Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0252
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | SUSE Manager Proxy 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | N/A | openSUSE Leap 15.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 11 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | N/A | SUSE Manager Server 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.4 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
},
{
"name": "CVE-2022-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1048"
},
{
"name": "CVE-2022-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0168"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-2977",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2977"
},
{
"name": "CVE-2022-3303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3303"
},
{
"name": "CVE-2023-28410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28410"
},
{
"name": "CVE-2024-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2201"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-42098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42098"
},
{
"name": "CVE-2024-42240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
},
{
"name": "CVE-2024-56658",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56658"
},
{
"name": "CVE-2021-47633",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47633"
},
{
"name": "CVE-2021-47644",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47644"
},
{
"name": "CVE-2022-49076",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49076"
},
{
"name": "CVE-2022-49089",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49089"
},
{
"name": "CVE-2022-49135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49135"
},
{
"name": "CVE-2022-49151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49151"
},
{
"name": "CVE-2022-49182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49182"
},
{
"name": "CVE-2022-49201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49201"
},
{
"name": "CVE-2022-49247",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49247"
},
{
"name": "CVE-2022-49490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49490"
},
{
"name": "CVE-2022-49626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49626"
},
{
"name": "CVE-2022-49661",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49661"
},
{
"name": "CVE-2021-4453",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4453"
},
{
"name": "CVE-2021-47631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47631"
},
{
"name": "CVE-2021-47632",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47632"
},
{
"name": "CVE-2021-47635",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47635"
},
{
"name": "CVE-2021-47636",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47636"
},
{
"name": "CVE-2021-47637",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47637"
},
{
"name": "CVE-2021-47638",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47638"
},
{
"name": "CVE-2021-47639",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47639"
},
{
"name": "CVE-2021-47641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47641"
},
{
"name": "CVE-2021-47642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47642"
},
{
"name": "CVE-2021-47643",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47643"
},
{
"name": "CVE-2021-47645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47645"
},
{
"name": "CVE-2021-47646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47646"
},
{
"name": "CVE-2021-47647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47647"
},
{
"name": "CVE-2021-47648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47648"
},
{
"name": "CVE-2021-47649",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47649"
},
{
"name": "CVE-2021-47650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47650"
},
{
"name": "CVE-2021-47651",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47651"
},
{
"name": "CVE-2021-47652",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47652"
},
{
"name": "CVE-2021-47653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47653"
},
{
"name": "CVE-2021-47654",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47654"
},
{
"name": "CVE-2021-47656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47656"
},
{
"name": "CVE-2021-47657",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47657"
},
{
"name": "CVE-2021-47659",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47659"
},
{
"name": "CVE-2022-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0995"
},
{
"name": "CVE-2022-49044",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49044"
},
{
"name": "CVE-2022-49050",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49050"
},
{
"name": "CVE-2022-49051",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49051"
},
{
"name": "CVE-2022-49054",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49054"
},
{
"name": "CVE-2022-49055",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49055"
},
{
"name": "CVE-2022-49058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49058"
},
{
"name": "CVE-2022-49059",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49059"
},
{
"name": "CVE-2022-49060",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49060"
},
{
"name": "CVE-2022-49061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49061"
},
{
"name": "CVE-2022-49063",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49063"
},
{
"name": "CVE-2022-49065",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49065"
},
{
"name": "CVE-2022-49066",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49066"
},
{
"name": "CVE-2022-49073",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49073"
},
{
"name": "CVE-2022-49074",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49074"
},
{
"name": "CVE-2022-49078",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49078"
},
{
"name": "CVE-2022-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49082"
},
{
"name": "CVE-2022-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49083"
},
{
"name": "CVE-2022-49084",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49084"
},
{
"name": "CVE-2022-49085",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49085"
},
{
"name": "CVE-2022-49086",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49086"
},
{
"name": "CVE-2022-49088",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49088"
},
{
"name": "CVE-2022-49090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49090"
},
{
"name": "CVE-2022-49091",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49091"
},
{
"name": "CVE-2022-49092",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49092"
},
{
"name": "CVE-2022-49093",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49093"
},
{
"name": "CVE-2022-49095",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49095"
},
{
"name": "CVE-2022-49096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49096"
},
{
"name": "CVE-2022-49097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49097"
},
{
"name": "CVE-2022-49098",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49098"
},
{
"name": "CVE-2022-49099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49099"
},
{
"name": "CVE-2022-49100",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49100"
},
{
"name": "CVE-2022-49102",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49102"
},
{
"name": "CVE-2022-49103",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49103"
},
{
"name": "CVE-2022-49104",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49104"
},
{
"name": "CVE-2022-49105",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49105"
},
{
"name": "CVE-2022-49106",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49106"
},
{
"name": "CVE-2022-49107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49107"
},
{
"name": "CVE-2022-49109",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49109"
},
{
"name": "CVE-2022-49111",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49111"
},
{
"name": "CVE-2022-49112",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49112"
},
{
"name": "CVE-2022-49113",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49113"
},
{
"name": "CVE-2022-49114",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49114"
},
{
"name": "CVE-2022-49115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49115"
},
{
"name": "CVE-2022-49116",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49116"
},
{
"name": "CVE-2022-49118",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49118"
},
{
"name": "CVE-2022-49119",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49119"
},
{
"name": "CVE-2022-49120",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49120"
},
{
"name": "CVE-2022-49121",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49121"
},
{
"name": "CVE-2022-49122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49122"
},
{
"name": "CVE-2022-49126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49126"
},
{
"name": "CVE-2022-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49128"
},
{
"name": "CVE-2022-49129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49129"
},
{
"name": "CVE-2022-49130",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49130"
},
{
"name": "CVE-2022-49131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49131"
},
{
"name": "CVE-2022-49132",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49132"
},
{
"name": "CVE-2022-49137",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49137"
},
{
"name": "CVE-2022-49145",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49145"
},
{
"name": "CVE-2022-49147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49147"
},
{
"name": "CVE-2022-49148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49148"
},
{
"name": "CVE-2022-49153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49153"
},
{
"name": "CVE-2022-49154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49154"
},
{
"name": "CVE-2022-49155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49155"
},
{
"name": "CVE-2022-49156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49156"
},
{
"name": "CVE-2022-49157",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49157"
},
{
"name": "CVE-2022-49158",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49158"
},
{
"name": "CVE-2022-49159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49159"
},
{
"name": "CVE-2022-49160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49160"
},
{
"name": "CVE-2022-49162",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49162"
},
{
"name": "CVE-2022-49163",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49163"
},
{
"name": "CVE-2022-49164",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49164"
},
{
"name": "CVE-2022-49165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49165"
},
{
"name": "CVE-2022-49174",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49174"
},
{
"name": "CVE-2022-49175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49175"
},
{
"name": "CVE-2022-49176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49176"
},
{
"name": "CVE-2022-49177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49177"
},
{
"name": "CVE-2022-49179",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49179"
},
{
"name": "CVE-2022-49180",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49180"
},
{
"name": "CVE-2022-49185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49185"
},
{
"name": "CVE-2022-49187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49187"
},
{
"name": "CVE-2022-49188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49188"
},
{
"name": "CVE-2022-49189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49189"
},
{
"name": "CVE-2022-49193",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49193"
},
{
"name": "CVE-2022-49194",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49194"
},
{
"name": "CVE-2022-49196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49196"
},
{
"name": "CVE-2022-49199",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49199"
},
{
"name": "CVE-2022-49200",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49200"
},
{
"name": "CVE-2022-49206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49206"
},
{
"name": "CVE-2022-49208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49208"
},
{
"name": "CVE-2022-49212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49212"
},
{
"name": "CVE-2022-49213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49213"
},
{
"name": "CVE-2022-49214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49214"
},
{
"name": "CVE-2022-49216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49216"
},
{
"name": "CVE-2022-49217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49217"
},
{
"name": "CVE-2022-49218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49218"
},
{
"name": "CVE-2022-49221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49221"
},
{
"name": "CVE-2022-49222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49222"
},
{
"name": "CVE-2022-49224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49224"
},
{
"name": "CVE-2022-49226",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49226"
},
{
"name": "CVE-2022-49227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49227"
},
{
"name": "CVE-2022-49232",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49232"
},
{
"name": "CVE-2022-49235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49235"
},
{
"name": "CVE-2022-49236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49236"
},
{
"name": "CVE-2022-49239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49239"
},
{
"name": "CVE-2022-49241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49241"
},
{
"name": "CVE-2022-49242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49242"
},
{
"name": "CVE-2022-49243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49243"
},
{
"name": "CVE-2022-49244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49244"
},
{
"name": "CVE-2022-49246",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49246"
},
{
"name": "CVE-2022-49248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49248"
},
{
"name": "CVE-2022-49249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49249"
},
{
"name": "CVE-2022-49250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49250"
},
{
"name": "CVE-2022-49251",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49251"
},
{
"name": "CVE-2022-49252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49252"
},
{
"name": "CVE-2022-49253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49253"
},
{
"name": "CVE-2022-49254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49254"
},
{
"name": "CVE-2022-49256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49256"
},
{
"name": "CVE-2022-49257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49257"
},
{
"name": "CVE-2022-49258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49258"
},
{
"name": "CVE-2022-49259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49259"
},
{
"name": "CVE-2022-49260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49260"
},
{
"name": "CVE-2022-49261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49261"
},
{
"name": "CVE-2022-49262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49262"
},
{
"name": "CVE-2022-49263",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49263"
},
{
"name": "CVE-2022-49264",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49264"
},
{
"name": "CVE-2022-49265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49265"
},
{
"name": "CVE-2022-49266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49266"
},
{
"name": "CVE-2022-49268",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49268"
},
{
"name": "CVE-2022-49269",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49269"
},
{
"name": "CVE-2022-49270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49270"
},
{
"name": "CVE-2022-49271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49271"
},
{
"name": "CVE-2022-49272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49272"
},
{
"name": "CVE-2022-49273",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49273"
},
{
"name": "CVE-2022-49274",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49274"
},
{
"name": "CVE-2022-49275",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49275"
},
{
"name": "CVE-2022-49276",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49276"
},
{
"name": "CVE-2022-49277",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49277"
},
{
"name": "CVE-2022-49278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49278"
},
{
"name": "CVE-2022-49279",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49279"
},
{
"name": "CVE-2022-49280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49280"
},
{
"name": "CVE-2022-49281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49281"
},
{
"name": "CVE-2022-49283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49283"
},
{
"name": "CVE-2022-49285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49285"
},
{
"name": "CVE-2022-49286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49286"
},
{
"name": "CVE-2022-49287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49287"
},
{
"name": "CVE-2022-49288",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49288"
},
{
"name": "CVE-2022-49290",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49290"
},
{
"name": "CVE-2022-49291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49291"
},
{
"name": "CVE-2022-49292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49292"
},
{
"name": "CVE-2022-49294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49294"
},
{
"name": "CVE-2022-49295",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49295"
},
{
"name": "CVE-2022-49297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49297"
},
{
"name": "CVE-2022-49298",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49298"
},
{
"name": "CVE-2022-49299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49299"
},
{
"name": "CVE-2022-49300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49300"
},
{
"name": "CVE-2022-49301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49301"
},
{
"name": "CVE-2022-49302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49302"
},
{
"name": "CVE-2022-49304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49304"
},
{
"name": "CVE-2022-49305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49305"
},
{
"name": "CVE-2022-49307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49307"
},
{
"name": "CVE-2022-49308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49308"
},
{
"name": "CVE-2022-49309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49309"
},
{
"name": "CVE-2022-49310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49310"
},
{
"name": "CVE-2022-49311",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49311"
},
{
"name": "CVE-2022-49312",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49312"
},
{
"name": "CVE-2022-49313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49313"
},
{
"name": "CVE-2022-49314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49314"
},
{
"name": "CVE-2022-49315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49315"
},
{
"name": "CVE-2022-49316",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49316"
},
{
"name": "CVE-2022-49319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49319"
},
{
"name": "CVE-2022-49320",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49320"
},
{
"name": "CVE-2022-49321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49321"
},
{
"name": "CVE-2022-49322",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49322"
},
{
"name": "CVE-2022-49323",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49323"
},
{
"name": "CVE-2022-49326",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49326"
},
{
"name": "CVE-2022-49327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49327"
},
{
"name": "CVE-2022-49328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49328"
},
{
"name": "CVE-2022-49331",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49331"
},
{
"name": "CVE-2022-49332",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49332"
},
{
"name": "CVE-2022-49335",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49335"
},
{
"name": "CVE-2022-49336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49336"
},
{
"name": "CVE-2022-49337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49337"
},
{
"name": "CVE-2022-49339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49339"
},
{
"name": "CVE-2022-49341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49341"
},
{
"name": "CVE-2022-49342",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49342"
},
{
"name": "CVE-2022-49343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49343"
},
{
"name": "CVE-2022-49345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49345"
},
{
"name": "CVE-2022-49346",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49346"
},
{
"name": "CVE-2022-49347",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49347"
},
{
"name": "CVE-2022-49348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49348"
},
{
"name": "CVE-2022-49349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49349"
},
{
"name": "CVE-2022-49350",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49350"
},
{
"name": "CVE-2022-49351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49351"
},
{
"name": "CVE-2022-49352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49352"
},
{
"name": "CVE-2022-49354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49354"
},
{
"name": "CVE-2022-49356",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49356"
},
{
"name": "CVE-2022-49357",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49357"
},
{
"name": "CVE-2022-49367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49367"
},
{
"name": "CVE-2022-49368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49368"
},
{
"name": "CVE-2022-49370",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49370"
},
{
"name": "CVE-2022-49371",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49371"
},
{
"name": "CVE-2022-49373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49373"
},
{
"name": "CVE-2022-49375",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49375"
},
{
"name": "CVE-2022-49376",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49376"
},
{
"name": "CVE-2022-49377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49377"
},
{
"name": "CVE-2022-49378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49378"
},
{
"name": "CVE-2022-49379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49379"
},
{
"name": "CVE-2022-49381",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49381"
},
{
"name": "CVE-2022-49382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49382"
},
{
"name": "CVE-2022-49384",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49384"
},
{
"name": "CVE-2022-49385",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49385"
},
{
"name": "CVE-2022-49386",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49386"
},
{
"name": "CVE-2022-49389",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49389"
},
{
"name": "CVE-2022-49392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49392"
},
{
"name": "CVE-2022-49394",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49394"
},
{
"name": "CVE-2022-49396",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49396"
},
{
"name": "CVE-2022-49397",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49397"
},
{
"name": "CVE-2022-49398",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49398"
},
{
"name": "CVE-2022-49399",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49399"
},
{
"name": "CVE-2022-49400",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49400"
},
{
"name": "CVE-2022-49402",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49402"
},
{
"name": "CVE-2022-49404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49404"
},
{
"name": "CVE-2022-49407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49407"
},
{
"name": "CVE-2022-49409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49409"
},
{
"name": "CVE-2022-49410",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49410"
},
{
"name": "CVE-2022-49411",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49411"
},
{
"name": "CVE-2022-49412",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49412"
},
{
"name": "CVE-2022-49413",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49413"
},
{
"name": "CVE-2022-49414",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49414"
},
{
"name": "CVE-2022-49416",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49416"
},
{
"name": "CVE-2022-49418",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49418"
},
{
"name": "CVE-2022-49421",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49421"
},
{
"name": "CVE-2022-49422",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49422"
},
{
"name": "CVE-2022-49424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49424"
},
{
"name": "CVE-2022-49426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49426"
},
{
"name": "CVE-2022-49427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49427"
},
{
"name": "CVE-2022-49429",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49429"
},
{
"name": "CVE-2022-49430",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49430"
},
{
"name": "CVE-2022-49431",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49431"
},
{
"name": "CVE-2022-49432",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49432"
},
{
"name": "CVE-2022-49433",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49433"
},
{
"name": "CVE-2022-49434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49434"
},
{
"name": "CVE-2022-49435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49435"
},
{
"name": "CVE-2022-49437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49437"
},
{
"name": "CVE-2022-49438",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49438"
},
{
"name": "CVE-2022-49440",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49440"
},
{
"name": "CVE-2022-49441",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49441"
},
{
"name": "CVE-2022-49442",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49442"
},
{
"name": "CVE-2022-49443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49443"
},
{
"name": "CVE-2022-49444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49444"
},
{
"name": "CVE-2022-49445",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49445"
},
{
"name": "CVE-2022-49447",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49447"
},
{
"name": "CVE-2022-49448",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49448"
},
{
"name": "CVE-2022-49449",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49449"
},
{
"name": "CVE-2022-49451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49451"
},
{
"name": "CVE-2022-49453",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49453"
},
{
"name": "CVE-2022-49455",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49455"
},
{
"name": "CVE-2022-49459",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49459"
},
{
"name": "CVE-2022-49460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49460"
},
{
"name": "CVE-2022-49462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49462"
},
{
"name": "CVE-2022-49463",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49463"
},
{
"name": "CVE-2022-49466",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49466"
},
{
"name": "CVE-2022-49467",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49467"
},
{
"name": "CVE-2022-49468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49468"
},
{
"name": "CVE-2022-49472",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49472"
},
{
"name": "CVE-2022-49473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49473"
},
{
"name": "CVE-2022-49474",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49474"
},
{
"name": "CVE-2022-49475",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49475"
},
{
"name": "CVE-2022-49477",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49477"
},
{
"name": "CVE-2022-49478",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49478"
},
{
"name": "CVE-2022-49480",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49480"
},
{
"name": "CVE-2022-49481",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49481"
},
{
"name": "CVE-2022-49482",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49482"
},
{
"name": "CVE-2022-49486",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49486"
},
{
"name": "CVE-2022-49487",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49487"
},
{
"name": "CVE-2022-49488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49488"
},
{
"name": "CVE-2022-49489",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49489"
},
{
"name": "CVE-2022-49491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49491"
},
{
"name": "CVE-2022-49492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49492"
},
{
"name": "CVE-2022-49493",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49493"
},
{
"name": "CVE-2022-49494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49494"
},
{
"name": "CVE-2022-49495",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49495"
},
{
"name": "CVE-2022-49498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49498"
},
{
"name": "CVE-2022-49501",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49501"
},
{
"name": "CVE-2022-49502",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49502"
},
{
"name": "CVE-2022-49503",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49503"
},
{
"name": "CVE-2022-49504",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49504"
},
{
"name": "CVE-2022-49505",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49505"
},
{
"name": "CVE-2022-49506",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49506"
},
{
"name": "CVE-2022-49507",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49507"
},
{
"name": "CVE-2022-49508",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49508"
},
{
"name": "CVE-2022-49509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49509"
},
{
"name": "CVE-2022-49512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49512"
},
{
"name": "CVE-2022-49514",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49514"
},
{
"name": "CVE-2022-49515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49515"
},
{
"name": "CVE-2022-49517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49517"
},
{
"name": "CVE-2022-49519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49519"
