CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2022-48991 – mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
https://notcve.org/view.php?id=CVE-2022-48991
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifiers to ensure that secondary MMUs (like KVM) don't keep accessing pages which aren't mapped anymore. In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifiers... • https://packetstorm.news/files/id/182462 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48990 – drm/amdgpu: fix use-after-free during gpu recovery
https://notcve.org/view.php?id=CVE-2022-48990
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free during gpu recovery [Why] [ 754.862560] refcount_t: underflow; use-after-free. [ 754.862898] Call Trace: [ 754.862903] <TASK> [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu] [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched] [How] The fw_fence may be not init, check whether dma_fence_init is performed before job free • https://git.kernel.org/stable/c/d2a89cd942edd50c1e652004fd64019be78b0a96 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48989 – fscache: Fix oops due to race with cookie_lru and use_cookie
https://notcve.org/view.php?id=CVE-2022-48989
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: fscache: Fix oops due to race with cookie_lru and use_cookie If a cookie expires from the LRU and the LRU_DISCARD flag is set, but the state machine has not run yet, it's possible another thread can call fscache_use_cookie and begin to use it. ... Call Trace: netfs_rreq_write_to_cache_work+0x11c/0x320 [netfs] process_one_work+0x217/0x3e0 worker_thread+0x4a/0x3b0 kthread+0xd6/0x100 In the Linux kernel, the following vulnerabili... • https://git.kernel.org/stable/c/12bb21a29c19aae50cfad4e2bb5c943108f34a7d •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48988 – memcg: fix possible use-after-free in memcg_write_event_control()
https://notcve.org/view.php?id=CVE-2022-48988
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcg_write_event_control() memcg_write_event_control() accesses the dentry->d_name of the specified control fd to route the write call. ... In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcg_write_event_control() memcg_write_event_control() accesses the dentry->d_name of the specified control fd to route the write call. • https://git.kernel.org/stable/c/347c4a8747104a945ecced358944e42879176ca5 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48987 – media: v4l2-dv-timings.c: fix too strict blanking sanity checks
https://notcve.org/view.php?id=CVE-2022-48987
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2_bt_timings blanking fields in order to avoid integer overflows when userspace passes weird values. In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2_bt_timings blanking fields in order to avoid in... • https://git.kernel.org/stable/c/15ded23db134da975b49ea99770de0346c193b24 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48986 – mm/gup: fix gup_pud_range() for dax
https://notcve.org/view.php?id=CVE-2022-48986
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix gup_pud_range() for dax For dax pud, pud_huge() returns true on x86. ... __context_tracking_exit+0xe/0x70 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7fc97c11a7be < snip > ---[ end trace 48b2e0e67debcaeb ]--- RIP: 0010:internal_get_user_pages_fast+0x340/0x990 < snip > Kernel panic - not syncing: Fatal exception Kernel Offset: disabled In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/414fd080d125408cb15d04ff4907e1dd8145c8c7 •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48985 – net: mana: Fix race on per-CQ variable napi work_done
https://notcve.org/view.php?id=CVE-2022-48985
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi work_done After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq->work_done. In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi work_done After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be cleared, and another CPU c... • https://git.kernel.org/stable/c/e1b5683ff62e7b328317aec08869495992053e9d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48984 – can: slcan: fix freed work crash
https://notcve.org/view.php?id=CVE-2022-48984
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: can: slcan: fix freed work crash The LTP test pty03 is causing a crash in slcan: BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 348 Comm: kworker/0:3 Not tainted 6.0.8-1-default #1 openSUSE Tumbleweed 9d20364b934f5aab0a9bdf84e8f45cfdfae39dab Hardware name: QEMU Standard PC (i... • https://git.kernel.org/stable/c/cfcb4465e9923bb9ac168abcea84e880633f9cef •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48983 – io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()
https://notcve.org/view.php?id=CVE-2022-48983
21 Oct 2024 — [axboe: add code comment and also put an explanation in the commit msg] In the Linux kernel, the following vulnerability has been resolved: io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() Syzkaller reports a NULL deref bug as follows: BUG: KASAN: null-ptr-deref in io_tctx_exit_cb+0x53/0xd3 Read of size 4 at addr 0000000000000138 by task file1/1955 CPU: 1 PID: 1955 Comm: file1 Not tainted 6.1.0-rc7-00103-gef4d3ea40565 #75 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/... • https://git.kernel.org/stable/c/d56d938b4bef3e1421a42023cdcd6e13c1f50831 •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48982 – Bluetooth: Fix crash when replugging CSR fake controllers
https://notcve.org/view.php?id=CVE-2022-48982
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to be registered twice causing the following kernel panic: [ 71.986122] Call Trace: [ 71.986124]