISDN_dsp_dev_r... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49773 – drm/amd/display: Fix optc2_configure warning on dcn314
https://notcve.org/view.php?id=CVE-2022-49773
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix optc2_configure warning on dcn314 [Why] dcn314 uses optc2_configure_crc() that wraps optc1_configure_crc() + set additional registers not applicable to dcn314. It's not critical but when used leads to warning like: WARNING: drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.c Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49772 – ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
https://notcve.org/view.php?id=CVE-2022-49772
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() snd_usbmidi_output_open() has a check of the NULL port with snd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened, but in reality, the NULL port may be seen when the device gives an invalid endpoint setup at the descriptor, hence the driver skips the allocation. That is, the check itself is valid and snd_BUG_ON() should be dropped from there. Otherwise it's conf... • https://git.kernel.org/stable/c/872c9314769e89d8bda74ff3ac584756a45ee752 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49771 – dm ioctl: fix misbehavior if list_versions races with module loading
https://notcve.org/view.php?id=CVE-2022-49771
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if list_versions races with module loading __list_versions will first estimate the required space using the "dm_target_iterate(list_version_get_needed, &needed)" call and then will fill the space using the "dm_target_iterate(list_version_get_info, &iter_info)" call. Each of these calls locks the targets using the "down_read(&_lock)" and "up_read(&_lock)" calls, however between the first and second "dm_target_iterat... • https://git.kernel.org/stable/c/0c8d4112df329bf3dfbf27693f918c3b08676538 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49770 – ceph: avoid putting the realm twice when decoding snaps fails
https://notcve.org/view.php?id=CVE-2022-49770
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'first_realm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random use-after-free, BUG_ON, etc issues. In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving th... • https://git.kernel.org/stable/c/274e4c79a3a2a24fba7cfe0e41113f1138785c37 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49769 – gfs2: Check sb_bsize_shift after reading superblock
https://notcve.org/view.php?id=CVE-2022-49769
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sb_bsize_shift after reading superblock Fuzzers like to scribble over sb_bsize_shift but in reality it's very unlikely that this field would be corrupted on its own. Nevertheless it should be checked to avoid the possibility of messy mount errors due to bad calculations. It's always a fixed value based on the block size so we can just check that it's the expected value. Tested with: mkfs.gfs2 -O -p lock_nolock /dev/vdb for i in ... • https://git.kernel.org/stable/c/d6b1e8ea6f3418c3b461ad5a35cdc93c996b2c87 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49768 – 9p: trans_fd/p9_conn_cancel: drop client lock earlier
https://notcve.org/view.php?id=CVE-2022-49768
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p: trans_fd/p9_conn_cancel: drop client lock earlier syzbot reported a double-lock here and we no longer need this lock after requests have been moved off to local list: just drop the lock earlier. In the Linux kernel, the following vulnerability has been resolved: 9p: trans_fd/p9_conn_cancel: drop client lock earlier syzbot reported a double-lock here and we no longer need this lock after requests have been moved off to local list: just d... • https://git.kernel.org/stable/c/82825dbf393f7c7979d462f9609a15bde8092b3f •
CVSS: 2.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49767 – 9p/trans_fd: always use O_NONBLOCK read/write
https://notcve.org/view.php?id=CVE-2022-49767
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p/trans_fd: always use O_NONBLOCK read/write syzbot is reporting hung task at p9_fd_close() [1], for p9_mux_poll_stop() from p9_conn_destroy() from p9_fd_close() is failing to interrupt already started kernel_read() from p9_fd_read() from p9_read_work() and/or kernel_write() from p9_fd_write() from p9_write_work() requests. Since p9_socket_open() sets O_NONBLOCK flag, p9_mux_poll_stop() does not need to interrupt kernel_read()/kernel_write... • https://git.kernel.org/stable/c/0b5e6bd72b8171364616841603a70e4ba9837063 •