},
{
"name": "CVE-2022-49520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49520"
},
{
"name": "CVE-2022-49521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49521"
},
{
"name": "CVE-2022-49522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49522"
},
{
"name": "CVE-2022-49523",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49523"
},
{
"name": "CVE-2022-49524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49524"
},
{
"name": "CVE-2022-49525",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49525"
},
{
"name": "CVE-2022-49526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49526"
},
{
"name": "CVE-2022-49527",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49527"
},
{
"name": "CVE-2022-49532",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49532"
},
{
"name": "CVE-2022-49534",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49534"
},
{
"name": "CVE-2022-49535",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49535"
},
{
"name": "CVE-2022-49536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49536"
},
{
"name": "CVE-2022-49537",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49537"
},
{
"name": "CVE-2022-49541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49541"
},
{
"name": "CVE-2022-49542",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49542"
},
{
"name": "CVE-2022-49544",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49544"
},
{
"name": "CVE-2022-49545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49545"
},
{
"name": "CVE-2022-49546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49546"
},
{
"name": "CVE-2022-49549",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49549"
},
{
"name": "CVE-2022-49551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49551"
},
{
"name": "CVE-2022-49555",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49555"
},
{
"name": "CVE-2022-49556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49556"
},
{
"name": "CVE-2022-49559",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49559"
},
{
"name": "CVE-2022-49562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49562"
},
{
"name": "CVE-2022-49563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49563"
},
{
"name": "CVE-2022-49564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49564"
},
{
"name": "CVE-2022-49566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49566"
},
{
"name": "CVE-2022-49568",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49568"
},
{
"name": "CVE-2022-49569",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49569"
},
{
"name": "CVE-2022-49570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49570"
},
{
"name": "CVE-2022-49579",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49579"
},
{
"name": "CVE-2022-49581",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49581"
},
{
"name": "CVE-2022-49583",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49583"
},
{
"name": "CVE-2022-49584",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49584"
},
{
"name": "CVE-2022-49591",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49591"
},
{
"name": "CVE-2022-49592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49592"
},
{
"name": "CVE-2022-49603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49603"
},
{
"name": "CVE-2022-49605",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49605"
},
{
"name": "CVE-2022-49606",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49606"
},
{
"name": "CVE-2022-49607",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49607"
},
{
"name": "CVE-2022-49609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49609"
},
{
"name": "CVE-2022-49610",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49610"
},
{
"name": "CVE-2022-49611",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49611"
},
{
"name": "CVE-2022-49613",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49613"
},
{
"name": "CVE-2022-49615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49615"
},
{
"name": "CVE-2022-49616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49616"
},
{
"name": "CVE-2022-49617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49617"
},
{
"name": "CVE-2022-49618",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49618"
},
{
"name": "CVE-2022-49621",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49621"
},
{
"name": "CVE-2022-49623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49623"
},
{
"name": "CVE-2022-49625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49625"
},
{
"name": "CVE-2022-49627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49627"
},
{
"name": "CVE-2022-49628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49628"
},
{
"name": "CVE-2022-49631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49631"
},
{
"name": "CVE-2022-49634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49634"
},
{
"name": "CVE-2022-49640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49640"
},
{
"name": "CVE-2022-49641",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49641"
},
{
"name": "CVE-2022-49642",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49642"
},
{
"name": "CVE-2022-49643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49643"
},
{
"name": "CVE-2022-49644",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49644"
},
{
"name": "CVE-2022-49645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49645"
},
{
"name": "CVE-2022-49646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49646"
},
{
"name": "CVE-2022-49647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49647"
},
{
"name": "CVE-2022-49648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49648"
},
{
"name": "CVE-2022-49649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49649"
},
{
"name": "CVE-2022-49652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49652"
},
{
"name": "CVE-2022-49653",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49653"
},
{
"name": "CVE-2022-49656",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49656"
},
{
"name": "CVE-2022-49657",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49657"
},
{
"name": "CVE-2022-49663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49663"
},
{
"name": "CVE-2022-49665",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49665"
},
{
"name": "CVE-2022-49667",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49667"
},
{
"name": "CVE-2022-49668",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49668"
},
{
"name": "CVE-2022-49670",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49670"
},
{
"name": "CVE-2022-49671",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49671"
},
{
"name": "CVE-2022-49672",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49672"
},
{
"name": "CVE-2022-49673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49673"
},
{
"name": "CVE-2022-49674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49674"
},
{
"name": "CVE-2022-49675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49675"
},
{
"name": "CVE-2022-49676",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49676"
},
{
"name": "CVE-2022-49677",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49677"
},
{
"name": "CVE-2022-49678",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49678"
},
{
"name": "CVE-2022-49679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49679"
},
{
"name": "CVE-2022-49680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49680"
},
{
"name": "CVE-2022-49683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49683"
},
{
"name": "CVE-2022-49685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49685"
},
{
"name": "CVE-2022-49687",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49687"
},
{
"name": "CVE-2022-49688",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49688"
},
{
"name": "CVE-2022-49693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49693"
},
{
"name": "CVE-2022-49695",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49695"
},
{
"name": "CVE-2022-49699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49699"
},
{
"name": "CVE-2022-49700",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49700"
},
{
"name": "CVE-2022-49701",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49701"
},
{
"name": "CVE-2022-49703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49703"
},
{
"name": "CVE-2022-49704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49704"
},
{
"name": "CVE-2022-49705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49705"
},
{
"name": "CVE-2022-49707",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49707"
},
{
"name": "CVE-2022-49708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49708"
},
{
"name": "CVE-2022-49710",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49710"
},
{
"name": "CVE-2022-49711",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49711"
},
{
"name": "CVE-2022-49712",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49712"
},
{
"name": "CVE-2022-49713",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49713"
},
{
"name": "CVE-2022-49714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49714"
},
{
"name": "CVE-2022-49715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49715"
},
{
"name": "CVE-2022-49716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49716"
},
{
"name": "CVE-2022-49719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49719"
},
{
"name": "CVE-2022-49720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49720"
},
{
"name": "CVE-2022-49721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49721"
},
{
"name": "CVE-2022-49722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49722"
},
{
"name": "CVE-2022-49723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49723"
},
{
"name": "CVE-2022-49724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49724"
},
{
"name": "CVE-2022-49725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49725"
},
{
"name": "CVE-2022-49726",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49726"
},
{
"name": "CVE-2022-49729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49729"
},
{
"name": "CVE-2022-49730",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49730"
},
{
"name": "CVE-2022-49731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49731"
},
{
"name": "CVE-2022-49733",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49733"
},
{
"name": "CVE-2024-57996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57996"
},
{
"name": "CVE-2024-58014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58014"
},
{
"name": "CVE-2025-21718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21718"
},
{
"name": "CVE-2025-21772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
},
{
"name": "CVE-2025-21780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
}
],
"initial_release_date": "2025-03-28T00:00:00",
"last_revision_date": "2025-03-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0252",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:1027-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251027-1"
},
{
"published_at": "2025-03-21",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:0983-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1"
}
]
}
CVE-2022-49477 (GCVE-0-2022-49477)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: samsung: Fix refcount leak in aries_audio_probe
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
If extcon_find_edev_by_node() fails, it doesn't call of_node_put()
Calling of_node_put() after extcon_find_edev_by_node() to fix this.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:32.696001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:45.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/samsung/aries_wm8994.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cacea459f95be22b3750f3b25b7a1c5897a68206",
"status": "affected",
"version": "7a3a7671fa6c7e90aff5f4242add2a40587b85ef",
"versionType": "git"
},
{
"lessThan": "85d899f396622d3034643bf89615a78f9be7c91a",
"status": "affected",
"version": "7a3a7671fa6c7e90aff5f4242add2a40587b85ef",
"versionType": "git"
},
{
"lessThan": "70130bde3457d28c02c76b6cacc5d40a72dd6e17",
"status": "affected",
"version": "7a3a7671fa6c7e90aff5f4242add2a40587b85ef",
"versionType": "git"
},
{
"lessThan": "46d1b310a2d571811c4e08041ce287babb60b86a",
"status": "affected",
"version": "7a3a7671fa6c7e90aff5f4242add2a40587b85ef",
"versionType": "git"
},
{
"lessThan": "bf4a9b2467b775717d0e9034ad916888e19713a3",
"status": "affected",
"version": "7a3a7671fa6c7e90aff5f4242add2a40587b85ef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/samsung/aries_wm8994.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: samsung: Fix refcount leak in aries_audio_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nIf extcon_find_edev_by_node() fails, it doesn\u0027t call of_node_put()\nCalling of_node_put() after extcon_find_edev_by_node() to fix this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:34.621Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cacea459f95be22b3750f3b25b7a1c5897a68206"
},
{
"url": "https://git.kernel.org/stable/c/85d899f396622d3034643bf89615a78f9be7c91a"
},
{
"url": "https://git.kernel.org/stable/c/70130bde3457d28c02c76b6cacc5d40a72dd6e17"
},
{
"url": "https://git.kernel.org/stable/c/46d1b310a2d571811c4e08041ce287babb60b86a"
},
{
"url": "https://git.kernel.org/stable/c/bf4a9b2467b775717d0e9034ad916888e19713a3"
}
],
"title": "ASoC: samsung: Fix refcount leak in aries_audio_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49477",
"datePublished": "2025-02-26T02:13:18.686Z",
"dateReserved": "2025-02-26T02:08:31.581Z",
"dateUpdated": "2025-10-01T19:46:45.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49482 (GCVE-0-2022-49482)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 08641c7c74dddfcd726512edfaa3b4cbe42e523e Version: 08641c7c74dddfcd726512edfaa3b4cbe42e523e Version: 08641c7c74dddfcd726512edfaa3b4cbe42e523e Version: 08641c7c74dddfcd726512edfaa3b4cbe42e523e Version: 08641c7c74dddfcd726512edfaa3b4cbe42e523e Version: 08641c7c74dddfcd726512edfaa3b4cbe42e523e Version: 08641c7c74dddfcd726512edfaa3b4cbe42e523e Version: 08641c7c74dddfcd726512edfaa3b4cbe42e523e Version: 08641c7c74dddfcd726512edfaa3b4cbe42e523e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:19.833223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:45.003Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/mxs/mxs-saif.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c933829cbf3338b684869e6c4c8931abf5d68fbd",
"status": "affected",
"version": "08641c7c74dddfcd726512edfaa3b4cbe42e523e",
"versionType": "git"
},
{
"lessThan": "d42601e93fce7802bb8d70dd59b60cfeefa20469",
"status": "affected",
"version": "08641c7c74dddfcd726512edfaa3b4cbe42e523e",
"versionType": "git"
},
{
"lessThan": "30d110ca703ce60162ec337aa564a3e4da30715f",
"status": "affected",
"version": "08641c7c74dddfcd726512edfaa3b4cbe42e523e",
"versionType": "git"
},
{
"lessThan": "18b907ff0ae4bf20120aae1538f7156b9d08e3a7",
"status": "affected",
"version": "08641c7c74dddfcd726512edfaa3b4cbe42e523e",
"versionType": "git"
},
{
"lessThan": "2a0da7641e1f17a744ac7b3f76471388c97b63dc",
"status": "affected",
"version": "08641c7c74dddfcd726512edfaa3b4cbe42e523e",
"versionType": "git"
},
{
"lessThan": "24491124406666bf0dcb9ee10c5575c6ce6a1730",
"status": "affected",
"version": "08641c7c74dddfcd726512edfaa3b4cbe42e523e",
"versionType": "git"
},
{
"lessThan": "4e2a1bcc51bdebed48176f6e88c150f175983f9c",
"status": "affected",
"version": "08641c7c74dddfcd726512edfaa3b4cbe42e523e",
"versionType": "git"
},
{
"lessThan": "d855505851ee8ba666eb204149b49f906130dc17",
"status": "affected",
"version": "08641c7c74dddfcd726512edfaa3b4cbe42e523e",
"versionType": "git"
},
{
"lessThan": "2be84f73785fa9ed6443e3c5b158730266f1c2ee",
"status": "affected",
"version": "08641c7c74dddfcd726512edfaa3b4cbe42e523e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/mxs/mxs-saif.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.5"
},
{
"lessThan": "3.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mxs-saif: Fix refcount leak in mxs_saif_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:45.771Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c933829cbf3338b684869e6c4c8931abf5d68fbd"
},
{
"url": "https://git.kernel.org/stable/c/d42601e93fce7802bb8d70dd59b60cfeefa20469"
},
{
"url": "https://git.kernel.org/stable/c/30d110ca703ce60162ec337aa564a3e4da30715f"
},
{
"url": "https://git.kernel.org/stable/c/18b907ff0ae4bf20120aae1538f7156b9d08e3a7"
},
{
"url": "https://git.kernel.org/stable/c/2a0da7641e1f17a744ac7b3f76471388c97b63dc"
},
{
"url": "https://git.kernel.org/stable/c/24491124406666bf0dcb9ee10c5575c6ce6a1730"
},
{
"url": "https://git.kernel.org/stable/c/4e2a1bcc51bdebed48176f6e88c150f175983f9c"
},
{
"url": "https://git.kernel.org/stable/c/d855505851ee8ba666eb204149b49f906130dc17"
},
{
"url": "https://git.kernel.org/stable/c/2be84f73785fa9ed6443e3c5b158730266f1c2ee"
}
],
"title": "ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49482",
"datePublished": "2025-02-26T02:13:22.005Z",
"dateReserved": "2025-02-26T02:08:31.582Z",
"dateUpdated": "2025-10-01T19:46:45.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49429 (GCVE-0-2022-49429)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hfi1: Prevent panic when SDMA is disabled
If the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to
hfi1_write_iter() will dereference a NULL pointer and panic. A typical
stack frame is:
sdma_select_user_engine [hfi1]
hfi1_user_sdma_process_request [hfi1]
hfi1_write_iter [hfi1]
do_iter_readv_writev
do_iter_write
vfs_writev
do_writev
do_syscall_64
The fix is to test for SDMA in hfi1_write_iter() and fail the I/O with
EINVAL.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/file_ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "33794e8e9bcb4affc0ebff9cdec85acc8b8a1762",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0e4dda8b3f4c07ee9ea670a10ea3171a5e63a86f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e60ad83f645ee6fadd5a8057ba267aeec54f08fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cc80d3c37cec9d6ddb140483647901bc7cc6c31d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "32e6aea33944f364d51cd263e4cd236393a188b6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "29952ab85d6c3fe0b7909d9a737f10c58bf6824d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "22e7e400fd1a890db2ea13686324aff50e972f4f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "629e052d0c98e46dde9f0824f0aa437f678d9b8f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/file_ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Prevent panic when SDMA is disabled\n\nIf the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to\nhfi1_write_iter() will dereference a NULL pointer and panic. A typical\nstack frame is:\n\n sdma_select_user_engine [hfi1]\n hfi1_user_sdma_process_request [hfi1]\n hfi1_write_iter [hfi1]\n do_iter_readv_writev\n do_iter_write\n vfs_writev\n do_writev\n do_syscall_64\n\nThe fix is to test for SDMA in hfi1_write_iter() and fail the I/O with\nEINVAL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:29.046Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/33794e8e9bcb4affc0ebff9cdec85acc8b8a1762"
},
{
"url": "https://git.kernel.org/stable/c/0e4dda8b3f4c07ee9ea670a10ea3171a5e63a86f"
},
{
"url": "https://git.kernel.org/stable/c/e60ad83f645ee6fadd5a8057ba267aeec54f08fe"
},
{
"url": "https://git.kernel.org/stable/c/cc80d3c37cec9d6ddb140483647901bc7cc6c31d"
},
{
"url": "https://git.kernel.org/stable/c/32e6aea33944f364d51cd263e4cd236393a188b6"
},
{
"url": "https://git.kernel.org/stable/c/29952ab85d6c3fe0b7909d9a737f10c58bf6824d"
},
{
"url": "https://git.kernel.org/stable/c/22e7e400fd1a890db2ea13686324aff50e972f4f"
},
{
"url": "https://git.kernel.org/stable/c/629e052d0c98e46dde9f0824f0aa437f678d9b8f"
}
],
"title": "RDMA/hfi1: Prevent panic when SDMA is disabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49429",
"datePublished": "2025-02-26T02:12:48.646Z",
"dateReserved": "2025-02-26T02:08:31.569Z",
"dateUpdated": "2025-05-04T08:37:29.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49092 (GCVE-0-2022-49092)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ipv4: fix route with nexthop object delete warning
FRR folks have hit a kernel warning[1] while deleting routes[2] which is
caused by trying to delete a route pointing to a nexthop id without
specifying nhid but matching on an interface. That is, a route is found
but we hit a warning while matching it. The warning is from
fib_info_nh() in include/net/nexthop.h because we run it on a fib_info
with nexthop object. The call chain is:
inet_rtm_delroute -> fib_table_delete -> fib_nh_match (called with a
nexthop fib_info and also with fc_oif set thus calling fib_info_nh on
the fib_info and triggering the warning). The fix is to not do any
matching in that branch if the fi has a nexthop object because those are
managed separately. I.e. we should match when deleting without nh spec and
should fail when deleting a nexthop route with old-style nh spec because
nexthop objects are managed separately, e.g.:
$ ip r show 1.2.3.4/32
1.2.3.4 nhid 12 via 192.168.11.2 dev dummy0
$ ip r del 1.2.3.4/32
$ ip r del 1.2.3.4/32 nhid 12
<both should work>
$ ip r del 1.2.3.4/32 dev dummy0
<should fail with ESRCH>
[1]
[ 523.462226] ------------[ cut here ]------------
[ 523.462230] WARNING: CPU: 14 PID: 22893 at include/net/nexthop.h:468 fib_nh_match+0x210/0x460
[ 523.462236] Modules linked in: dummy rpcsec_gss_krb5 xt_socket nf_socket_ipv4 nf_socket_ipv6 ip6table_raw iptable_raw bpf_preload xt_statistic ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs xt_mark nf_tables xt_nat veth nf_conntrack_netlink nfnetlink xt_addrtype br_netfilter overlay dm_crypt nfsv3 nfs fscache netfs vhost_net vhost vhost_iotlb tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack 8021q garp mrp ipt_REJECT nf_reject_ipv4 ip6table_mangle ip6table_nat iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bridge stp llc rfcomm snd_seq_dummy snd_hrtimer rpcrdma rdma_cm iw_cm ib_cm ib_core ip6table_filter xt_comment ip6_tables vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) qrtr bnep binfmt_misc xfs vfat fat squashfs loop nvidia_drm(POE) nvidia_modeset(POE) nvidia_uvm(POE) nvidia(POE) intel_rapl_msr intel_rapl_common snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi btusb btrtl iwlmvm uvcvideo btbcm snd_hda_intel edac_mce_amd
[ 523.462274] videobuf2_vmalloc videobuf2_memops btintel snd_intel_dspcfg videobuf2_v4l2 snd_intel_sdw_acpi bluetooth snd_usb_audio snd_hda_codec mac80211 snd_usbmidi_lib joydev snd_hda_core videobuf2_common kvm_amd snd_rawmidi snd_hwdep snd_seq videodev ccp snd_seq_device libarc4 ecdh_generic mc snd_pcm kvm iwlwifi snd_timer drm_kms_helper snd cfg80211 cec soundcore irqbypass rapl wmi_bmof i2c_piix4 rfkill k10temp pcspkr acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc drm zram ip_tables crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel nvme sp5100_tco r8169 nvme_core wmi ipmi_devintf ipmi_msghandler fuse
[ 523.462300] CPU: 14 PID: 22893 Comm: ip Tainted: P OE 5.16.18-200.fc35.x86_64 #1
[ 523.462302] Hardware name: Micro-Star International Co., Ltd. MS-7C37/MPG X570 GAMING EDGE WIFI (MS-7C37), BIOS 1.C0 10/29/2020
[ 523.462303] RIP: 0010:fib_nh_match+0x210/0x460
[ 523.462304] Code: 7c 24 20 48 8b b5 90 00 00 00 e8 bb ee f4 ff 48 8b 7c 24 20 41 89 c4 e8 ee eb f4 ff 45 85 e4 0f 85 2e fe ff ff e9 4c ff ff ff <0f> 0b e9 17 ff ff ff 3c 0a 0f 85 61 fe ff ff 48 8b b5 98 00 00 00
[ 523.462306] RSP: 0018:ffffaa53d4d87928 EFLAGS: 00010286
[ 523.462307] RAX: 0000000000000000 RBX: ffffaa53d4d87a90 RCX: ffffaa53d4d87bb0
[ 523.462308] RDX: ffff9e3d2ee6be80 RSI: ffffaa53d4d87a90 RDI: ffffffff920ed380
[ 523.462309] RBP: ffff9e3d2ee6be80 R08: 0000000000000064 R09: 0000000000000000
[ 523.462310] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000031
[ 523.462310] R13: 0000000000000020 R14: 0000000000000000 R15: ffff9e3d331054e0
[ 523.462311] FS: 00007f2455
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56 Version: 4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56 Version: 4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56 Version: 4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56 Version: 4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56 Version: 4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/fib_semantics.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f5064531c23ad646da7be8b938292b00a7e61438",
"status": "affected",
"version": "4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56",
"versionType": "git"
},
{
"lessThan": "63ea57478aaa3e06a597081a0f537318fc04e49f",
"status": "affected",
"version": "4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56",
"versionType": "git"
},
{
"lessThan": "907c97986d6fa77318d17659dd76c94b65dd27c5",
"status": "affected",
"version": "4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56",
"versionType": "git"
},
{
"lessThan": "dcd689f9e2640c992f94eae9955b106f71c6825d",
"status": "affected",
"version": "4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56",
"versionType": "git"
},
{
"lessThan": "f8db5743d09523c0bb35f16e13691e3b7eb5dba0",
"status": "affected",
"version": "4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56",
"versionType": "git"
},
{
"lessThan": "6bf92d70e690b7ff12b24f4bfff5e5434d019b82",
"status": "affected",
"version": "4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/fib_semantics.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix route with nexthop object delete warning\n\nFRR folks have hit a kernel warning[1] while deleting routes[2] which is\ncaused by trying to delete a route pointing to a nexthop id without\nspecifying nhid but matching on an interface. That is, a route is found\nbut we hit a warning while matching it. The warning is from\nfib_info_nh() in include/net/nexthop.h because we run it on a fib_info\nwith nexthop object. The call chain is:\n inet_rtm_delroute -\u003e fib_table_delete -\u003e fib_nh_match (called with a\nnexthop fib_info and also with fc_oif set thus calling fib_info_nh on\nthe fib_info and triggering the warning). The fix is to not do any\nmatching in that branch if the fi has a nexthop object because those are\nmanaged separately. I.e. we should match when deleting without nh spec and\nshould fail when deleting a nexthop route with old-style nh spec because\nnexthop objects are managed separately, e.g.:\n $ ip r show 1.2.3.4/32\n 1.2.3.4 nhid 12 via 192.168.11.2 dev dummy0\n\n $ ip r del 1.2.3.4/32\n $ ip r del 1.2.3.4/32 nhid 12\n \u003cboth should work\u003e\n\n $ ip r del 1.2.3.4/32 dev dummy0\n \u003cshould fail with ESRCH\u003e\n\n[1]\n [ 523.462226] ------------[ cut here ]------------\n [ 523.462230] WARNING: CPU: 14 PID: 22893 at include/net/nexthop.h:468 fib_nh_match+0x210/0x460\n [ 523.462236] Modules linked in: dummy rpcsec_gss_krb5 xt_socket nf_socket_ipv4 nf_socket_ipv6 ip6table_raw iptable_raw bpf_preload xt_statistic ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs xt_mark nf_tables xt_nat veth nf_conntrack_netlink nfnetlink xt_addrtype br_netfilter overlay dm_crypt nfsv3 nfs fscache netfs vhost_net vhost vhost_iotlb tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack 8021q garp mrp ipt_REJECT nf_reject_ipv4 ip6table_mangle ip6table_nat iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bridge stp llc rfcomm snd_seq_dummy snd_hrtimer rpcrdma rdma_cm iw_cm ib_cm ib_core ip6table_filter xt_comment ip6_tables vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) qrtr bnep binfmt_misc xfs vfat fat squashfs loop nvidia_drm(POE) nvidia_modeset(POE) nvidia_uvm(POE) nvidia(POE) intel_rapl_msr intel_rapl_common snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi btusb btrtl iwlmvm uvcvideo btbcm snd_hda_intel edac_mce_amd\n [ 523.462274] videobuf2_vmalloc videobuf2_memops btintel snd_intel_dspcfg videobuf2_v4l2 snd_intel_sdw_acpi bluetooth snd_usb_audio snd_hda_codec mac80211 snd_usbmidi_lib joydev snd_hda_core videobuf2_common kvm_amd snd_rawmidi snd_hwdep snd_seq videodev ccp snd_seq_device libarc4 ecdh_generic mc snd_pcm kvm iwlwifi snd_timer drm_kms_helper snd cfg80211 cec soundcore irqbypass rapl wmi_bmof i2c_piix4 rfkill k10temp pcspkr acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc drm zram ip_tables crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel nvme sp5100_tco r8169 nvme_core wmi ipmi_devintf ipmi_msghandler fuse\n [ 523.462300] CPU: 14 PID: 22893 Comm: ip Tainted: P OE 5.16.18-200.fc35.x86_64 #1\n [ 523.462302] Hardware name: Micro-Star International Co., Ltd. MS-7C37/MPG X570 GAMING EDGE WIFI (MS-7C37), BIOS 1.C0 10/29/2020\n [ 523.462303] RIP: 0010:fib_nh_match+0x210/0x460\n [ 523.462304] Code: 7c 24 20 48 8b b5 90 00 00 00 e8 bb ee f4 ff 48 8b 7c 24 20 41 89 c4 e8 ee eb f4 ff 45 85 e4 0f 85 2e fe ff ff e9 4c ff ff ff \u003c0f\u003e 0b e9 17 ff ff ff 3c 0a 0f 85 61 fe ff ff 48 8b b5 98 00 00 00\n [ 523.462306] RSP: 0018:ffffaa53d4d87928 EFLAGS: 00010286\n [ 523.462307] RAX: 0000000000000000 RBX: ffffaa53d4d87a90 RCX: ffffaa53d4d87bb0\n [ 523.462308] RDX: ffff9e3d2ee6be80 RSI: ffffaa53d4d87a90 RDI: ffffffff920ed380\n [ 523.462309] RBP: ffff9e3d2ee6be80 R08: 0000000000000064 R09: 0000000000000000\n [ 523.462310] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000031\n [ 523.462310] R13: 0000000000000020 R14: 0000000000000000 R15: ffff9e3d331054e0\n [ 523.462311] FS: 00007f2455\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:38.189Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f5064531c23ad646da7be8b938292b00a7e61438"
},
{
"url": "https://git.kernel.org/stable/c/63ea57478aaa3e06a597081a0f537318fc04e49f"
},
{
"url": "https://git.kernel.org/stable/c/907c97986d6fa77318d17659dd76c94b65dd27c5"
},
{
"url": "https://git.kernel.org/stable/c/dcd689f9e2640c992f94eae9955b106f71c6825d"
},
{
"url": "https://git.kernel.org/stable/c/f8db5743d09523c0bb35f16e13691e3b7eb5dba0"
},
{
"url": "https://git.kernel.org/stable/c/6bf92d70e690b7ff12b24f4bfff5e5434d019b82"
}
],
"title": "net: ipv4: fix route with nexthop object delete warning",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49092",
"datePublished": "2025-02-26T01:54:47.172Z",
"dateReserved": "2025-02-26T01:49:39.249Z",
"dateUpdated": "2025-05-04T08:29:38.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49322 (GCVE-0-2022-49322)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix sleeping function called from invalid context on RT kernel
When setting bootparams="trace_event=initcall:initcall_start tp_printk=1" in the
cmdline, the output_printk() was called, and the spin_lock_irqsave() was called in the
atomic and irq disable interrupt context suitation. On the PREEMPT_RT kernel,
these locks are replaced with sleepable rt-spinlock, so the stack calltrace will
be triggered.
Fix it by raw_spin_lock_irqsave when PREEMPT_RT and "trace_event=initcall:initcall_start
tp_printk=1" enabled.
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0
preempt_count: 2, expected: 0
RCU nest depth: 0, expected: 0
Preemption disabled at:
[<ffffffff8992303e>] try_to_wake_up+0x7e/0xba0
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.1-rt17+ #19 34c5812404187a875f32bee7977f7367f9679ea7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x60/0x8c
dump_stack+0x10/0x12
__might_resched.cold+0x11d/0x155
rt_spin_lock+0x40/0x70
trace_event_buffer_commit+0x2fa/0x4c0
? map_vsyscall+0x93/0x93
trace_event_raw_event_initcall_start+0xbe/0x110
? perf_trace_initcall_finish+0x210/0x210
? probe_sched_wakeup+0x34/0x40
? ttwu_do_wakeup+0xda/0x310
? trace_hardirqs_on+0x35/0x170
? map_vsyscall+0x93/0x93
do_one_initcall+0x217/0x3c0
? trace_event_raw_event_initcall_level+0x170/0x170
? push_cpu_stop+0x400/0x400
? cblist_init_generic+0x241/0x290
kernel_init_freeable+0x1ac/0x347
? _raw_spin_unlock_irq+0x65/0x80
? rest_init+0xf0/0xf0
kernel_init+0x1e/0x150
ret_from_fork+0x22/0x30
</TASK>
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:43:41.615652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:56.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "be1f323fb9d9b14a505ca22d742d321769454de1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "40f9fde06b25884baa0c4bd138b909a9b67218b4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "48c6ee7d6c614f09b2c8553a95eefef6ecf196e0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1788e6dbb61286215442b1af99e51405a6206762",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9b534640a2c6a8d88168febc82ec6d161184f2ec",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "43bfc4dccc416c964b53cbdc430e814f8b6f770b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9abf3db8bdb63ab545034148ef2118f4d088ca59",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "12025abdc8539ed9d5014e2d647a3fd1bd3de5cd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix sleeping function called from invalid context on RT kernel\n\nWhen setting bootparams=\"trace_event=initcall:initcall_start tp_printk=1\" in the\ncmdline, the output_printk() was called, and the spin_lock_irqsave() was called in the\natomic and irq disable interrupt context suitation. On the PREEMPT_RT kernel,\nthese locks are replaced with sleepable rt-spinlock, so the stack calltrace will\nbe triggered.\nFix it by raw_spin_lock_irqsave when PREEMPT_RT and \"trace_event=initcall:initcall_start\ntp_printk=1\" enabled.\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0\n preempt_count: 2, expected: 0\n RCU nest depth: 0, expected: 0\n Preemption disabled at:\n [\u003cffffffff8992303e\u003e] try_to_wake_up+0x7e/0xba0\n CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.1-rt17+ #19 34c5812404187a875f32bee7977f7367f9679ea7\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x60/0x8c\n dump_stack+0x10/0x12\n __might_resched.cold+0x11d/0x155\n rt_spin_lock+0x40/0x70\n trace_event_buffer_commit+0x2fa/0x4c0\n ? map_vsyscall+0x93/0x93\n trace_event_raw_event_initcall_start+0xbe/0x110\n ? perf_trace_initcall_finish+0x210/0x210\n ? probe_sched_wakeup+0x34/0x40\n ? ttwu_do_wakeup+0xda/0x310\n ? trace_hardirqs_on+0x35/0x170\n ? map_vsyscall+0x93/0x93\n do_one_initcall+0x217/0x3c0\n ? trace_event_raw_event_initcall_level+0x170/0x170\n ? push_cpu_stop+0x400/0x400\n ? cblist_init_generic+0x241/0x290\n kernel_init_freeable+0x1ac/0x347\n ? _raw_spin_unlock_irq+0x65/0x80\n ? rest_init+0xf0/0xf0\n kernel_init+0x1e/0x150\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:10.654Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/be1f323fb9d9b14a505ca22d742d321769454de1"
},
{
"url": "https://git.kernel.org/stable/c/40f9fde06b25884baa0c4bd138b909a9b67218b4"
},
{
"url": "https://git.kernel.org/stable/c/48c6ee7d6c614f09b2c8553a95eefef6ecf196e0"
},
{
"url": "https://git.kernel.org/stable/c/1788e6dbb61286215442b1af99e51405a6206762"
},
{
"url": "https://git.kernel.org/stable/c/9b534640a2c6a8d88168febc82ec6d161184f2ec"
},
{
"url": "https://git.kernel.org/stable/c/43bfc4dccc416c964b53cbdc430e814f8b6f770b"
},
{
"url": "https://git.kernel.org/stable/c/9abf3db8bdb63ab545034148ef2118f4d088ca59"
},
{
"url": "https://git.kernel.org/stable/c/12025abdc8539ed9d5014e2d647a3fd1bd3de5cd"
}
],
"title": "tracing: Fix sleeping function called from invalid context on RT kernel",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49322",
"datePublished": "2025-02-26T02:10:46.658Z",
"dateReserved": "2025-02-26T02:08:31.537Z",
"dateUpdated": "2025-10-01T19:46:56.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29900 (GCVE-0-2022-29900)
Vulnerability from cvelistv5
Published
2022-07-12 15:50
Modified
2024-11-20 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- NA
Summary
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | AMD Processors |
Version: Processor Some AMD Processors |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:09:18.710200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:13:31.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor Some AMD Processors"
}
]
}
],
"datePublic": "2022-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T08:06:53.374904",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-29900",
"datePublished": "2022-07-12T15:50:10.585306Z",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-11-20T16:13:31.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49297 (GCVE-0-2022-49297)
Vulnerability from cvelistv5
Published
2025-02-26 02:01
Modified
2025-10-29 10:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix io hung while disconnecting device
In our tests, "qemu-nbd" triggers a io hung:
INFO: task qemu-nbd:11445 blocked for more than 368 seconds.
Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca #884
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:qemu-nbd state:D stack: 0 pid:11445 ppid: 1 flags:0x00000000
Call Trace:
<TASK>
__schedule+0x480/0x1050
? _raw_spin_lock_irqsave+0x3e/0xb0
schedule+0x9c/0x1b0
blk_mq_freeze_queue_wait+0x9d/0xf0
? ipi_rseq+0x70/0x70
blk_mq_freeze_queue+0x2b/0x40
nbd_add_socket+0x6b/0x270 [nbd]
nbd_ioctl+0x383/0x510 [nbd]
blkdev_ioctl+0x18e/0x3e0
__x64_sys_ioctl+0xac/0x120
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fd8ff706577
RSP: 002b:00007fd8fcdfebf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 00007fd8ff706577
RDX: 000000000000000d RSI: 000000000000ab00 RDI: 000000000000000f
RBP: 000000000000000f R08: 000000000000fbe8 R09: 000055fe497c62b0
R10: 00000002aff20000 R11: 0000000000000246 R12: 000000000000006d
R13: 0000000000000000 R14: 00007ffe82dc5e70 R15: 00007fd8fcdff9c0
"qemu-ndb -d" will call ioctl 'NBD_DISCONNECT' first, however, following
message was found:
block nbd0: Send disconnect failed -32
Which indicate that something is wrong with the server. Then,
"qemu-nbd -d" will call ioctl 'NBD_CLEAR_SOCK', however ioctl can't clear
requests after commit 2516ab1543fd("nbd: only clear the queue on device
teardown"). And in the meantime, request can't complete through timeout
because nbd_xmit_timeout() will always return 'BLK_EH_RESET_TIMER', which
means such request will never be completed in this situation.
Now that the flag 'NBD_CMD_INFLIGHT' can make sure requests won't
complete multiple times, switch back to call nbd_clear_sock() in
nbd_clear_sock_ioctl(), so that inflight requests can be cleared.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2516ab1543fdd1f9d08385d73cae51f668a9f3dc Version: 2516ab1543fdd1f9d08385d73cae51f668a9f3dc Version: 2516ab1543fdd1f9d08385d73cae51f668a9f3dc Version: 2516ab1543fdd1f9d08385d73cae51f668a9f3dc Version: 2516ab1543fdd1f9d08385d73cae51f668a9f3dc Version: 2516ab1543fdd1f9d08385d73cae51f668a9f3dc Version: 2516ab1543fdd1f9d08385d73cae51f668a9f3dc Version: 2516ab1543fdd1f9d08385d73cae51f668a9f3dc |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "67e403136a0e1a55fef6a05f103a3979a39ad3fd",
"status": "affected",
"version": "2516ab1543fdd1f9d08385d73cae51f668a9f3dc",
"versionType": "git"
},
{
"lessThan": "62d227f67a8c25d5e16f40e5290607f9306d2188",
"status": "affected",
"version": "2516ab1543fdd1f9d08385d73cae51f668a9f3dc",
"versionType": "git"
},
{
"lessThan": "69893d6d7f5c10d8306c1b5fc64b71efc91aa6cd",
"status": "affected",
"version": "2516ab1543fdd1f9d08385d73cae51f668a9f3dc",
"versionType": "git"
},
{
"lessThan": "f72df77600a43e59b3189e53b47f8685739867d3",
"status": "affected",
"version": "2516ab1543fdd1f9d08385d73cae51f668a9f3dc",
"versionType": "git"
},
{
"lessThan": "c4ba982bd5084fa659ef518aaf159e4dab02ecda",
"status": "affected",
"version": "2516ab1543fdd1f9d08385d73cae51f668a9f3dc",
"versionType": "git"
},
{
"lessThan": "54b06dc2a206b4d67349bb56b92d4bd32700b7b1",
"status": "affected",
"version": "2516ab1543fdd1f9d08385d73cae51f668a9f3dc",
"versionType": "git"
},
{
"lessThan": "141318e62db87105b0103fccc59c9c5940da248d",
"status": "affected",
"version": "2516ab1543fdd1f9d08385d73cae51f668a9f3dc",
"versionType": "git"
},
{
"lessThan": "09dadb5985023e27d4740ebd17e6fea4640110e5",
"status": "affected",
"version": "2516ab1543fdd1f9d08385d73cae51f668a9f3dc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix io hung while disconnecting device\n\nIn our tests, \"qemu-nbd\" triggers a io hung:\n\nINFO: task qemu-nbd:11445 blocked for more than 368 seconds.\n Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca #884\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:qemu-nbd state:D stack: 0 pid:11445 ppid: 1 flags:0x00000000\nCall Trace:\n \u003cTASK\u003e\n __schedule+0x480/0x1050\n ? _raw_spin_lock_irqsave+0x3e/0xb0\n schedule+0x9c/0x1b0\n blk_mq_freeze_queue_wait+0x9d/0xf0\n ? ipi_rseq+0x70/0x70\n blk_mq_freeze_queue+0x2b/0x40\n nbd_add_socket+0x6b/0x270 [nbd]\n nbd_ioctl+0x383/0x510 [nbd]\n blkdev_ioctl+0x18e/0x3e0\n __x64_sys_ioctl+0xac/0x120\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fd8ff706577\nRSP: 002b:00007fd8fcdfebf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000000040000000 RCX: 00007fd8ff706577\nRDX: 000000000000000d RSI: 000000000000ab00 RDI: 000000000000000f\nRBP: 000000000000000f R08: 000000000000fbe8 R09: 000055fe497c62b0\nR10: 00000002aff20000 R11: 0000000000000246 R12: 000000000000006d\nR13: 0000000000000000 R14: 00007ffe82dc5e70 R15: 00007fd8fcdff9c0\n\n\"qemu-ndb -d\" will call ioctl \u0027NBD_DISCONNECT\u0027 first, however, following\nmessage was found:\n\nblock nbd0: Send disconnect failed -32\n\nWhich indicate that something is wrong with the server. Then,\n\"qemu-nbd -d\" will call ioctl \u0027NBD_CLEAR_SOCK\u0027, however ioctl can\u0027t clear\nrequests after commit 2516ab1543fd(\"nbd: only clear the queue on device\nteardown\"). And in the meantime, request can\u0027t complete through timeout\nbecause nbd_xmit_timeout() will always return \u0027BLK_EH_RESET_TIMER\u0027, which\nmeans such request will never be completed in this situation.\n\nNow that the flag \u0027NBD_CMD_INFLIGHT\u0027 can make sure requests won\u0027t\ncomplete multiple times, switch back to call nbd_clear_sock() in\nnbd_clear_sock_ioctl(), so that inflight requests can be cleared."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T10:50:00.620Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/67e403136a0e1a55fef6a05f103a3979a39ad3fd"
},
{
"url": "https://git.kernel.org/stable/c/62d227f67a8c25d5e16f40e5290607f9306d2188"
},
{
"url": "https://git.kernel.org/stable/c/69893d6d7f5c10d8306c1b5fc64b71efc91aa6cd"
},
{
"url": "https://git.kernel.org/stable/c/f72df77600a43e59b3189e53b47f8685739867d3"
},
{
"url": "https://git.kernel.org/stable/c/c4ba982bd5084fa659ef518aaf159e4dab02ecda"
},
{
"url": "https://git.kernel.org/stable/c/54b06dc2a206b4d67349bb56b92d4bd32700b7b1"
},
{
"url": "https://git.kernel.org/stable/c/141318e62db87105b0103fccc59c9c5940da248d"
},
{
"url": "https://git.kernel.org/stable/c/09dadb5985023e27d4740ebd17e6fea4640110e5"
}
],
"title": "nbd: fix io hung while disconnecting device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49297",
"datePublished": "2025-02-26T02:01:26.628Z",
"dateReserved": "2025-02-26T01:49:39.302Z",
"dateUpdated": "2025-10-29T10:50:00.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49563 (GCVE-0-2022-49563)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - add param check for RSA
Reject requests with a source buffer that is bigger than the size of the
key. This is to prevent a possible integer underflow that might happen
when copying the source scatterlist into a linear buffer.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:37:10.210375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:38.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/qat/qat_common/qat_asym_algs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4d6d2adce08788b7667a6e58002682ea1bbf6a79",
"status": "affected",
"version": "a990532023b903b10cf14736241cdd138e4bc92c",
"versionType": "git"
},
{
"lessThan": "f993321e50ba7a8ba4f5b19939e1772a921a1c42",
"status": "affected",
"version": "a990532023b903b10cf14736241cdd138e4bc92c",
"versionType": "git"
},
{
"lessThan": "9714061423b8b24b8afb31b8eb4df977c63f19c4",
"status": "affected",
"version": "a990532023b903b10cf14736241cdd138e4bc92c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/qat/qat_common/qat_asym_algs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - add param check for RSA\n\nReject requests with a source buffer that is bigger than the size of the\nkey. This is to prevent a possible integer underflow that might happen\nwhen copying the source scatterlist into a linear buffer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:44:08.766Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4d6d2adce08788b7667a6e58002682ea1bbf6a79"
},
{
"url": "https://git.kernel.org/stable/c/f993321e50ba7a8ba4f5b19939e1772a921a1c42"
},
{
"url": "https://git.kernel.org/stable/c/9714061423b8b24b8afb31b8eb4df977c63f19c4"
}
],
"title": "crypto: qat - add param check for RSA",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49563",
"datePublished": "2025-02-26T02:23:10.252Z",
"dateReserved": "2025-02-26T02:08:31.591Z",
"dateUpdated": "2025-10-01T19:46:38.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49055 (GCVE-0-2022-49055)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Check for potential null return of kmalloc_array()
As the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference.
Therefore, it is better to check the return value of kmalloc_array() to avoid this confusion.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f3a398183f7b9ef78f6b71ee9f7641e046403bcb Version: f3a398183f7b9ef78f6b71ee9f7641e046403bcb Version: f3a398183f7b9ef78f6b71ee9f7641e046403bcb Version: f3a398183f7b9ef78f6b71ee9f7641e046403bcb Version: f3a398183f7b9ef78f6b71ee9f7641e046403bcb Version: f3a398183f7b9ef78f6b71ee9f7641e046403bcb Version: f3a398183f7b9ef78f6b71ee9f7641e046403bcb Version: f3a398183f7b9ef78f6b71ee9f7641e046403bcb |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:06.598307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:06.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_events.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "32cf90a521dcc0f136db7ee5ba32bfe5f79e460e",
"status": "affected",
"version": "f3a398183f7b9ef78f6b71ee9f7641e046403bcb",
"versionType": "git"
},
{
"lessThan": "40bf32dbfef866c83a3e74800b81d79e52b6d20b",
"status": "affected",
"version": "f3a398183f7b9ef78f6b71ee9f7641e046403bcb",
"versionType": "git"
},
{
"lessThan": "94869bb0de69a812f70231b0eb480bb2f7ae73a6",
"status": "affected",
"version": "f3a398183f7b9ef78f6b71ee9f7641e046403bcb",
"versionType": "git"
},
{
"lessThan": "c7a268b33882d5feaafd29c1734456f41ba41396",
"status": "affected",
"version": "f3a398183f7b9ef78f6b71ee9f7641e046403bcb",
"versionType": "git"
},
{
"lessThan": "1d7a5aae884ca727d41c7ed15d4c82fdb67c040c",
"status": "affected",
"version": "f3a398183f7b9ef78f6b71ee9f7641e046403bcb",
"versionType": "git"
},
{
"lessThan": "f2658d5966bcee8c3eb487875f459756d4f7cdfc",
"status": "affected",
"version": "f3a398183f7b9ef78f6b71ee9f7641e046403bcb",
"versionType": "git"
},
{
"lessThan": "0a692c625e373fef692ffbc7fc41f8a025f01cb7",
"status": "affected",
"version": "f3a398183f7b9ef78f6b71ee9f7641e046403bcb",
"versionType": "git"
},
{
"lessThan": "ebbb7bb9e80305820dc2328a371c1b35679f2667",
"status": "affected",
"version": "f3a398183f7b9ef78f6b71ee9f7641e046403bcb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_events.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.239",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.239",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.190",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.112",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.35",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check for potential null return of kmalloc_array()\n\nAs the kmalloc_array() may return null, the \u0027event_waiters[i].wait\u0027 would lead to null-pointer dereference.\nTherefore, it is better to check the return value of kmalloc_array() to avoid this confusion."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:44:05.323Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/32cf90a521dcc0f136db7ee5ba32bfe5f79e460e"
},
{
"url": "https://git.kernel.org/stable/c/40bf32dbfef866c83a3e74800b81d79e52b6d20b"
},
{
"url": "https://git.kernel.org/stable/c/94869bb0de69a812f70231b0eb480bb2f7ae73a6"
},
{
"url": "https://git.kernel.org/stable/c/c7a268b33882d5feaafd29c1734456f41ba41396"
},
{
"url": "https://git.kernel.org/stable/c/1d7a5aae884ca727d41c7ed15d4c82fdb67c040c"
},
{
"url": "https://git.kernel.org/stable/c/f2658d5966bcee8c3eb487875f459756d4f7cdfc"
},
{
"url": "https://git.kernel.org/stable/c/0a692c625e373fef692ffbc7fc41f8a025f01cb7"
},
{
"url": "https://git.kernel.org/stable/c/ebbb7bb9e80305820dc2328a371c1b35679f2667"
}
],
"title": "drm/amdkfd: Check for potential null return of kmalloc_array()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49055",
"datePublished": "2025-02-26T01:54:27.771Z",
"dateReserved": "2025-02-26T01:49:39.243Z",
"dateUpdated": "2025-10-01T19:57:06.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49266 (GCVE-0-2022-49266)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-08-28 14:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: fix rq-qos breakage from skipping rq_qos_done_bio()
a647a524a467 ("block: don't call rq_qos_ops->done_bio if the bio isn't
tracked") made bio_endio() skip rq_qos_done_bio() if BIO_TRACKED is not set.
While this fixed a potential oops, it also broke blk-iocost by skipping the
done_bio callback for merged bios.
Before, whether a bio goes through rq_qos_throttle() or rq_qos_merge(),
rq_qos_done_bio() would be called on the bio on completion with BIO_TRACKED
distinguishing the former from the latter. rq_qos_done_bio() is not called
for bios which wenth through rq_qos_merge(). This royally confuses
blk-iocost as the merged bios never finish and are considered perpetually
in-flight.
One reliably reproducible failure mode is an intermediate cgroup geting
stuck active preventing its children from being activated due to the
leaf-only rule, leading to loss of control. The following is from
resctl-bench protection scenario which emulates isolating a web server like
workload from a memory bomb run on an iocost configuration which should
yield a reasonable level of protection.
# cat /sys/block/nvme2n1/device/model
Samsung SSD 970 PRO 512GB
# cat /sys/fs/cgroup/io.cost.model
259:0 ctrl=user model=linear rbps=834913556 rseqiops=93622 rrandiops=102913 wbps=618985353 wseqiops=72325 wrandiops=71025
# cat /sys/fs/cgroup/io.cost.qos
259:0 enable=1 ctrl=user rpct=95.00 rlat=18776 wpct=95.00 wlat=8897 min=60.00 max=100.00
# resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1
...
Memory Hog Summary
==================
IO Latency: R p50=242u:336u/2.5m p90=794u:1.4m/7.5m p99=2.7m:8.0m/62.5m max=8.0m:36.4m/350m
W p50=221u:323u/1.5m p90=709u:1.2m/5.5m p99=1.5m:2.5m/9.5m max=6.9m:35.9m/350m
Isolation and Request Latency Impact Distributions:
min p01 p05 p10 p25 p50 p75 p90 p95 p99 max mean stdev
isol% 15.90 15.90 15.90 40.05 57.24 59.07 60.01 74.63 74.63 90.35 90.35 58.12 15.82
lat-imp% 0 0 0 0 0 4.55 14.68 15.54 233.5 548.1 548.1 53.88 143.6
Result: isol=58.12:15.82% lat_imp=53.88%:143.6 work_csv=100.0% missing=3.96%
The isolation result of 58.12% is close to what this device would show
without any IO control.
Fix it by introducing a new flag BIO_QOS_MERGED to mark merged bios and
calling rq_qos_done_bio() on them too. For consistency and clarity, rename
BIO_TRACKED to BIO_QOS_THROTTLED. The flag checks are moved into
rq_qos_done_bio() so that it's next to the code paths that set the flags.
With the patch applied, the above same benchmark shows:
# resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1
...
Memory Hog Summary
==================
IO Latency: R p50=123u:84.4u/985u p90=322u:256u/2.5m p99=1.6m:1.4m/9.5m max=11.1m:36.0m/350m
W p50=429u:274u/995u p90=1.7m:1.3m/4.5m p99=3.4m:2.7m/11.5m max=7.9m:5.9m/26.5m
Isolation and Request Latency Impact Distributions:
min p01 p05 p10 p25 p50 p75 p90 p95 p99 max mean stdev
isol% 84.91 84.91 89.51 90.73 92.31 94.49 96.36 98.04 98.71 100.0 100.0 94.42 2.81
lat-imp% 0 0 0 0 0 2.81 5.73 11.11 13.92 17.53 22.61 4.10 4.68
Result: isol=94.42:2.81% lat_imp=4.10%:4.68 work_csv=58.34% missing=0%
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a647a524a46736786c95cdb553a070322ca096e3 Version: a647a524a46736786c95cdb553a070322ca096e3 Version: a647a524a46736786c95cdb553a070322ca096e3 Version: a647a524a46736786c95cdb553a070322ca096e3 Version: db60edbfff332a6a5477c367af8125f034570989 Version: 004b8f8a691205a93d9e80d98b786b2b97424d6e |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/bio.c",
"block/blk-iolatency.c",
"block/blk-rq-qos.h",
"include/linux/blk_types.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "af9452dfdba4bf7359ef7645eee2d243a1df0649",
"status": "affected",
"version": "a647a524a46736786c95cdb553a070322ca096e3",
"versionType": "git"
},
{
"lessThan": "dbd20bb904ad5731aaca8d009367a930d6ada111",
"status": "affected",
"version": "a647a524a46736786c95cdb553a070322ca096e3",
"versionType": "git"
},
{
"lessThan": "09737db4c891eba25e6f6383a7c38afd4acc883f",
"status": "affected",
"version": "a647a524a46736786c95cdb553a070322ca096e3",
"versionType": "git"
},
{
"lessThan": "aa1b46dcdc7baaf5fec0be25782ef24b26aa209e",
"status": "affected",
"version": "a647a524a46736786c95cdb553a070322ca096e3",
"versionType": "git"
},
{
"status": "affected",
"version": "db60edbfff332a6a5477c367af8125f034570989",
"versionType": "git"
},
{
"status": "affected",
"version": "004b8f8a691205a93d9e80d98b786b2b97424d6e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/bio.c",
"block/blk-iolatency.c",
"block/blk-rq-qos.h",
"include/linux/blk_types.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix rq-qos breakage from skipping rq_qos_done_bio()\n\na647a524a467 (\"block: don\u0027t call rq_qos_ops-\u003edone_bio if the bio isn\u0027t\ntracked\") made bio_endio() skip rq_qos_done_bio() if BIO_TRACKED is not set.\nWhile this fixed a potential oops, it also broke blk-iocost by skipping the\ndone_bio callback for merged bios.\n\nBefore, whether a bio goes through rq_qos_throttle() or rq_qos_merge(),\nrq_qos_done_bio() would be called on the bio on completion with BIO_TRACKED\ndistinguishing the former from the latter. rq_qos_done_bio() is not called\nfor bios which wenth through rq_qos_merge(). This royally confuses\nblk-iocost as the merged bios never finish and are considered perpetually\nin-flight.\n\nOne reliably reproducible failure mode is an intermediate cgroup geting\nstuck active preventing its children from being activated due to the\nleaf-only rule, leading to loss of control. The following is from\nresctl-bench protection scenario which emulates isolating a web server like\nworkload from a memory bomb run on an iocost configuration which should\nyield a reasonable level of protection.\n\n # cat /sys/block/nvme2n1/device/model\n Samsung SSD 970 PRO 512GB\n # cat /sys/fs/cgroup/io.cost.model\n 259:0 ctrl=user model=linear rbps=834913556 rseqiops=93622 rrandiops=102913 wbps=618985353 wseqiops=72325 wrandiops=71025\n # cat /sys/fs/cgroup/io.cost.qos\n 259:0 enable=1 ctrl=user rpct=95.00 rlat=18776 wpct=95.00 wlat=8897 min=60.00 max=100.00\n # resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1\n ...\n Memory Hog Summary\n ==================\n\n IO Latency: R p50=242u:336u/2.5m p90=794u:1.4m/7.5m p99=2.7m:8.0m/62.5m max=8.0m:36.4m/350m\n W p50=221u:323u/1.5m p90=709u:1.2m/5.5m p99=1.5m:2.5m/9.5m max=6.9m:35.9m/350m\n\n Isolation and Request Latency Impact Distributions:\n\n min p01 p05 p10 p25 p50 p75 p90 p95 p99 max mean stdev\n isol% 15.90 15.90 15.90 40.05 57.24 59.07 60.01 74.63 74.63 90.35 90.35 58.12 15.82\n lat-imp% 0 0 0 0 0 4.55 14.68 15.54 233.5 548.1 548.1 53.88 143.6\n\n Result: isol=58.12:15.82% lat_imp=53.88%:143.6 work_csv=100.0% missing=3.96%\n\nThe isolation result of 58.12% is close to what this device would show\nwithout any IO control.\n\nFix it by introducing a new flag BIO_QOS_MERGED to mark merged bios and\ncalling rq_qos_done_bio() on them too. For consistency and clarity, rename\nBIO_TRACKED to BIO_QOS_THROTTLED. The flag checks are moved into\nrq_qos_done_bio() so that it\u0027s next to the code paths that set the flags.\n\nWith the patch applied, the above same benchmark shows:\n\n # resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1\n ...\n Memory Hog Summary\n ==================\n\n IO Latency: R p50=123u:84.4u/985u p90=322u:256u/2.5m p99=1.6m:1.4m/9.5m max=11.1m:36.0m/350m\n W p50=429u:274u/995u p90=1.7m:1.3m/4.5m p99=3.4m:2.7m/11.5m max=7.9m:5.9m/26.5m\n\n Isolation and Request Latency Impact Distributions:\n\n min p01 p05 p10 p25 p50 p75 p90 p95 p99 max mean stdev\n isol% 84.91 84.91 89.51 90.73 92.31 94.49 96.36 98.04 98.71 100.0 100.0 94.42 2.81\n lat-imp% 0 0 0 0 0 2.81 5.73 11.11 13.92 17.53 22.61 4.10 4.68\n\n Result: isol=94.42:2.81% lat_imp=4.10%:4.68 work_csv=58.34% missing=0%"
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:42:36.939Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/af9452dfdba4bf7359ef7645eee2d243a1df0649"
},
{
"url": "https://git.kernel.org/stable/c/dbd20bb904ad5731aaca8d009367a930d6ada111"
},
{
"url": "https://git.kernel.org/stable/c/09737db4c891eba25e6f6383a7c38afd4acc883f"
},
{
"url": "https://git.kernel.org/stable/c/aa1b46dcdc7baaf5fec0be25782ef24b26aa209e"
}
],
"title": "block: fix rq-qos breakage from skipping rq_qos_done_bio()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49266",
"datePublished": "2025-02-26T01:56:15.709Z",
"dateReserved": "2025-02-26T01:49:39.297Z",
"dateUpdated": "2025-08-28T14:42:36.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49145 (GCVE-0-2022-49145)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
If the NumEntries field in the _CPC return package is less than 2, do
not attempt to access the "Revision" element of that package, because
it may not be present then.
BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 337aadff8e4567e39669e07d9a88b789d78458b5 Version: 337aadff8e4567e39669e07d9a88b789d78458b5 Version: 337aadff8e4567e39669e07d9a88b789d78458b5 Version: 337aadff8e4567e39669e07d9a88b789d78458b5 Version: 337aadff8e4567e39669e07d9a88b789d78458b5 Version: 337aadff8e4567e39669e07d9a88b789d78458b5 Version: 337aadff8e4567e39669e07d9a88b789d78458b5 Version: 337aadff8e4567e39669e07d9a88b789d78458b5 Version: 337aadff8e4567e39669e07d9a88b789d78458b5 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/cppc_acpi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b3f15609ffa521de12244cd6af24002030dda3f5",
"status": "affected",
"version": "337aadff8e4567e39669e07d9a88b789d78458b5",
"versionType": "git"
},
{
"lessThan": "d208ea44e25b31db5a4d5e8c31df51787a3e9303",
"status": "affected",
"version": "337aadff8e4567e39669e07d9a88b789d78458b5",
"versionType": "git"
},
{
"lessThan": "28d5387c1994f5e1e0d41b30a1f3dd6e1f609252",
"status": "affected",
"version": "337aadff8e4567e39669e07d9a88b789d78458b5",
"versionType": "git"
},
{
"lessThan": "cb249f8c00f40dba83b7da8207ac14ca46e9ec9e",
"status": "affected",
"version": "337aadff8e4567e39669e07d9a88b789d78458b5",
"versionType": "git"
},
{
"lessThan": "e5b681822cac1f8093759b02e16c06b2c64b6788",
"status": "affected",
"version": "337aadff8e4567e39669e07d9a88b789d78458b5",
"versionType": "git"
},
{
"lessThan": "97b5593fd1b182b3fdb180b6bbe64ec09669988b",
"status": "affected",
"version": "337aadff8e4567e39669e07d9a88b789d78458b5",
"versionType": "git"
},
{
"lessThan": "b80b19b32a432c9eee1cd200ef7aaddf608f54d1",
"status": "affected",
"version": "337aadff8e4567e39669e07d9a88b789d78458b5",
"versionType": "git"
},
{
"lessThan": "d7339f2a3938fb56b5f28d53f5345900b5fa0e74",
"status": "affected",
"version": "337aadff8e4567e39669e07d9a88b789d78458b5",
"versionType": "git"
},
{
"lessThan": "40d8abf364bcab23bc715a9221a3c8623956257b",
"status": "affected",
"version": "337aadff8e4567e39669e07d9a88b789d78458b5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/acpi/cppc_acpi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Avoid out of bounds access when parsing _CPC data\n\nIf the NumEntries field in the _CPC return package is less than 2, do\nnot attempt to access the \"Revision\" element of that package, because\nit may not be present then.\n\nBugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:56.127Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b3f15609ffa521de12244cd6af24002030dda3f5"
},
{
"url": "https://git.kernel.org/stable/c/d208ea44e25b31db5a4d5e8c31df51787a3e9303"
},
{
"url": "https://git.kernel.org/stable/c/28d5387c1994f5e1e0d41b30a1f3dd6e1f609252"
},
{
"url": "https://git.kernel.org/stable/c/cb249f8c00f40dba83b7da8207ac14ca46e9ec9e"
},
{
"url": "https://git.kernel.org/stable/c/e5b681822cac1f8093759b02e16c06b2c64b6788"
},
{
"url": "https://git.kernel.org/stable/c/97b5593fd1b182b3fdb180b6bbe64ec09669988b"
},
{
"url": "https://git.kernel.org/stable/c/b80b19b32a432c9eee1cd200ef7aaddf608f54d1"
},
{
"url": "https://git.kernel.org/stable/c/d7339f2a3938fb56b5f28d53f5345900b5fa0e74"
},
{
"url": "https://git.kernel.org/stable/c/40d8abf364bcab23bc715a9221a3c8623956257b"
}
],
"title": "ACPI: CPPC: Avoid out of bounds access when parsing _CPC data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49145",
"datePublished": "2025-02-26T01:55:14.355Z",
"dateReserved": "2025-02-26T01:49:39.270Z",
"dateUpdated": "2025-05-04T08:30:56.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49316 (GCVE-0-2022-49316)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFSv4: Don't hold the layoutget locks across multiple RPC calls
When doing layoutget as part of the open() compound, we have to be
careful to release the layout locks before we can call any further RPC
calls, such as setattr(). The reason is that those calls could trigger
a recall, which could deadlock.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 56f487f8c8fc5d6e582b79a86fc132d050129e15 Version: 56f487f8c8fc5d6e582b79a86fc132d050129e15 Version: 56f487f8c8fc5d6e582b79a86fc132d050129e15 Version: 56f487f8c8fc5d6e582b79a86fc132d050129e15 Version: 56f487f8c8fc5d6e582b79a86fc132d050129e15 Version: 56f487f8c8fc5d6e582b79a86fc132d050129e15 Version: 56f487f8c8fc5d6e582b79a86fc132d050129e15 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:43:59.003502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:57.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/nfs4proc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010",
"status": "affected",
"version": "56f487f8c8fc5d6e582b79a86fc132d050129e15",
"versionType": "git"
},
{
"lessThan": "a2b3be930e79cc5d9d829f158e31172b2043f0cd",
"status": "affected",
"version": "56f487f8c8fc5d6e582b79a86fc132d050129e15",
"versionType": "git"
},
{
"lessThan": "0ee5b9644f06b4d3cdcd9544f43f63312e425a4c",
"status": "affected",
"version": "56f487f8c8fc5d6e582b79a86fc132d050129e15",
"versionType": "git"
},
{
"lessThan": "d4c2a041ed3ba114502d5ed6ace5b1a48d637a8e",
"status": "affected",
"version": "56f487f8c8fc5d6e582b79a86fc132d050129e15",
"versionType": "git"
},
{
"lessThan": "08d7a26d115cc7892668baa9750f64bd8baca29b",
"status": "affected",
"version": "56f487f8c8fc5d6e582b79a86fc132d050129e15",
"versionType": "git"
},
{
"lessThan": "ea759ae0a9ae5acee677d722129710ac89cc59c1",
"status": "affected",
"version": "56f487f8c8fc5d6e582b79a86fc132d050129e15",
"versionType": "git"
},
{
"lessThan": "6949493884fe88500de4af182588e071cf1544ee",
"status": "affected",
"version": "56f487f8c8fc5d6e582b79a86fc132d050129e15",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/nfs4proc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Don\u0027t hold the layoutget locks across multiple RPC calls\n\nWhen doing layoutget as part of the open() compound, we have to be\ncareful to release the layout locks before we can call any further RPC\ncalls, such as setattr(). The reason is that those calls could trigger\na recall, which could deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:56:17.116Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010"
},
{
"url": "https://git.kernel.org/stable/c/a2b3be930e79cc5d9d829f158e31172b2043f0cd"
},
{
"url": "https://git.kernel.org/stable/c/0ee5b9644f06b4d3cdcd9544f43f63312e425a4c"
},
{
"url": "https://git.kernel.org/stable/c/d4c2a041ed3ba114502d5ed6ace5b1a48d637a8e"
},
{
"url": "https://git.kernel.org/stable/c/08d7a26d115cc7892668baa9750f64bd8baca29b"
},
{
"url": "https://git.kernel.org/stable/c/ea759ae0a9ae5acee677d722129710ac89cc59c1"
},
{
"url": "https://git.kernel.org/stable/c/6949493884fe88500de4af182588e071cf1544ee"
}
],
"title": "NFSv4: Don\u0027t hold the layoutget locks across multiple RPC calls",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49316",
"datePublished": "2025-02-26T02:10:43.569Z",
"dateReserved": "2025-02-26T02:08:31.537Z",
"dateUpdated": "2025-10-01T19:46:57.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49719 (GCVE-0-2022-49719)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
of_find_matching_node_and_match() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 82b0a434b436f5da69ddd24bd6a6fa5dc4484310 Version: 82b0a434b436f5da69ddd24bd6a6fa5dc4484310 Version: 82b0a434b436f5da69ddd24bd6a6fa5dc4484310 Version: 82b0a434b436f5da69ddd24bd6a6fa5dc4484310 Version: 82b0a434b436f5da69ddd24bd6a6fa5dc4484310 Version: 82b0a434b436f5da69ddd24bd6a6fa5dc4484310 Version: 82b0a434b436f5da69ddd24bd6a6fa5dc4484310 Version: 82b0a434b436f5da69ddd24bd6a6fa5dc4484310 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:32:06.547256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:44.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-gic-realview.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "87da903ce632d5689bef66d56ee5dae700d82104",
"status": "affected",
"version": "82b0a434b436f5da69ddd24bd6a6fa5dc4484310",
"versionType": "git"
},
{
"lessThan": "486f68f85085d9b16ae097679b1486dcb1b6eb69",
"status": "affected",
"version": "82b0a434b436f5da69ddd24bd6a6fa5dc4484310",
"versionType": "git"
},
{
"lessThan": "b634af84bc1edece4e63317b0ad95618dd3a8693",
"status": "affected",
"version": "82b0a434b436f5da69ddd24bd6a6fa5dc4484310",
"versionType": "git"
},
{
"lessThan": "56526c3883fc7a1f5898b1d40a02c8b8685a5d92",
"status": "affected",
"version": "82b0a434b436f5da69ddd24bd6a6fa5dc4484310",
"versionType": "git"
},
{
"lessThan": "e52a58b79f11755ea7e877015c4a1704303fa55f",
"status": "affected",
"version": "82b0a434b436f5da69ddd24bd6a6fa5dc4484310",
"versionType": "git"
},
{
"lessThan": "5d38720661a4b9c87705c206a6081177ffb8ec1d",
"status": "affected",
"version": "82b0a434b436f5da69ddd24bd6a6fa5dc4484310",
"versionType": "git"
},
{
"lessThan": "16b603cb8d34c2d917983918db1f88c8b831baaa",
"status": "affected",
"version": "82b0a434b436f5da69ddd24bd6a6fa5dc4484310",
"versionType": "git"
},
{
"lessThan": "f4b98e314888cc51486421bcf6d52852452ea48b",
"status": "affected",
"version": "82b0a434b436f5da69ddd24bd6a6fa5dc4484310",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-gic-realview.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.320",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.285",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.249",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic/realview: Fix refcount leak in realview_gic_of_init\n\nof_find_matching_node_and_match() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:44:01.952Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/87da903ce632d5689bef66d56ee5dae700d82104"
},
{
"url": "https://git.kernel.org/stable/c/486f68f85085d9b16ae097679b1486dcb1b6eb69"
},
{
"url": "https://git.kernel.org/stable/c/b634af84bc1edece4e63317b0ad95618dd3a8693"
},
{
"url": "https://git.kernel.org/stable/c/56526c3883fc7a1f5898b1d40a02c8b8685a5d92"
},
{
"url": "https://git.kernel.org/stable/c/e52a58b79f11755ea7e877015c4a1704303fa55f"
},
{
"url": "https://git.kernel.org/stable/c/5d38720661a4b9c87705c206a6081177ffb8ec1d"
},
{
"url": "https://git.kernel.org/stable/c/16b603cb8d34c2d917983918db1f88c8b831baaa"
},
{
"url": "https://git.kernel.org/stable/c/f4b98e314888cc51486421bcf6d52852452ea48b"
}
],
"title": "irqchip/gic/realview: Fix refcount leak in realview_gic_of_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49719",
"datePublished": "2025-02-26T02:24:33.532Z",
"dateReserved": "2025-02-26T02:21:30.445Z",
"dateUpdated": "2025-10-01T19:36:44.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49352 (GCVE-0-2022-49352)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-06-19 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix warning in ext4_handle_inode_extension
We got issue as follows:
EXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memory
EXT4-fs error (device loop0): ext4_setattr:5462: inode #13: comm syz-executor.0: mark_inode_dirty error
EXT4-fs error (device loop0) in ext4_setattr:5519: Out of memory
EXT4-fs error (device loop0): ext4_ind_map_blocks:595: inode #13: comm syz-executor.0: Can't allocate blocks for non-extent mapped inodes with bigalloc
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4361 at fs/ext4/file.c:301 ext4_file_write_iter+0x11c9/0x1220
Modules linked in:
CPU: 1 PID: 4361 Comm: syz-executor.0 Not tainted 5.10.0+ #1
RIP: 0010:ext4_file_write_iter+0x11c9/0x1220
RSP: 0018:ffff924d80b27c00 EFLAGS: 00010282
RAX: ffffffff815a3379 RBX: 0000000000000000 RCX: 000000003b000000
RDX: ffff924d81601000 RSI: 00000000000009cc RDI: 00000000000009cd
RBP: 000000000000000d R08: ffffffffbc5a2c6b R09: 0000902e0e52a96f
R10: ffff902e2b7c1b40 R11: ffff902e2b7c1b40 R12: 000000000000000a
R13: 0000000000000001 R14: ffff902e0e52aa10 R15: ffffffffffffff8b
FS: 00007f81a7f65700(0000) GS:ffff902e3bc80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 000000012db88001 CR4: 00000000003706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
do_iter_readv_writev+0x2e5/0x360
do_iter_write+0x112/0x4c0
do_pwritev+0x1e5/0x390
__x64_sys_pwritev2+0x7e/0xa0
do_syscall_64+0x37/0x50
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Above issue may happen as follows:
Assume
inode.i_size=4096
EXT4_I(inode)->i_disksize=4096
step 1: set inode->i_isize = 8192
ext4_setattr
if (attr->ia_size != inode->i_size)
EXT4_I(inode)->i_disksize = attr->ia_size;
rc = ext4_mark_inode_dirty
ext4_reserve_inode_write
ext4_get_inode_loc
__ext4_get_inode_loc
sb_getblk --> return -ENOMEM
...
if (!error) ->will not update i_size
i_size_write(inode, attr->ia_size);
Now:
inode.i_size=4096
EXT4_I(inode)->i_disksize=8192
step 2: Direct write 4096 bytes
ext4_file_write_iter
ext4_dio_write_iter
iomap_dio_rw ->return error
if (extend)
ext4_handle_inode_extension
WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize);
->Then trigger warning.
To solve above issue, if mark inode dirty failed in ext4_setattr just
set 'EXT4_I(inode)->i_disksize' with old value.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "adf490083ca52ebfb0b2fe64ff1ead00c0452dd7",
"status": "affected",
"version": "b1b4705d54abedfd69dcdf42779c521aa1e0fbd3",
"versionType": "git"
},
{
"lessThan": "b81d2ff6885e38fc745eeaf9565775055778fc0b",
"status": "affected",
"version": "b1b4705d54abedfd69dcdf42779c521aa1e0fbd3",
"versionType": "git"
},
{
"lessThan": "e383c2aa5f02ab571530dc5c5696479672478c25",
"status": "affected",
"version": "b1b4705d54abedfd69dcdf42779c521aa1e0fbd3",
"versionType": "git"
},
{
"lessThan": "1bcce88da60eccc946c0f4ed942b0f08cd565778",
"status": "affected",
"version": "b1b4705d54abedfd69dcdf42779c521aa1e0fbd3",
"versionType": "git"
},
{
"lessThan": "f4534c9fc94d22383f187b9409abb3f9df2e3db3",
"status": "affected",
"version": "b1b4705d54abedfd69dcdf42779c521aa1e0fbd3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix warning in ext4_handle_inode_extension\n\nWe got issue as follows:\nEXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memory\nEXT4-fs error (device loop0): ext4_setattr:5462: inode #13: comm syz-executor.0: mark_inode_dirty error\nEXT4-fs error (device loop0) in ext4_setattr:5519: Out of memory\nEXT4-fs error (device loop0): ext4_ind_map_blocks:595: inode #13: comm syz-executor.0: Can\u0027t allocate blocks for non-extent mapped inodes with bigalloc\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 4361 at fs/ext4/file.c:301 ext4_file_write_iter+0x11c9/0x1220\nModules linked in:\nCPU: 1 PID: 4361 Comm: syz-executor.0 Not tainted 5.10.0+ #1\nRIP: 0010:ext4_file_write_iter+0x11c9/0x1220\nRSP: 0018:ffff924d80b27c00 EFLAGS: 00010282\nRAX: ffffffff815a3379 RBX: 0000000000000000 RCX: 000000003b000000\nRDX: ffff924d81601000 RSI: 00000000000009cc RDI: 00000000000009cd\nRBP: 000000000000000d R08: ffffffffbc5a2c6b R09: 0000902e0e52a96f\nR10: ffff902e2b7c1b40 R11: ffff902e2b7c1b40 R12: 000000000000000a\nR13: 0000000000000001 R14: ffff902e0e52aa10 R15: ffffffffffffff8b\nFS: 00007f81a7f65700(0000) GS:ffff902e3bc80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffff600400 CR3: 000000012db88001 CR4: 00000000003706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n do_iter_readv_writev+0x2e5/0x360\n do_iter_write+0x112/0x4c0\n do_pwritev+0x1e5/0x390\n __x64_sys_pwritev2+0x7e/0xa0\n do_syscall_64+0x37/0x50\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nAbove issue may happen as follows:\nAssume\ninode.i_size=4096\nEXT4_I(inode)-\u003ei_disksize=4096\n\nstep 1: set inode-\u003ei_isize = 8192\next4_setattr\n if (attr-\u003eia_size != inode-\u003ei_size)\n EXT4_I(inode)-\u003ei_disksize = attr-\u003eia_size;\n rc = ext4_mark_inode_dirty\n ext4_reserve_inode_write\n ext4_get_inode_loc\n __ext4_get_inode_loc\n sb_getblk --\u003e return -ENOMEM\n ...\n if (!error) -\u003ewill not update i_size\n i_size_write(inode, attr-\u003eia_size);\nNow:\ninode.i_size=4096\nEXT4_I(inode)-\u003ei_disksize=8192\n\nstep 2: Direct write 4096 bytes\next4_file_write_iter\n ext4_dio_write_iter\n iomap_dio_rw -\u003ereturn error\n if (extend)\n ext4_handle_inode_extension\n WARN_ON_ONCE(i_size_read(inode) \u003c EXT4_I(inode)-\u003ei_disksize);\n-\u003eThen trigger warning.\n\nTo solve above issue, if mark inode dirty failed in ext4_setattr just\nset \u0027EXT4_I(inode)-\u003ei_disksize\u0027 with old value."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:56:19.413Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/adf490083ca52ebfb0b2fe64ff1ead00c0452dd7"
},
{
"url": "https://git.kernel.org/stable/c/b81d2ff6885e38fc745eeaf9565775055778fc0b"
},
{
"url": "https://git.kernel.org/stable/c/e383c2aa5f02ab571530dc5c5696479672478c25"
},
{
"url": "https://git.kernel.org/stable/c/1bcce88da60eccc946c0f4ed942b0f08cd565778"
},
{
"url": "https://git.kernel.org/stable/c/f4534c9fc94d22383f187b9409abb3f9df2e3db3"
}
],
"title": "ext4: fix warning in ext4_handle_inode_extension",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49352",
"datePublished": "2025-02-26T02:11:04.496Z",
"dateReserved": "2025-02-26T02:08:31.544Z",
"dateUpdated": "2025-06-19T12:56:19.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49083 (GCVE-0-2022-49083)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/omap: Fix regression in probe for NULL pointer dereference
Commit 3f6634d997db ("iommu: Use right way to retrieve iommu_ops") started
triggering a NULL pointer dereference for some omap variants:
__iommu_probe_device from probe_iommu_group+0x2c/0x38
probe_iommu_group from bus_for_each_dev+0x74/0xbc
bus_for_each_dev from bus_iommu_probe+0x34/0x2e8
bus_iommu_probe from bus_set_iommu+0x80/0xc8
bus_set_iommu from omap_iommu_init+0x88/0xcc
omap_iommu_init from do_one_initcall+0x44/0x24
This is caused by omap iommu probe returning 0 instead of ERR_PTR(-ENODEV)
as noted by Jason Gunthorpe <jgg@ziepe.ca>.
Looks like the regression already happened with an earlier commit
6785eb9105e3 ("iommu/omap: Convert to probe/release_device() call-backs")
that changed the function return type and missed converting one place.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/omap-iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bd905fed87ce01ac010011bb8f44ed0140116ceb",
"status": "affected",
"version": "6785eb9105e3363aa51408c700a55e8b5f88fcf6",
"versionType": "git"
},
{
"lessThan": "47e239117bd97c8556f9187af7a9a7938db4e021",
"status": "affected",
"version": "6785eb9105e3363aa51408c700a55e8b5f88fcf6",
"versionType": "git"
},
{
"lessThan": "ea518578aa8a9a0280605b53cc33f707e10c8178",
"status": "affected",
"version": "6785eb9105e3363aa51408c700a55e8b5f88fcf6",
"versionType": "git"
},
{
"lessThan": "1d89f2b9eadbcf3ce93c6d7238f68299a1f84968",
"status": "affected",
"version": "6785eb9105e3363aa51408c700a55e8b5f88fcf6",
"versionType": "git"
},
{
"lessThan": "71ff461c3f41f6465434b9e980c01782763e7ad8",
"status": "affected",
"version": "6785eb9105e3363aa51408c700a55e8b5f88fcf6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/omap-iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/omap: Fix regression in probe for NULL pointer dereference\n\nCommit 3f6634d997db (\"iommu: Use right way to retrieve iommu_ops\") started\ntriggering a NULL pointer dereference for some omap variants:\n\n__iommu_probe_device from probe_iommu_group+0x2c/0x38\nprobe_iommu_group from bus_for_each_dev+0x74/0xbc\nbus_for_each_dev from bus_iommu_probe+0x34/0x2e8\nbus_iommu_probe from bus_set_iommu+0x80/0xc8\nbus_set_iommu from omap_iommu_init+0x88/0xcc\nomap_iommu_init from do_one_initcall+0x44/0x24\n\nThis is caused by omap iommu probe returning 0 instead of ERR_PTR(-ENODEV)\nas noted by Jason Gunthorpe \u003cjgg@ziepe.ca\u003e.\n\nLooks like the regression already happened with an earlier commit\n6785eb9105e3 (\"iommu/omap: Convert to probe/release_device() call-backs\")\nthat changed the function return type and missed converting one place."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:21.393Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bd905fed87ce01ac010011bb8f44ed0140116ceb"
},
{
"url": "https://git.kernel.org/stable/c/47e239117bd97c8556f9187af7a9a7938db4e021"
},
{
"url": "https://git.kernel.org/stable/c/ea518578aa8a9a0280605b53cc33f707e10c8178"
},
{
"url": "https://git.kernel.org/stable/c/1d89f2b9eadbcf3ce93c6d7238f68299a1f84968"
},
{
"url": "https://git.kernel.org/stable/c/71ff461c3f41f6465434b9e980c01782763e7ad8"
}
],
"title": "iommu/omap: Fix regression in probe for NULL pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49083",
"datePublished": "2025-02-26T01:54:42.582Z",
"dateReserved": "2025-02-26T01:49:39.248Z",
"dateUpdated": "2025-05-04T08:29:21.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49349 (GCVE-0-2022-49349)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix use-after-free in ext4_rename_dir_prepare
We got issue as follows:
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
ext4_get_first_dir_block: bh->b_data=0xffff88810bee6000 len=34478
ext4_get_first_dir_block: *parent_de=0xffff88810beee6ae bh->b_data=0xffff88810bee6000
ext4_rename_dir_prepare: [1] parent_de=0xffff88810beee6ae
==================================================================
BUG: KASAN: use-after-free in ext4_rename_dir_prepare+0x152/0x220
Read of size 4 at addr ffff88810beee6ae by task rep/1895
CPU: 13 PID: 1895 Comm: rep Not tainted 5.10.0+ #241
Call Trace:
dump_stack+0xbe/0xf9
print_address_description.constprop.0+0x1e/0x220
kasan_report.cold+0x37/0x7f
ext4_rename_dir_prepare+0x152/0x220
ext4_rename+0xf44/0x1ad0
ext4_rename2+0x11c/0x170
vfs_rename+0xa84/0x1440
do_renameat2+0x683/0x8f0
__x64_sys_renameat+0x53/0x60
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f45a6fc41c9
RSP: 002b:00007ffc5a470218 EFLAGS: 00000246 ORIG_RAX: 0000000000000108
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f45a6fc41c9
RDX: 0000000000000005 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007ffc5a470240 R08: 00007ffc5a470160 R09: 0000000020000080
R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000400bb0
R13: 00007ffc5a470320 R14: 0000000000000000 R15: 0000000000000000
The buggy address belongs to the page:
page:00000000440015ce refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x10beee
flags: 0x200000000000000()
raw: 0200000000000000 ffffea00043ff4c8 ffffea0004325608 0000000000000000
raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88810beee580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88810beee600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff88810beee680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff88810beee700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88810beee780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
Disabling lock debugging due to kernel taint
ext4_rename_dir_prepare: [2] parent_de->inode=3537895424
ext4_rename_dir_prepare: [3] dir=0xffff888124170140
ext4_rename_dir_prepare: [4] ino=2
ext4_rename_dir_prepare: ent->dir->i_ino=2 parent=-757071872
Reason is first directory entry which 'rec_len' is 34478, then will get illegal
parent entry. Now, we do not check directory entry after read directory block
in 'ext4_get_first_dir_block'.
To solve this issue, check directory entry in 'ext4_get_first_dir_block'.
[ Trigger an ext4_error() instead of just warning if the directory is
missing a '.' or '..' entry. Also make sure we return an error code
if the file system is corrupted. -TYT ]
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:16:42.619044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:33.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1a3a15bf6f9963d755270cbdb282863b84839195",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "97f802a652a749422dede32071d29a53cf4bd034",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "10801095224de0d0ab06ae60698680c1f883a3ae",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eaecf7ebfd5dd09038a80b14be46b844f54cfc5c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dd887f83ea54aea5b780a84527e23ab95f777fed",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "364380c00912bed9b5d99eb485018360b0ecf64f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0ff38b99fa075ddd246487a28cb9af049f4ceef1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4a2bea60cf7ff957b3eda0b17750d483876a02fa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0be698ecbe4471fcad80e81ec6a05001421041b3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix use-after-free in ext4_rename_dir_prepare\n\nWe got issue as follows:\nEXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue\next4_get_first_dir_block: bh-\u003eb_data=0xffff88810bee6000 len=34478\next4_get_first_dir_block: *parent_de=0xffff88810beee6ae bh-\u003eb_data=0xffff88810bee6000\next4_rename_dir_prepare: [1] parent_de=0xffff88810beee6ae\n==================================================================\nBUG: KASAN: use-after-free in ext4_rename_dir_prepare+0x152/0x220\nRead of size 4 at addr ffff88810beee6ae by task rep/1895\n\nCPU: 13 PID: 1895 Comm: rep Not tainted 5.10.0+ #241\nCall Trace:\n dump_stack+0xbe/0xf9\n print_address_description.constprop.0+0x1e/0x220\n kasan_report.cold+0x37/0x7f\n ext4_rename_dir_prepare+0x152/0x220\n ext4_rename+0xf44/0x1ad0\n ext4_rename2+0x11c/0x170\n vfs_rename+0xa84/0x1440\n do_renameat2+0x683/0x8f0\n __x64_sys_renameat+0x53/0x60\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\nRIP: 0033:0x7f45a6fc41c9\nRSP: 002b:00007ffc5a470218 EFLAGS: 00000246 ORIG_RAX: 0000000000000108\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f45a6fc41c9\nRDX: 0000000000000005 RSI: 0000000020000180 RDI: 0000000000000005\nRBP: 00007ffc5a470240 R08: 00007ffc5a470160 R09: 0000000020000080\nR10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000400bb0\nR13: 00007ffc5a470320 R14: 0000000000000000 R15: 0000000000000000\n\nThe buggy address belongs to the page:\npage:00000000440015ce refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x10beee\nflags: 0x200000000000000()\nraw: 0200000000000000 ffffea00043ff4c8 ffffea0004325608 0000000000000000\nraw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff88810beee580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ffff88810beee600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\u003effff88810beee680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ^\n ffff88810beee700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ffff88810beee780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n==================================================================\nDisabling lock debugging due to kernel taint\next4_rename_dir_prepare: [2] parent_de-\u003einode=3537895424\next4_rename_dir_prepare: [3] dir=0xffff888124170140\next4_rename_dir_prepare: [4] ino=2\next4_rename_dir_prepare: ent-\u003edir-\u003ei_ino=2 parent=-757071872\n\nReason is first directory entry which \u0027rec_len\u0027 is 34478, then will get illegal\nparent entry. Now, we do not check directory entry after read directory block\nin \u0027ext4_get_first_dir_block\u0027.\nTo solve this issue, check directory entry in \u0027ext4_get_first_dir_block\u0027.\n\n[ Trigger an ext4_error() instead of just warning if the directory is\n missing a \u0027.\u0027 or \u0027..\u0027 entry. Also make sure we return an error code\n if the file system is corrupted. -TYT ]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:50.114Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a3a15bf6f9963d755270cbdb282863b84839195"
},
{
"url": "https://git.kernel.org/stable/c/97f802a652a749422dede32071d29a53cf4bd034"
},
{
"url": "https://git.kernel.org/stable/c/10801095224de0d0ab06ae60698680c1f883a3ae"
},
{
"url": "https://git.kernel.org/stable/c/eaecf7ebfd5dd09038a80b14be46b844f54cfc5c"
},
{
"url": "https://git.kernel.org/stable/c/dd887f83ea54aea5b780a84527e23ab95f777fed"
},
{
"url": "https://git.kernel.org/stable/c/364380c00912bed9b5d99eb485018360b0ecf64f"
},
{
"url": "https://git.kernel.org/stable/c/0ff38b99fa075ddd246487a28cb9af049f4ceef1"
},
{
"url": "https://git.kernel.org/stable/c/4a2bea60cf7ff957b3eda0b17750d483876a02fa"
},
{
"url": "https://git.kernel.org/stable/c/0be698ecbe4471fcad80e81ec6a05001421041b3"
}
],
"title": "ext4: fix use-after-free in ext4_rename_dir_prepare",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49349",
"datePublished": "2025-02-26T02:11:02.993Z",
"dateReserved": "2025-02-26T02:08:31.544Z",
"dateUpdated": "2025-05-04T08:35:50.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49648 (GCVE-0-2022-49648)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing/histograms: Fix memory leak problem
This reverts commit 46bbe5c671e06f070428b9be142cc4ee5cedebac.
As commit 46bbe5c671e0 ("tracing: fix double free") said, the
"double free" problem reported by clang static analyzer is:
> In parse_var_defs() if there is a problem allocating
> var_defs.expr, the earlier var_defs.name is freed.
> This free is duplicated by free_var_defs() which frees
> the rest of the list.
However, if there is a problem allocating N-th var_defs.expr:
+ in parse_var_defs(), the freed 'earlier var_defs.name' is
actually the N-th var_defs.name;
+ then in free_var_defs(), the names from 0th to (N-1)-th are freed;
IF ALLOCATING PROBLEM HAPPENED HERE!!! -+
\
|
0th 1th (N-1)-th N-th V
+-------------+-------------+-----+-------------+-----------
var_defs: | name | expr | name | expr | ... | name | expr | name | ///
+-------------+-------------+-----+-------------+-----------
These two frees don't act on same name, so there was no "double free"
problem before. Conversely, after that commit, we get a "memory leak"
problem because the above "N-th var_defs.name" is not freed.
If enable CONFIG_DEBUG_KMEMLEAK and inject a fault at where the N-th
var_defs.expr allocated, then execute on shell like:
$ echo 'hist:key=call_site:val=$v1,$v2:v1=bytes_req,v2=bytes_alloc' > \
/sys/kernel/debug/tracing/events/kmem/kmalloc/trigger
Then kmemleak reports:
unreferenced object 0xffff8fb100ef3518 (size 8):
comm "bash", pid 196, jiffies 4295681690 (age 28.538s)
hex dump (first 8 bytes):
76 31 00 00 b1 8f ff ff v1......
backtrace:
[<0000000038fe4895>] kstrdup+0x2d/0x60
[<00000000c99c049a>] event_hist_trigger_parse+0x206f/0x20e0
[<00000000ae70d2cc>] trigger_process_regex+0xc0/0x110
[<0000000066737a4c>] event_trigger_write+0x75/0xd0
[<000000007341e40c>] vfs_write+0xbb/0x2a0
[<0000000087fde4c2>] ksys_write+0x59/0xd0
[<00000000581e9cdf>] do_syscall_64+0x3a/0x80
[<00000000cf3b065c>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 240dd5118a9e0454f280ffeae63f22bd14735733 Version: e92c490f104993cea35e5f5d5108ac12df1850ac Version: 46bbe5c671e06f070428b9be142cc4ee5cedebac Version: 46bbe5c671e06f070428b9be142cc4ee5cedebac Version: 46bbe5c671e06f070428b9be142cc4ee5cedebac Version: 46bbe5c671e06f070428b9be142cc4ee5cedebac Version: e3a23511638a3dcf0275c1e71a46d1ca2e2e6788 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:48.167860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:48.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace_events_hist.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eb622d5580b9e2ff694f62da6410618bd73853cb",
"status": "affected",
"version": "240dd5118a9e0454f280ffeae63f22bd14735733",
"versionType": "git"
},
{
"lessThan": "ecc6dec12c33aa92c086cd702af9f544ddaf3c75",
"status": "affected",
"version": "e92c490f104993cea35e5f5d5108ac12df1850ac",
"versionType": "git"
},
{
"lessThan": "78a1400c42ee11197eb1f0f85ba51df9a4fdfff0",
"status": "affected",
"version": "46bbe5c671e06f070428b9be142cc4ee5cedebac",
"versionType": "git"
},
{
"lessThan": "22eeff55679d9e7c0f768c79bfbd83e2f8142d89",
"status": "affected",
"version": "46bbe5c671e06f070428b9be142cc4ee5cedebac",
"versionType": "git"
},
{
"lessThan": "4d453eb5e1eec89971aa5b3262857ee26cfdffd3",
"status": "affected",
"version": "46bbe5c671e06f070428b9be142cc4ee5cedebac",
"versionType": "git"
},
{
"lessThan": "7edc3945bdce9c39198a10d6129377a5c53559c2",
"status": "affected",
"version": "46bbe5c671e06f070428b9be142cc4ee5cedebac",
"versionType": "git"
},
{
"status": "affected",
"version": "e3a23511638a3dcf0275c1e71a46d1ca2e2e6788",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace_events_hist.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.253",
"versionStartIncluding": "4.19.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "5.4.69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histograms: Fix memory leak problem\n\nThis reverts commit 46bbe5c671e06f070428b9be142cc4ee5cedebac.\n\nAs commit 46bbe5c671e0 (\"tracing: fix double free\") said, the\n\"double free\" problem reported by clang static analyzer is:\n \u003e In parse_var_defs() if there is a problem allocating\n \u003e var_defs.expr, the earlier var_defs.name is freed.\n \u003e This free is duplicated by free_var_defs() which frees\n \u003e the rest of the list.\n\nHowever, if there is a problem allocating N-th var_defs.expr:\n + in parse_var_defs(), the freed \u0027earlier var_defs.name\u0027 is\n actually the N-th var_defs.name;\n + then in free_var_defs(), the names from 0th to (N-1)-th are freed;\n\n IF ALLOCATING PROBLEM HAPPENED HERE!!! -+\n \\\n |\n 0th 1th (N-1)-th N-th V\n +-------------+-------------+-----+-------------+-----------\nvar_defs: | name | expr | name | expr | ... | name | expr | name | ///\n +-------------+-------------+-----+-------------+-----------\n\nThese two frees don\u0027t act on same name, so there was no \"double free\"\nproblem before. Conversely, after that commit, we get a \"memory leak\"\nproblem because the above \"N-th var_defs.name\" is not freed.\n\nIf enable CONFIG_DEBUG_KMEMLEAK and inject a fault at where the N-th\nvar_defs.expr allocated, then execute on shell like:\n $ echo \u0027hist:key=call_site:val=$v1,$v2:v1=bytes_req,v2=bytes_alloc\u0027 \u003e \\\n/sys/kernel/debug/tracing/events/kmem/kmalloc/trigger\n\nThen kmemleak reports:\n unreferenced object 0xffff8fb100ef3518 (size 8):\n comm \"bash\", pid 196, jiffies 4295681690 (age 28.538s)\n hex dump (first 8 bytes):\n 76 31 00 00 b1 8f ff ff v1......\n backtrace:\n [\u003c0000000038fe4895\u003e] kstrdup+0x2d/0x60\n [\u003c00000000c99c049a\u003e] event_hist_trigger_parse+0x206f/0x20e0\n [\u003c00000000ae70d2cc\u003e] trigger_process_regex+0xc0/0x110\n [\u003c0000000066737a4c\u003e] event_trigger_write+0x75/0xd0\n [\u003c000000007341e40c\u003e] vfs_write+0xbb/0x2a0\n [\u003c0000000087fde4c2\u003e] ksys_write+0x59/0xd0\n [\u003c00000000581e9cdf\u003e] do_syscall_64+0x3a/0x80\n [\u003c00000000cf3b065c\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:45:02.459Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eb622d5580b9e2ff694f62da6410618bd73853cb"
},
{
"url": "https://git.kernel.org/stable/c/ecc6dec12c33aa92c086cd702af9f544ddaf3c75"
},
{
"url": "https://git.kernel.org/stable/c/78a1400c42ee11197eb1f0f85ba51df9a4fdfff0"
},
{
"url": "https://git.kernel.org/stable/c/22eeff55679d9e7c0f768c79bfbd83e2f8142d89"
},
{
"url": "https://git.kernel.org/stable/c/4d453eb5e1eec89971aa5b3262857ee26cfdffd3"
},
{
"url": "https://git.kernel.org/stable/c/7edc3945bdce9c39198a10d6129377a5c53559c2"
}
],
"title": "tracing/histograms: Fix memory leak problem",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49648",
"datePublished": "2025-02-26T02:23:52.035Z",
"dateReserved": "2025-02-26T02:21:30.432Z",
"dateUpdated": "2025-10-01T19:36:48.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49506 (GCVE-0-2022-49506)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Add vblank register/unregister callback functions
We encountered a kernel panic issue that callback data will be NULL when
it's using in ovl irq handler. There is a timing issue between
mtk_disp_ovl_irq_handler() and mtk_ovl_disable_vblank().
To resolve this issue, we use the flow to register/unregister vblank cb:
- Register callback function and callback data when crtc creates.
- Unregister callback function and callback data when crtc destroies.
With this solution, we can assure callback data will not be NULL when
vblank is disable.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_disp_drv.h",
"drivers/gpu/drm/mediatek/mtk_disp_ovl.c",
"drivers/gpu/drm/mediatek/mtk_disp_rdma.c",
"drivers/gpu/drm/mediatek/mtk_drm_crtc.c",
"drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c",
"drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8a2dbdeccef6de47565638abdf3c25f41cdffc37",
"status": "affected",
"version": "9b0704988b151824a51133dc4c921f4273c5d839",
"versionType": "git"
},
{
"lessThan": "8a265d9838bc3c63579002d55c2b2c655c4f8f26",
"status": "affected",
"version": "9b0704988b151824a51133dc4c921f4273c5d839",
"versionType": "git"
},
{
"lessThan": "3a4027b5971fe2a94e32754f007d9d3c12c68ad1",
"status": "affected",
"version": "9b0704988b151824a51133dc4c921f4273c5d839",
"versionType": "git"
},
{
"lessThan": "b74d921b900b6ce38c6247c0a1c86be9f3746493",
"status": "affected",
"version": "9b0704988b151824a51133dc4c921f4273c5d839",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/mediatek/mtk_disp_drv.h",
"drivers/gpu/drm/mediatek/mtk_disp_ovl.c",
"drivers/gpu/drm/mediatek/mtk_disp_rdma.c",
"drivers/gpu/drm/mediatek/mtk_drm_crtc.c",
"drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c",
"drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Add vblank register/unregister callback functions\n\nWe encountered a kernel panic issue that callback data will be NULL when\nit\u0027s using in ovl irq handler. There is a timing issue between\nmtk_disp_ovl_irq_handler() and mtk_ovl_disable_vblank().\n\nTo resolve this issue, we use the flow to register/unregister vblank cb:\n- Register callback function and callback data when crtc creates.\n- Unregister callback function and callback data when crtc destroies.\n\nWith this solution, we can assure callback data will not be NULL when\nvblank is disable."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:24.277Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8a2dbdeccef6de47565638abdf3c25f41cdffc37"
},
{
"url": "https://git.kernel.org/stable/c/8a265d9838bc3c63579002d55c2b2c655c4f8f26"
},
{
"url": "https://git.kernel.org/stable/c/3a4027b5971fe2a94e32754f007d9d3c12c68ad1"
},
{
"url": "https://git.kernel.org/stable/c/b74d921b900b6ce38c6247c0a1c86be9f3746493"
}
],
"title": "drm/mediatek: Add vblank register/unregister callback functions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49506",
"datePublished": "2025-02-26T02:13:38.168Z",
"dateReserved": "2025-02-26T02:08:31.586Z",
"dateUpdated": "2025-05-04T08:39:24.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49514 (GCVE-0-2022-49514)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
Call of_node_put(platform_node) to avoid refcount leak in
the error path.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 94319ba10ecabc8f28129566d1f5793e3e7a0a79 Version: 94319ba10ecabc8f28129566d1f5793e3e7a0a79 Version: 94319ba10ecabc8f28129566d1f5793e3e7a0a79 Version: 94319ba10ecabc8f28129566d1f5793e3e7a0a79 Version: 94319ba10ecabc8f28129566d1f5793e3e7a0a79 Version: 94319ba10ecabc8f28129566d1f5793e3e7a0a79 Version: 94319ba10ecabc8f28129566d1f5793e3e7a0a79 Version: 94319ba10ecabc8f28129566d1f5793e3e7a0a79 Version: 94319ba10ecabc8f28129566d1f5793e3e7a0a79 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:38:19.275371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:42.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/mediatek/mt8173/mt8173-max98090.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0a1901f34f775b83ea4b8dbb5ed992147b9b8531",
"status": "affected",
"version": "94319ba10ecabc8f28129566d1f5793e3e7a0a79",
"versionType": "git"
},
{
"lessThan": "1e932aba3c7628c9f880ee9c2cfcc2ae3ba0c01e",
"status": "affected",
"version": "94319ba10ecabc8f28129566d1f5793e3e7a0a79",
"versionType": "git"
},
{
"lessThan": "cc43b9fdca519c5b13be6a717bacbebccd628cf6",
"status": "affected",
"version": "94319ba10ecabc8f28129566d1f5793e3e7a0a79",
"versionType": "git"
},
{
"lessThan": "23f340ed906c758cec6527376768e3bc1474ac30",
"status": "affected",
"version": "94319ba10ecabc8f28129566d1f5793e3e7a0a79",
"versionType": "git"
},
{
"lessThan": "fb66e0512e5ccc093070e21cf88cce8d98c181b5",
"status": "affected",
"version": "94319ba10ecabc8f28129566d1f5793e3e7a0a79",
"versionType": "git"
},
{
"lessThan": "48889eb3cce91d7f58e02bc07277b7f724b7a54a",
"status": "affected",
"version": "94319ba10ecabc8f28129566d1f5793e3e7a0a79",
"versionType": "git"
},
{
"lessThan": "ebd5cb4f1f3f10b839e7575219e0f17b60c23113",
"status": "affected",
"version": "94319ba10ecabc8f28129566d1f5793e3e7a0a79",
"versionType": "git"
},
{
"lessThan": "98d5afe868df998b0244f4c229ab758b4083684a",
"status": "affected",
"version": "94319ba10ecabc8f28129566d1f5793e3e7a0a79",
"versionType": "git"
},
{
"lessThan": "4f4e0454e226de3bf4efd7e7924d1edc571c52d5",
"status": "affected",
"version": "94319ba10ecabc8f28129566d1f5793e3e7a0a79",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/mediatek/mt8173/mt8173-max98090.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe\n\nCall of_node_put(platform_node) to avoid refcount leak in\nthe error path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:34.738Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0a1901f34f775b83ea4b8dbb5ed992147b9b8531"
},
{
"url": "https://git.kernel.org/stable/c/1e932aba3c7628c9f880ee9c2cfcc2ae3ba0c01e"
},
{
"url": "https://git.kernel.org/stable/c/cc43b9fdca519c5b13be6a717bacbebccd628cf6"
},
{
"url": "https://git.kernel.org/stable/c/23f340ed906c758cec6527376768e3bc1474ac30"
},
{
"url": "https://git.kernel.org/stable/c/fb66e0512e5ccc093070e21cf88cce8d98c181b5"
},
{
"url": "https://git.kernel.org/stable/c/48889eb3cce91d7f58e02bc07277b7f724b7a54a"
},
{
"url": "https://git.kernel.org/stable/c/ebd5cb4f1f3f10b839e7575219e0f17b60c23113"
},
{
"url": "https://git.kernel.org/stable/c/98d5afe868df998b0244f4c229ab758b4083684a"
},
{
"url": "https://git.kernel.org/stable/c/4f4e0454e226de3bf4efd7e7924d1edc571c52d5"
}
],
"title": "ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49514",
"datePublished": "2025-02-26T02:13:43.398Z",
"dateReserved": "2025-02-26T02:08:31.587Z",
"dateUpdated": "2025-10-01T19:46:42.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49270 (GCVE-0-2022-49270)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm: fix use-after-free in dm_cleanup_zoned_dev()
dm_cleanup_zoned_dev() uses queue, so it must be called
before blk_cleanup_disk() starts its killing:
blk_cleanup_disk->blk_cleanup_queue()->kobject_put()->blk_release_queue()->
->...RCU...->blk_free_queue_rcu()->kmem_cache_free()
Otherwise, RCU callback may be executed first and
dm_cleanup_zoned_dev() will touch free'd memory:
BUG: KASAN: use-after-free in dm_cleanup_zoned_dev+0x33/0xd0
Read of size 8 at addr ffff88805ac6e430 by task dmsetup/681
CPU: 4 PID: 681 Comm: dmsetup Not tainted 5.17.0-rc2+ #6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x57/0x7d
print_address_description.constprop.0+0x1f/0x150
? dm_cleanup_zoned_dev+0x33/0xd0
kasan_report.cold+0x7f/0x11b
? dm_cleanup_zoned_dev+0x33/0xd0
dm_cleanup_zoned_dev+0x33/0xd0
__dm_destroy+0x26a/0x400
? dm_blk_ioctl+0x230/0x230
? up_write+0xd8/0x270
dev_remove+0x156/0x1d0
ctl_ioctl+0x269/0x530
? table_clear+0x140/0x140
? lock_release+0xb2/0x750
? remove_all+0x40/0x40
? rcu_read_lock_sched_held+0x12/0x70
? lock_downgrade+0x3c0/0x3c0
? rcu_read_lock_sched_held+0x12/0x70
dm_ctl_ioctl+0xa/0x10
__x64_sys_ioctl+0xb9/0xf0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fb6dfa95c27
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:16:55.271520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:34.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0987f00a76a17aa7213da492c00ed9e5a6210c73",
"status": "affected",
"version": "bb37d77239af25cde59693dbe3fac04dd17d7b29",
"versionType": "git"
},
{
"lessThan": "fdfe414ca28ddfd562c233fb27385cf820de03e8",
"status": "affected",
"version": "bb37d77239af25cde59693dbe3fac04dd17d7b29",
"versionType": "git"
},
{
"lessThan": "43a043aed964659bc69ef81f266912b73c80d837",
"status": "affected",
"version": "bb37d77239af25cde59693dbe3fac04dd17d7b29",
"versionType": "git"
},
{
"lessThan": "588b7f5df0cb64f281290c7672470c006abe7160",
"status": "affected",
"version": "bb37d77239af25cde59693dbe3fac04dd17d7b29",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix use-after-free in dm_cleanup_zoned_dev()\n\ndm_cleanup_zoned_dev() uses queue, so it must be called\nbefore blk_cleanup_disk() starts its killing:\n\nblk_cleanup_disk-\u003eblk_cleanup_queue()-\u003ekobject_put()-\u003eblk_release_queue()-\u003e\n-\u003e...RCU...-\u003eblk_free_queue_rcu()-\u003ekmem_cache_free()\n\nOtherwise, RCU callback may be executed first and\ndm_cleanup_zoned_dev() will touch free\u0027d memory:\n\n BUG: KASAN: use-after-free in dm_cleanup_zoned_dev+0x33/0xd0\n Read of size 8 at addr ffff88805ac6e430 by task dmsetup/681\n\n CPU: 4 PID: 681 Comm: dmsetup Not tainted 5.17.0-rc2+ #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x7d\n print_address_description.constprop.0+0x1f/0x150\n ? dm_cleanup_zoned_dev+0x33/0xd0\n kasan_report.cold+0x7f/0x11b\n ? dm_cleanup_zoned_dev+0x33/0xd0\n dm_cleanup_zoned_dev+0x33/0xd0\n __dm_destroy+0x26a/0x400\n ? dm_blk_ioctl+0x230/0x230\n ? up_write+0xd8/0x270\n dev_remove+0x156/0x1d0\n ctl_ioctl+0x269/0x530\n ? table_clear+0x140/0x140\n ? lock_release+0xb2/0x750\n ? remove_all+0x40/0x40\n ? rcu_read_lock_sched_held+0x12/0x70\n ? lock_downgrade+0x3c0/0x3c0\n ? rcu_read_lock_sched_held+0x12/0x70\n dm_ctl_ioctl+0xa/0x10\n __x64_sys_ioctl+0xb9/0xf0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7fb6dfa95c27"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:47.133Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0987f00a76a17aa7213da492c00ed9e5a6210c73"
},
{
"url": "https://git.kernel.org/stable/c/fdfe414ca28ddfd562c233fb27385cf820de03e8"
},
{
"url": "https://git.kernel.org/stable/c/43a043aed964659bc69ef81f266912b73c80d837"
},
{
"url": "https://git.kernel.org/stable/c/588b7f5df0cb64f281290c7672470c006abe7160"
}
],
"title": "dm: fix use-after-free in dm_cleanup_zoned_dev()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49270",
"datePublished": "2025-02-26T01:56:17.683Z",
"dateReserved": "2025-02-26T01:49:39.297Z",
"dateUpdated": "2025-05-04T08:33:47.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49213 (GCVE-0-2022-49213)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ath10k: Fix error handling in ath10k_setup_msa_resources
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
This function only calls of_node_put() in the regular path.
And it will cause refcount leak in error path.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:46:44.146053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:05.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath10k/snoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "315772133a4b960859e4f5efe0e738e347188cdc",
"status": "affected",
"version": "727fec790ead3d75e2735f66209949c2163523ea",
"versionType": "git"
},
{
"lessThan": "32939187f254171a5666badc058bc3787fe454af",
"status": "affected",
"version": "727fec790ead3d75e2735f66209949c2163523ea",
"versionType": "git"
},
{
"lessThan": "74b1d41e1b6410eed5c76d00eedb262036e9eff5",
"status": "affected",
"version": "727fec790ead3d75e2735f66209949c2163523ea",
"versionType": "git"
},
{
"lessThan": "4ed37d611ea5d222c3ecb3549e4c2d34b8f3c335",
"status": "affected",
"version": "727fec790ead3d75e2735f66209949c2163523ea",
"versionType": "git"
},
{
"lessThan": "9747a78d5f758a5284751a10aee13c30d02bd5f1",
"status": "affected",
"version": "727fec790ead3d75e2735f66209949c2163523ea",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath10k/snoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath10k: Fix error handling in ath10k_setup_msa_resources\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:30.220Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/315772133a4b960859e4f5efe0e738e347188cdc"
},
{
"url": "https://git.kernel.org/stable/c/32939187f254171a5666badc058bc3787fe454af"
},
{
"url": "https://git.kernel.org/stable/c/74b1d41e1b6410eed5c76d00eedb262036e9eff5"
},
{
"url": "https://git.kernel.org/stable/c/4ed37d611ea5d222c3ecb3549e4c2d34b8f3c335"
},
{
"url": "https://git.kernel.org/stable/c/9747a78d5f758a5284751a10aee13c30d02bd5f1"
}
],
"title": "ath10k: Fix error handling in ath10k_setup_msa_resources",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49213",
"datePublished": "2025-02-26T01:55:49.176Z",
"dateReserved": "2025-02-26T01:49:39.292Z",
"dateUpdated": "2025-10-01T19:47:05.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49459 (GCVE-0-2022-49459)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
platform_get_resource() may return NULL, add proper check to
avoid potential NULL dereferencing.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 250e211057c7237dc75634b1372a1a3bd58dcd96 Version: 250e211057c7237dc75634b1372a1a3bd58dcd96 Version: 250e211057c7237dc75634b1372a1a3bd58dcd96 Version: 250e211057c7237dc75634b1372a1a3bd58dcd96 Version: 250e211057c7237dc75634b1372a1a3bd58dcd96 Version: 250e211057c7237dc75634b1372a1a3bd58dcd96 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:40:13.530698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:47.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/broadcom/sr-thermal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b3461ccaa5d2588568d865faee285512ad448049",
"status": "affected",
"version": "250e211057c7237dc75634b1372a1a3bd58dcd96",
"versionType": "git"
},
{
"lessThan": "79098339ac2065f4b4352ef5921628970b6f47e6",
"status": "affected",
"version": "250e211057c7237dc75634b1372a1a3bd58dcd96",
"versionType": "git"
},
{
"lessThan": "ef1235c6514a58f274246cf4a2d5f4e40af539ce",
"status": "affected",
"version": "250e211057c7237dc75634b1372a1a3bd58dcd96",
"versionType": "git"
},
{
"lessThan": "ee9b6b02e8c140323ed46d6602d805ea735c7719",
"status": "affected",
"version": "250e211057c7237dc75634b1372a1a3bd58dcd96",
"versionType": "git"
},
{
"lessThan": "61621e042c22b47d1eadee617bdd26835294b425",
"status": "affected",
"version": "250e211057c7237dc75634b1372a1a3bd58dcd96",
"versionType": "git"
},
{
"lessThan": "e20d136ec7d6f309989c447638365840d3424c8e",
"status": "affected",
"version": "250e211057c7237dc75634b1372a1a3bd58dcd96",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/broadcom/sr-thermal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe\n\nplatform_get_resource() may return NULL, add proper check to\navoid potential NULL dereferencing."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:12.221Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b3461ccaa5d2588568d865faee285512ad448049"
},
{
"url": "https://git.kernel.org/stable/c/79098339ac2065f4b4352ef5921628970b6f47e6"
},
{
"url": "https://git.kernel.org/stable/c/ef1235c6514a58f274246cf4a2d5f4e40af539ce"
},
{
"url": "https://git.kernel.org/stable/c/ee9b6b02e8c140323ed46d6602d805ea735c7719"
},
{
"url": "https://git.kernel.org/stable/c/61621e042c22b47d1eadee617bdd26835294b425"
},
{
"url": "https://git.kernel.org/stable/c/e20d136ec7d6f309989c447638365840d3424c8e"
}
],
"title": "thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49459",
"datePublished": "2025-02-26T02:13:06.833Z",
"dateReserved": "2025-02-26T02:08:31.574Z",
"dateUpdated": "2025-10-01T19:46:47.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49115 (GCVE-0-2022-49115)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Fix misused goto label
Fix a misused goto label jump since that can result in a memory leak.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:48:51.176330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:04.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pci/endpoint/functions/pci-epf-test.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7c657c0694ff690e361a13ce41c36b9dfb433ec8",
"status": "affected",
"version": "5ebf3fc59bd20d17df3ba26159787d13cf20d362",
"versionType": "git"
},
{
"lessThan": "dc9d33b2d8d09e6478e8ef817a81cf26930acc3e",
"status": "affected",
"version": "5ebf3fc59bd20d17df3ba26159787d13cf20d362",
"versionType": "git"
},
{
"lessThan": "70236a0d2d62b081d52076de22d8d017d6cbe99f",
"status": "affected",
"version": "5ebf3fc59bd20d17df3ba26159787d13cf20d362",
"versionType": "git"
},
{
"lessThan": "d3642fc64276b06446290f82fd45630aeaa4b007",
"status": "affected",
"version": "5ebf3fc59bd20d17df3ba26159787d13cf20d362",
"versionType": "git"
},
{
"lessThan": "bf8d87c076f55b8b4dfdb6bc6c6b6dc0c2ccb487",
"status": "affected",
"version": "5ebf3fc59bd20d17df3ba26159787d13cf20d362",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pci/endpoint/functions/pci-epf-test.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix misused goto label\n\nFix a misused goto label jump since that can result in a memory leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:12.491Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7c657c0694ff690e361a13ce41c36b9dfb433ec8"
},
{
"url": "https://git.kernel.org/stable/c/dc9d33b2d8d09e6478e8ef817a81cf26930acc3e"
},
{
"url": "https://git.kernel.org/stable/c/70236a0d2d62b081d52076de22d8d017d6cbe99f"
},
{
"url": "https://git.kernel.org/stable/c/d3642fc64276b06446290f82fd45630aeaa4b007"
},
{
"url": "https://git.kernel.org/stable/c/bf8d87c076f55b8b4dfdb6bc6c6b6dc0c2ccb487"
}
],
"title": "PCI: endpoint: Fix misused goto label",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49115",
"datePublished": "2025-02-26T01:54:58.654Z",
"dateReserved": "2025-02-26T01:49:39.262Z",
"dateUpdated": "2025-10-01T19:57:04.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49187 (GCVE-0-2022-49187)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: Fix clk_hw_get_clk() when dev is NULL
Any registered clk_core structure can have a NULL pointer in its dev
field. While never actually documented, this is evidenced by the wide
usage of clk_register and clk_hw_register with a NULL device pointer,
and the fact that the core of_clk_hw_register() function also passes a
NULL device pointer.
A call to clk_hw_get_clk() on a clk_hw struct whose clk_core is in that
case will result in a NULL pointer derefence when it calls dev_name() on
that NULL device pointer.
Add a test for this case and use NULL as the dev_id if the device
pointer is NULL.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:47:18.677759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:56:59.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/clk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4be3e4c05d8dd1b83b75652cad88c9e752ec7054",
"status": "affected",
"version": "30d6f8c15d2cd877c1f3d47d8a1064649ebe58e2",
"versionType": "git"
},
{
"lessThan": "d183f20cf5a7b546d4108e796b98210ceb317579",
"status": "affected",
"version": "30d6f8c15d2cd877c1f3d47d8a1064649ebe58e2",
"versionType": "git"
},
{
"lessThan": "23f89fe005b105f0dcc55034c13eb89f9b570fac",
"status": "affected",
"version": "30d6f8c15d2cd877c1f3d47d8a1064649ebe58e2",
"versionType": "git"
},
{
"lessThan": "0c1b56df451716ba207bbf59f303473643eee4fd",
"status": "affected",
"version": "30d6f8c15d2cd877c1f3d47d8a1064649ebe58e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/clk.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix clk_hw_get_clk() when dev is NULL\n\nAny registered clk_core structure can have a NULL pointer in its dev\nfield. While never actually documented, this is evidenced by the wide\nusage of clk_register and clk_hw_register with a NULL device pointer,\nand the fact that the core of_clk_hw_register() function also passes a\nNULL device pointer.\n\nA call to clk_hw_get_clk() on a clk_hw struct whose clk_core is in that\ncase will result in a NULL pointer derefence when it calls dev_name() on\nthat NULL device pointer.\n\nAdd a test for this case and use NULL as the dev_id if the device\npointer is NULL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:51.828Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4be3e4c05d8dd1b83b75652cad88c9e752ec7054"
},
{
"url": "https://git.kernel.org/stable/c/d183f20cf5a7b546d4108e796b98210ceb317579"
},
{
"url": "https://git.kernel.org/stable/c/23f89fe005b105f0dcc55034c13eb89f9b570fac"
},
{
"url": "https://git.kernel.org/stable/c/0c1b56df451716ba207bbf59f303473643eee4fd"
}
],
"title": "clk: Fix clk_hw_get_clk() when dev is NULL",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49187",
"datePublished": "2025-02-26T01:55:36.094Z",
"dateReserved": "2025-02-26T01:49:39.286Z",
"dateUpdated": "2025-10-01T19:56:59.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49091 (GCVE-0-2022-49091)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/imx: Fix memory leak in imx_pd_connector_get_modes
Avoid leaking the display mode variable if of_get_drm_display_mode
fails.
Addresses-Coverity-ID: 1443943 ("Resource leak")
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 76ecd9c9fb24b014a6f33fbb1287ede3be12158b Version: 76ecd9c9fb24b014a6f33fbb1287ede3be12158b Version: 76ecd9c9fb24b014a6f33fbb1287ede3be12158b Version: 76ecd9c9fb24b014a6f33fbb1287ede3be12158b Version: 76ecd9c9fb24b014a6f33fbb1287ede3be12158b Version: 76ecd9c9fb24b014a6f33fbb1287ede3be12158b Version: 76ecd9c9fb24b014a6f33fbb1287ede3be12158b Version: 76ecd9c9fb24b014a6f33fbb1287ede3be12158b Version: 76ecd9c9fb24b014a6f33fbb1287ede3be12158b |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/imx/parallel-display.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d2c2758cfb0262637fd93350bdc8ad485fb1dd61",
"status": "affected",
"version": "76ecd9c9fb24b014a6f33fbb1287ede3be12158b",
"versionType": "git"
},
{
"lessThan": "38bf605bd8c83d942c8dcffaef3633b7d8b37549",
"status": "affected",
"version": "76ecd9c9fb24b014a6f33fbb1287ede3be12158b",
"versionType": "git"
},
{
"lessThan": "41624d7c0c3df71dee170c610744aaa5909327b8",
"status": "affected",
"version": "76ecd9c9fb24b014a6f33fbb1287ede3be12158b",
"versionType": "git"
},
{
"lessThan": "c539a6a5896ed92bfb91494e46996d013f3d5967",
"status": "affected",
"version": "76ecd9c9fb24b014a6f33fbb1287ede3be12158b",
"versionType": "git"
},
{
"lessThan": "f8b0ef0a5889890b50482b6593bd8de544736351",
"status": "affected",
"version": "76ecd9c9fb24b014a6f33fbb1287ede3be12158b",
"versionType": "git"
},
{
"lessThan": "31e449302ed00c38d4068443cf0243279701ab28",
"status": "affected",
"version": "76ecd9c9fb24b014a6f33fbb1287ede3be12158b",
"versionType": "git"
},
{
"lessThan": "bc23c327e1a23cc3555fa1e86288e13288515442",
"status": "affected",
"version": "76ecd9c9fb24b014a6f33fbb1287ede3be12158b",
"versionType": "git"
},
{
"lessThan": "7526102d908ec5ae777aa77723d52fce12916093",
"status": "affected",
"version": "76ecd9c9fb24b014a6f33fbb1287ede3be12158b",
"versionType": "git"
},
{
"lessThan": "bce81feb03a20fca7bbdd1c4af16b4e9d5c0e1d3",
"status": "affected",
"version": "76ecd9c9fb24b014a6f33fbb1287ede3be12158b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/imx/parallel-display.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imx: Fix memory leak in imx_pd_connector_get_modes\n\nAvoid leaking the display mode variable if of_get_drm_display_mode\nfails.\n\nAddresses-Coverity-ID: 1443943 (\"Resource leak\")"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:31.995Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d2c2758cfb0262637fd93350bdc8ad485fb1dd61"
},
{
"url": "https://git.kernel.org/stable/c/38bf605bd8c83d942c8dcffaef3633b7d8b37549"
},
{
"url": "https://git.kernel.org/stable/c/41624d7c0c3df71dee170c610744aaa5909327b8"
},
{
"url": "https://git.kernel.org/stable/c/c539a6a5896ed92bfb91494e46996d013f3d5967"
},
{
"url": "https://git.kernel.org/stable/c/f8b0ef0a5889890b50482b6593bd8de544736351"
},
{
"url": "https://git.kernel.org/stable/c/31e449302ed00c38d4068443cf0243279701ab28"
},
{
"url": "https://git.kernel.org/stable/c/bc23c327e1a23cc3555fa1e86288e13288515442"
},
{
"url": "https://git.kernel.org/stable/c/7526102d908ec5ae777aa77723d52fce12916093"
},
{
"url": "https://git.kernel.org/stable/c/bce81feb03a20fca7bbdd1c4af16b4e9d5c0e1d3"
}
],
"title": "drm/imx: Fix memory leak in imx_pd_connector_get_modes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49091",
"datePublished": "2025-02-26T01:54:46.701Z",
"dateReserved": "2025-02-26T01:49:39.249Z",
"dateUpdated": "2025-05-04T08:29:31.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49130 (GCVE-0-2022-49130)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ath11k: mhi: use mhi_sync_power_up()
If amss.bin was missing ath11k would crash during 'rmmod ath11k_pci'. The
reason for that was that we were using mhi_async_power_up() which does not
check any errors. But mhi_sync_power_up() on the other hand does check for
errors so let's use that to fix the crash.
I was not able to find a reason why an async version was used.
ath11k_mhi_start() (which enables state ATH11K_MHI_POWER_ON) is called from
ath11k_hif_power_up(), which can sleep. So sync version should be safe to use
here.
[ 145.569731] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN PTI
[ 145.569789] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 145.569843] CPU: 2 PID: 1628 Comm: rmmod Kdump: loaded Tainted: G W 5.16.0-wt-ath+ #567
[ 145.569898] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
[ 145.569956] RIP: 0010:ath11k_hal_srng_access_begin+0xb5/0x2b0 [ath11k]
[ 145.570028] Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 ec 01 00 00 48 8b ab a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 <0f> b6 14 02 48 89 e8 83 e0 07 83 c0 03 45 85 ed 75 48 38 d0 7c 08
[ 145.570089] RSP: 0018:ffffc900025d7ac0 EFLAGS: 00010246
[ 145.570144] RAX: dffffc0000000000 RBX: ffff88814fca2dd8 RCX: 1ffffffff50cb455
[ 145.570196] RDX: 0000000000000000 RSI: ffff88814fca2dd8 RDI: ffff88814fca2e80
[ 145.570252] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffa8659497
[ 145.570329] R10: fffffbfff50cb292 R11: 0000000000000001 R12: ffff88814fca0000
[ 145.570410] R13: 0000000000000000 R14: ffff88814fca2798 R15: ffff88814fca2dd8
[ 145.570465] FS: 00007fa399988540(0000) GS:ffff888233e00000(0000) knlGS:0000000000000000
[ 145.570519] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 145.570571] CR2: 00007fa399b51421 CR3: 0000000137898002 CR4: 00000000003706e0
[ 145.570623] Call Trace:
[ 145.570675] <TASK>
[ 145.570727] ? ath11k_ce_tx_process_cb+0x34b/0x860 [ath11k]
[ 145.570797] ath11k_ce_tx_process_cb+0x356/0x860 [ath11k]
[ 145.570864] ? tasklet_init+0x150/0x150
[ 145.570919] ? ath11k_ce_alloc_pipes+0x280/0x280 [ath11k]
[ 145.570986] ? tasklet_clear_sched+0x42/0xe0
[ 145.571042] ? tasklet_kill+0xe9/0x1b0
[ 145.571095] ? tasklet_clear_sched+0xe0/0xe0
[ 145.571148] ? irq_has_action+0x120/0x120
[ 145.571202] ath11k_ce_cleanup_pipes+0x45a/0x580 [ath11k]
[ 145.571270] ? ath11k_pci_stop+0x10e/0x170 [ath11k_pci]
[ 145.571345] ath11k_core_stop+0x8a/0xc0 [ath11k]
[ 145.571434] ath11k_core_deinit+0x9e/0x150 [ath11k]
[ 145.571499] ath11k_pci_remove+0xd2/0x260 [ath11k_pci]
[ 145.571553] pci_device_remove+0x9a/0x1c0
[ 145.571605] __device_release_driver+0x332/0x660
[ 145.571659] driver_detach+0x1e7/0x2c0
[ 145.571712] bus_remove_driver+0xe2/0x2d0
[ 145.571772] pci_unregister_driver+0x21/0x250
[ 145.571826] __do_sys_delete_module+0x30a/0x4b0
[ 145.571879] ? free_module+0xac0/0xac0
[ 145.571933] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370
[ 145.571986] ? syscall_enter_from_user_mode+0x1d/0x50
[ 145.572039] ? lockdep_hardirqs_on+0x79/0x100
[ 145.572097] do_syscall_64+0x3b/0x90
[ 145.572153] entry_SYSCALL_64_after_hwframe+0x44/0xae
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:48:20.645584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:03.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/mhi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "339bd0b55ecdd0f7f341e9357c4cfde799de9418",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "20d01a11efde2e05e47d5c66101f5c26eaca68e2",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "3fd7d50384c3808b7f7fa135aa9bb5feb1cb9849",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "646d533af2911be1184eaee8c900b7eb8ecc4396",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "3df6d74aedfdca919cca475d15dfdbc8b05c9e5d",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/mhi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: mhi: use mhi_sync_power_up()\n\nIf amss.bin was missing ath11k would crash during \u0027rmmod ath11k_pci\u0027. The\nreason for that was that we were using mhi_async_power_up() which does not\ncheck any errors. But mhi_sync_power_up() on the other hand does check for\nerrors so let\u0027s use that to fix the crash.\n\nI was not able to find a reason why an async version was used.\nath11k_mhi_start() (which enables state ATH11K_MHI_POWER_ON) is called from\nath11k_hif_power_up(), which can sleep. So sync version should be safe to use\nhere.\n\n[ 145.569731] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN PTI\n[ 145.569789] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n[ 145.569843] CPU: 2 PID: 1628 Comm: rmmod Kdump: loaded Tainted: G W 5.16.0-wt-ath+ #567\n[ 145.569898] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021\n[ 145.569956] RIP: 0010:ath11k_hal_srng_access_begin+0xb5/0x2b0 [ath11k]\n[ 145.570028] Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 ec 01 00 00 48 8b ab a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 \u003c0f\u003e b6 14 02 48 89 e8 83 e0 07 83 c0 03 45 85 ed 75 48 38 d0 7c 08\n[ 145.570089] RSP: 0018:ffffc900025d7ac0 EFLAGS: 00010246\n[ 145.570144] RAX: dffffc0000000000 RBX: ffff88814fca2dd8 RCX: 1ffffffff50cb455\n[ 145.570196] RDX: 0000000000000000 RSI: ffff88814fca2dd8 RDI: ffff88814fca2e80\n[ 145.570252] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffa8659497\n[ 145.570329] R10: fffffbfff50cb292 R11: 0000000000000001 R12: ffff88814fca0000\n[ 145.570410] R13: 0000000000000000 R14: ffff88814fca2798 R15: ffff88814fca2dd8\n[ 145.570465] FS: 00007fa399988540(0000) GS:ffff888233e00000(0000) knlGS:0000000000000000\n[ 145.570519] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 145.570571] CR2: 00007fa399b51421 CR3: 0000000137898002 CR4: 00000000003706e0\n[ 145.570623] Call Trace:\n[ 145.570675] \u003cTASK\u003e\n[ 145.570727] ? ath11k_ce_tx_process_cb+0x34b/0x860 [ath11k]\n[ 145.570797] ath11k_ce_tx_process_cb+0x356/0x860 [ath11k]\n[ 145.570864] ? tasklet_init+0x150/0x150\n[ 145.570919] ? ath11k_ce_alloc_pipes+0x280/0x280 [ath11k]\n[ 145.570986] ? tasklet_clear_sched+0x42/0xe0\n[ 145.571042] ? tasklet_kill+0xe9/0x1b0\n[ 145.571095] ? tasklet_clear_sched+0xe0/0xe0\n[ 145.571148] ? irq_has_action+0x120/0x120\n[ 145.571202] ath11k_ce_cleanup_pipes+0x45a/0x580 [ath11k]\n[ 145.571270] ? ath11k_pci_stop+0x10e/0x170 [ath11k_pci]\n[ 145.571345] ath11k_core_stop+0x8a/0xc0 [ath11k]\n[ 145.571434] ath11k_core_deinit+0x9e/0x150 [ath11k]\n[ 145.571499] ath11k_pci_remove+0xd2/0x260 [ath11k_pci]\n[ 145.571553] pci_device_remove+0x9a/0x1c0\n[ 145.571605] __device_release_driver+0x332/0x660\n[ 145.571659] driver_detach+0x1e7/0x2c0\n[ 145.571712] bus_remove_driver+0xe2/0x2d0\n[ 145.571772] pci_unregister_driver+0x21/0x250\n[ 145.571826] __do_sys_delete_module+0x30a/0x4b0\n[ 145.571879] ? free_module+0xac0/0xac0\n[ 145.571933] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370\n[ 145.571986] ? syscall_enter_from_user_mode+0x1d/0x50\n[ 145.572039] ? lockdep_hardirqs_on+0x79/0x100\n[ 145.572097] do_syscall_64+0x3b/0x90\n[ 145.572153] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:38.266Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/339bd0b55ecdd0f7f341e9357c4cfde799de9418"
},
{
"url": "https://git.kernel.org/stable/c/20d01a11efde2e05e47d5c66101f5c26eaca68e2"
},
{
"url": "https://git.kernel.org/stable/c/3fd7d50384c3808b7f7fa135aa9bb5feb1cb9849"
},
{
"url": "https://git.kernel.org/stable/c/646d533af2911be1184eaee8c900b7eb8ecc4396"
},
{
"url": "https://git.kernel.org/stable/c/3df6d74aedfdca919cca475d15dfdbc8b05c9e5d"
}
],
"title": "ath11k: mhi: use mhi_sync_power_up()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49130",
"datePublished": "2025-02-26T01:55:06.124Z",
"dateReserved": "2025-02-26T01:49:39.267Z",
"dateUpdated": "2025-10-01T19:57:03.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49726 (GCVE-0-2022-49726)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because the only in-tree call-site,
arch/x86/kernel/cpu/mshyperv.c is never compiled as modular.
(CONFIG_HYPERVISOR_GUEST is boolean)
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clocksource/hyperv_timer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cff3a7ce6e81418b6e8bac941779bbf5d342d626",
"status": "affected",
"version": "dd2cb348613b44f9d948b068775e159aad298599",
"versionType": "git"
},
{
"lessThan": "db965e2757d95f695e606856418cd84003dd036d",
"status": "affected",
"version": "dd2cb348613b44f9d948b068775e159aad298599",
"versionType": "git"
},
{
"lessThan": "0414eab7c78f3518143d383e448d44fc573ac6d2",
"status": "affected",
"version": "dd2cb348613b44f9d948b068775e159aad298599",
"versionType": "git"
},
{
"lessThan": "937fcbb55a1e48a6422e87e8f49422c92265f102",
"status": "affected",
"version": "dd2cb348613b44f9d948b068775e159aad298599",
"versionType": "git"
},
{
"lessThan": "245b993d8f6c4e25f19191edfbd8080b645e12b1",
"status": "affected",
"version": "dd2cb348613b44f9d948b068775e159aad298599",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clocksource/hyperv_timer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: hyper-v: unexport __init-annotated hv_init_clocksource()\n\nEXPORT_SYMBOL and __init is a bad combination because the .init.text\nsection is freed up after the initialization. Hence, modules cannot\nuse symbols annotated __init. The access to a freed symbol may end up\nwith kernel panic.\n\nmodpost used to detect it, but it has been broken for a decade.\n\nRecently, I fixed modpost so it started to warn it again, then this\nshowed up in linux-next builds.\n\nThere are two ways to fix it:\n\n - Remove __init\n - Remove EXPORT_SYMBOL\n\nI chose the latter for this case because the only in-tree call-site,\narch/x86/kernel/cpu/mshyperv.c is never compiled as modular.\n(CONFIG_HYPERVISOR_GUEST is boolean)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:44:10.038Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cff3a7ce6e81418b6e8bac941779bbf5d342d626"
},
{
"url": "https://git.kernel.org/stable/c/db965e2757d95f695e606856418cd84003dd036d"
},
{
"url": "https://git.kernel.org/stable/c/0414eab7c78f3518143d383e448d44fc573ac6d2"
},
{
"url": "https://git.kernel.org/stable/c/937fcbb55a1e48a6422e87e8f49422c92265f102"
},
{
"url": "https://git.kernel.org/stable/c/245b993d8f6c4e25f19191edfbd8080b645e12b1"
}
],
"title": "clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49726",
"datePublished": "2025-02-26T02:24:38.003Z",
"dateReserved": "2025-02-26T02:21:30.448Z",
"dateUpdated": "2025-05-04T08:44:10.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49276 (GCVE-0-2022-49276)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jffs2: fix memory leak in jffs2_scan_medium
If an error is returned in jffs2_scan_eraseblock() and some memory
has been added to the jffs2_summary *s, we can observe the following
kmemleak report:
--------------------------------------------
unreferenced object 0xffff88812b889c40 (size 64):
comm "mount", pid 692, jiffies 4294838325 (age 34.288s)
hex dump (first 32 bytes):
40 48 b5 14 81 88 ff ff 01 e0 31 00 00 00 50 00 @H........1...P.
00 00 01 00 00 00 01 00 00 00 02 00 00 00 09 08 ................
backtrace:
[<ffffffffae93a3a3>] __kmalloc+0x613/0x910
[<ffffffffaf423b9c>] jffs2_sum_add_dirent_mem+0x5c/0xa0
[<ffffffffb0f3afa8>] jffs2_scan_medium.cold+0x36e5/0x4794
[<ffffffffb0f3dbe1>] jffs2_do_mount_fs.cold+0xa7/0x2267
[<ffffffffaf40acf3>] jffs2_do_fill_super+0x383/0xc30
[<ffffffffaf40c00a>] jffs2_fill_super+0x2ea/0x4c0
[<ffffffffb0315d64>] mtd_get_sb+0x254/0x400
[<ffffffffb0315f5f>] mtd_get_sb_by_nr+0x4f/0xd0
[<ffffffffb0316478>] get_tree_mtd+0x498/0x840
[<ffffffffaf40bd15>] jffs2_get_tree+0x25/0x30
[<ffffffffae9f358d>] vfs_get_tree+0x8d/0x2e0
[<ffffffffaea7a98f>] path_mount+0x50f/0x1e50
[<ffffffffaea7c3d7>] do_mount+0x107/0x130
[<ffffffffaea7c5c5>] __se_sys_mount+0x1c5/0x2f0
[<ffffffffaea7c917>] __x64_sys_mount+0xc7/0x160
[<ffffffffb10142f5>] do_syscall_64+0x45/0x70
unreferenced object 0xffff888114b54840 (size 32):
comm "mount", pid 692, jiffies 4294838325 (age 34.288s)
hex dump (first 32 bytes):
c0 75 b5 14 81 88 ff ff 02 e0 02 00 00 00 02 00 .u..............
00 00 84 00 00 00 44 00 00 00 6b 6b 6b 6b 6b a5 ......D...kkkkk.
backtrace:
[<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880
[<ffffffffaf423b04>] jffs2_sum_add_inode_mem+0x54/0x90
[<ffffffffb0f3bd44>] jffs2_scan_medium.cold+0x4481/0x4794
[...]
unreferenced object 0xffff888114b57280 (size 32):
comm "mount", pid 692, jiffies 4294838393 (age 34.357s)
hex dump (first 32 bytes):
10 d5 6c 11 81 88 ff ff 08 e0 05 00 00 00 01 00 ..l.............
00 00 38 02 00 00 28 00 00 00 6b 6b 6b 6b 6b a5 ..8...(...kkkkk.
backtrace:
[<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880
[<ffffffffaf423c34>] jffs2_sum_add_xattr_mem+0x54/0x90
[<ffffffffb0f3a24f>] jffs2_scan_medium.cold+0x298c/0x4794
[...]
unreferenced object 0xffff8881116cd510 (size 16):
comm "mount", pid 692, jiffies 4294838395 (age 34.355s)
hex dump (first 16 bytes):
00 00 00 00 00 00 00 00 09 e0 60 02 00 00 6b a5 ..........`...k.
backtrace:
[<ffffffffae93be24>] kmem_cache_alloc_trace+0x584/0x880
[<ffffffffaf423cc4>] jffs2_sum_add_xref_mem+0x54/0x90
[<ffffffffb0f3b2e3>] jffs2_scan_medium.cold+0x3a20/0x4794
[...]
--------------------------------------------
Therefore, we should call jffs2_sum_reset_collected(s) on exit to
release the memory added in s. In addition, a new tag "out_buf" is
added to prevent the NULL pointer reference caused by s being NULL.
(thanks to Zhang Yi for this analysis)
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:45:34.710725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:01.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jffs2/scan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9b0c69182f09b70779817af4dcf89780955d5c4c",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "b36bccb04e14cc0c1e2d0e92d477fe220314fad6",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "e711913463af916d777a4873068f415f1fe2ad33",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "455f4a23490bfcbedc8e5c245c463a59b19e5ddd",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "51dbb5e36d59f62e34d462b801c1068248149cfe",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "52ba0ab4f0a606f02a6163493378989faa1ec10a",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "b26bbc0c122cad038831f226a4cb4de702225e16",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "82462324bf35b6b553400af1c1aa265069cee28f",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "9cdd3128874f5fe759e2c4e1360ab7fb96a8d1df",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jffs2/scan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.15"
},
{
"lessThan": "2.6.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix memory leak in jffs2_scan_medium\n\nIf an error is returned in jffs2_scan_eraseblock() and some memory\nhas been added to the jffs2_summary *s, we can observe the following\nkmemleak report:\n\n--------------------------------------------\nunreferenced object 0xffff88812b889c40 (size 64):\n comm \"mount\", pid 692, jiffies 4294838325 (age 34.288s)\n hex dump (first 32 bytes):\n 40 48 b5 14 81 88 ff ff 01 e0 31 00 00 00 50 00 @H........1...P.\n 00 00 01 00 00 00 01 00 00 00 02 00 00 00 09 08 ................\n backtrace:\n [\u003cffffffffae93a3a3\u003e] __kmalloc+0x613/0x910\n [\u003cffffffffaf423b9c\u003e] jffs2_sum_add_dirent_mem+0x5c/0xa0\n [\u003cffffffffb0f3afa8\u003e] jffs2_scan_medium.cold+0x36e5/0x4794\n [\u003cffffffffb0f3dbe1\u003e] jffs2_do_mount_fs.cold+0xa7/0x2267\n [\u003cffffffffaf40acf3\u003e] jffs2_do_fill_super+0x383/0xc30\n [\u003cffffffffaf40c00a\u003e] jffs2_fill_super+0x2ea/0x4c0\n [\u003cffffffffb0315d64\u003e] mtd_get_sb+0x254/0x400\n [\u003cffffffffb0315f5f\u003e] mtd_get_sb_by_nr+0x4f/0xd0\n [\u003cffffffffb0316478\u003e] get_tree_mtd+0x498/0x840\n [\u003cffffffffaf40bd15\u003e] jffs2_get_tree+0x25/0x30\n [\u003cffffffffae9f358d\u003e] vfs_get_tree+0x8d/0x2e0\n [\u003cffffffffaea7a98f\u003e] path_mount+0x50f/0x1e50\n [\u003cffffffffaea7c3d7\u003e] do_mount+0x107/0x130\n [\u003cffffffffaea7c5c5\u003e] __se_sys_mount+0x1c5/0x2f0\n [\u003cffffffffaea7c917\u003e] __x64_sys_mount+0xc7/0x160\n [\u003cffffffffb10142f5\u003e] do_syscall_64+0x45/0x70\nunreferenced object 0xffff888114b54840 (size 32):\n comm \"mount\", pid 692, jiffies 4294838325 (age 34.288s)\n hex dump (first 32 bytes):\n c0 75 b5 14 81 88 ff ff 02 e0 02 00 00 00 02 00 .u..............\n 00 00 84 00 00 00 44 00 00 00 6b 6b 6b 6b 6b a5 ......D...kkkkk.\n backtrace:\n [\u003cffffffffae93be24\u003e] kmem_cache_alloc_trace+0x584/0x880\n [\u003cffffffffaf423b04\u003e] jffs2_sum_add_inode_mem+0x54/0x90\n [\u003cffffffffb0f3bd44\u003e] jffs2_scan_medium.cold+0x4481/0x4794\n [...]\nunreferenced object 0xffff888114b57280 (size 32):\n comm \"mount\", pid 692, jiffies 4294838393 (age 34.357s)\n hex dump (first 32 bytes):\n 10 d5 6c 11 81 88 ff ff 08 e0 05 00 00 00 01 00 ..l.............\n 00 00 38 02 00 00 28 00 00 00 6b 6b 6b 6b 6b a5 ..8...(...kkkkk.\n backtrace:\n [\u003cffffffffae93be24\u003e] kmem_cache_alloc_trace+0x584/0x880\n [\u003cffffffffaf423c34\u003e] jffs2_sum_add_xattr_mem+0x54/0x90\n [\u003cffffffffb0f3a24f\u003e] jffs2_scan_medium.cold+0x298c/0x4794\n [...]\nunreferenced object 0xffff8881116cd510 (size 16):\n comm \"mount\", pid 692, jiffies 4294838395 (age 34.355s)\n hex dump (first 16 bytes):\n 00 00 00 00 00 00 00 00 09 e0 60 02 00 00 6b a5 ..........`...k.\n backtrace:\n [\u003cffffffffae93be24\u003e] kmem_cache_alloc_trace+0x584/0x880\n [\u003cffffffffaf423cc4\u003e] jffs2_sum_add_xref_mem+0x54/0x90\n [\u003cffffffffb0f3b2e3\u003e] jffs2_scan_medium.cold+0x3a20/0x4794\n [...]\n--------------------------------------------\n\nTherefore, we should call jffs2_sum_reset_collected(s) on exit to\nrelease the memory added in s. In addition, a new tag \"out_buf\" is\nadded to prevent the NULL pointer reference caused by s being NULL.\n(thanks to Zhang Yi for this analysis)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:59.667Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9b0c69182f09b70779817af4dcf89780955d5c4c"
},
{
"url": "https://git.kernel.org/stable/c/b36bccb04e14cc0c1e2d0e92d477fe220314fad6"
},
{
"url": "https://git.kernel.org/stable/c/e711913463af916d777a4873068f415f1fe2ad33"
},
{
"url": "https://git.kernel.org/stable/c/455f4a23490bfcbedc8e5c245c463a59b19e5ddd"
},
{
"url": "https://git.kernel.org/stable/c/51dbb5e36d59f62e34d462b801c1068248149cfe"
},
{
"url": "https://git.kernel.org/stable/c/52ba0ab4f0a606f02a6163493378989faa1ec10a"
},
{
"url": "https://git.kernel.org/stable/c/b26bbc0c122cad038831f226a4cb4de702225e16"
},
{
"url": "https://git.kernel.org/stable/c/82462324bf35b6b553400af1c1aa265069cee28f"
},
{
"url": "https://git.kernel.org/stable/c/9cdd3128874f5fe759e2c4e1360ab7fb96a8d1df"
}
],
"title": "jffs2: fix memory leak in jffs2_scan_medium",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49276",
"datePublished": "2025-02-26T01:56:20.559Z",
"dateReserved": "2025-02-26T01:49:39.298Z",
"dateUpdated": "2025-10-01T19:47:01.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49502 (GCVE-0-2022-49502)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: rga: fix possible memory leak in rga_probe
rga->m2m_dev needs to be freed when rga_probe fails.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:38:32.735953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:42.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/rockchip/rga/rga.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8ddc89437ccefa18279918c19a61fd81527f40b9",
"status": "affected",
"version": "f7e7b48e6d796da85d99b318def20d9313ef61df",
"versionType": "git"
},
{
"lessThan": "eeb4819e94aa69767b9e5591e70c63e8b7c5786a",
"status": "affected",
"version": "f7e7b48e6d796da85d99b318def20d9313ef61df",
"versionType": "git"
},
{
"lessThan": "b7bbca4d08471bc8404a946bab1aa017dd05199b",
"status": "affected",
"version": "f7e7b48e6d796da85d99b318def20d9313ef61df",
"versionType": "git"
},
{
"lessThan": "1cdc768468c25d6b10ab83ec1efd4a8554532d69",
"status": "affected",
"version": "f7e7b48e6d796da85d99b318def20d9313ef61df",
"versionType": "git"
},
{
"lessThan": "a71eb6025305192e646040cd76ccacb5bd48a1b5",
"status": "affected",
"version": "f7e7b48e6d796da85d99b318def20d9313ef61df",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/rockchip/rga/rga.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rga: fix possible memory leak in rga_probe\n\nrga-\u003em2m_dev needs to be freed when rga_probe fails."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:18.785Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8ddc89437ccefa18279918c19a61fd81527f40b9"
},
{
"url": "https://git.kernel.org/stable/c/eeb4819e94aa69767b9e5591e70c63e8b7c5786a"
},
{
"url": "https://git.kernel.org/stable/c/b7bbca4d08471bc8404a946bab1aa017dd05199b"
},
{
"url": "https://git.kernel.org/stable/c/1cdc768468c25d6b10ab83ec1efd4a8554532d69"
},
{
"url": "https://git.kernel.org/stable/c/a71eb6025305192e646040cd76ccacb5bd48a1b5"
}
],
"title": "media: rga: fix possible memory leak in rga_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49502",
"datePublished": "2025-02-26T02:13:35.528Z",
"dateReserved": "2025-02-26T02:08:31.586Z",
"dateUpdated": "2025-10-01T19:46:42.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49712 (GCVE-0-2022-49712)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
of_node_put() will check NULL pointer.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 24a28e4283510dcd58890379a42b8a7d3201d9d3 Version: 24a28e4283510dcd58890379a42b8a7d3201d9d3 Version: 24a28e4283510dcd58890379a42b8a7d3201d9d3 Version: 24a28e4283510dcd58890379a42b8a7d3201d9d3 Version: 24a28e4283510dcd58890379a42b8a7d3201d9d3 Version: 24a28e4283510dcd58890379a42b8a7d3201d9d3 Version: 24a28e4283510dcd58890379a42b8a7d3201d9d3 Version: 24a28e4283510dcd58890379a42b8a7d3201d9d3 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:32:26.147841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:45.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/udc/lpc32xx_udc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d85e4e6284a91aa2d1ab004e9d84b9c09b4aa203",
"status": "affected",
"version": "24a28e4283510dcd58890379a42b8a7d3201d9d3",
"versionType": "git"
},
{
"lessThan": "0ef6917c0524da5b88496b9706628ffef108b9bb",
"status": "affected",
"version": "24a28e4283510dcd58890379a42b8a7d3201d9d3",
"versionType": "git"
},
{
"lessThan": "2a598da14856ead80c726b38ba426c68637d9211",
"status": "affected",
"version": "24a28e4283510dcd58890379a42b8a7d3201d9d3",
"versionType": "git"
},
{
"lessThan": "b75bddfcc18170ce8e3fb695a76ec2dec4ce0ea5",
"status": "affected",
"version": "24a28e4283510dcd58890379a42b8a7d3201d9d3",
"versionType": "git"
},
{
"lessThan": "57901c658f77d9ea2e772f35cb38e47efb54c558",
"status": "affected",
"version": "24a28e4283510dcd58890379a42b8a7d3201d9d3",
"versionType": "git"
},
{
"lessThan": "46da1e4a8b6329479433b2a4056941dfdd7f3efd",
"status": "affected",
"version": "24a28e4283510dcd58890379a42b8a7d3201d9d3",
"versionType": "git"
},
{
"lessThan": "727c82d003e0ec64411fd1257a9a57de4ad7a99a",
"status": "affected",
"version": "24a28e4283510dcd58890379a42b8a7d3201d9d3",
"versionType": "git"
},
{
"lessThan": "4757c9ade34178b351580133771f510b5ffcf9c8",
"status": "affected",
"version": "24a28e4283510dcd58890379a42b8a7d3201d9d3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/udc/lpc32xx_udc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.5"
},
{
"lessThan": "3.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.320",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.285",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.249",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\nof_node_put() will check NULL pointer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:52.603Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d85e4e6284a91aa2d1ab004e9d84b9c09b4aa203"
},
{
"url": "https://git.kernel.org/stable/c/0ef6917c0524da5b88496b9706628ffef108b9bb"
},
{
"url": "https://git.kernel.org/stable/c/2a598da14856ead80c726b38ba426c68637d9211"
},
{
"url": "https://git.kernel.org/stable/c/b75bddfcc18170ce8e3fb695a76ec2dec4ce0ea5"
},
{
"url": "https://git.kernel.org/stable/c/57901c658f77d9ea2e772f35cb38e47efb54c558"
},
{
"url": "https://git.kernel.org/stable/c/46da1e4a8b6329479433b2a4056941dfdd7f3efd"
},
{
"url": "https://git.kernel.org/stable/c/727c82d003e0ec64411fd1257a9a57de4ad7a99a"
},
{
"url": "https://git.kernel.org/stable/c/4757c9ade34178b351580133771f510b5ffcf9c8"
}
],
"title": "usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49712",
"datePublished": "2025-02-26T02:24:28.888Z",
"dateReserved": "2025-02-26T02:21:30.444Z",
"dateUpdated": "2025-10-01T19:36:45.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49652 (GCVE-0-2022-49652)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not needed anymore.
Add missing of_node_put() in to fix this.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e Version: ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e Version: ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e Version: ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e Version: ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e Version: ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e Version: ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e Version: ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:41.629010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:48.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/ti/dma-crossbar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "452b9dfd7aca96befce22634fadb111737f22bbe",
"status": "affected",
"version": "ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e",
"versionType": "git"
},
{
"lessThan": "61b4ef19c346dc21ab1d4f39f5c412e3037b2bdc",
"status": "affected",
"version": "ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e",
"versionType": "git"
},
{
"lessThan": "3bd66010398871807c1cebacee07d60ded1b1402",
"status": "affected",
"version": "ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e",
"versionType": "git"
},
{
"lessThan": "b31ab132561c7f1b6459039152b8d09e44eb3565",
"status": "affected",
"version": "ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e",
"versionType": "git"
},
{
"lessThan": "37147e22cd8dfc0412495cb361708836157a4486",
"status": "affected",
"version": "ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e",
"versionType": "git"
},
{
"lessThan": "cb9813d7eae917acd34436160a278b8b5d48ca53",
"status": "affected",
"version": "ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e",
"versionType": "git"
},
{
"lessThan": "b5a817f8d62e9e13280928f3756e54854ae4962e",
"status": "affected",
"version": "ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e",
"versionType": "git"
},
{
"lessThan": "c132fe78ad7b4ce8b5d49a501a15c29d08eeb23a",
"status": "affected",
"version": "ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/ti/dma-crossbar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.288",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.252",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.205",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.323",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.288",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.252",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.205",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.130",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.11",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not needed anymore.\n\nAdd missing of_node_put() in to fix this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:37.112Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/452b9dfd7aca96befce22634fadb111737f22bbe"
},
{
"url": "https://git.kernel.org/stable/c/61b4ef19c346dc21ab1d4f39f5c412e3037b2bdc"
},
{
"url": "https://git.kernel.org/stable/c/3bd66010398871807c1cebacee07d60ded1b1402"
},
{
"url": "https://git.kernel.org/stable/c/b31ab132561c7f1b6459039152b8d09e44eb3565"
},
{
"url": "https://git.kernel.org/stable/c/37147e22cd8dfc0412495cb361708836157a4486"
},
{
"url": "https://git.kernel.org/stable/c/cb9813d7eae917acd34436160a278b8b5d48ca53"
},
{
"url": "https://git.kernel.org/stable/c/b5a817f8d62e9e13280928f3756e54854ae4962e"
},
{
"url": "https://git.kernel.org/stable/c/c132fe78ad7b4ce8b5d49a501a15c29d08eeb23a"
}
],
"title": "dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49652",
"datePublished": "2025-02-26T02:23:53.995Z",
"dateReserved": "2025-02-26T02:21:30.433Z",
"dateUpdated": "2025-10-01T19:36:48.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49112 (GCVE-0-2022-49112)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mt76: fix monitor mode crash with sdio driver
mt7921s driver may receive frames with fragment buffers. If there is a
CTS packet received in monitor mode, the payload is 10 bytes only and
need 6 bytes header padding after RXD buffer. However, only RXD in the
first linear buffer, if we pull buffer size RXD-size+6 bytes with
skb_pull(), that would trigger "BUG_ON(skb->len < skb->data_len)" in
__skb_pull().
To avoid the nonlinear buffer issue, enlarge the RXD size from 128 to
256 to make sure all MCU operation in linear buffer.
[ 52.007562] kernel BUG at include/linux/skbuff.h:2313!
[ 52.007578] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[ 52.007987] pc : skb_pull+0x48/0x4c
[ 52.008015] lr : mt7921_queue_rx_skb+0x494/0x890 [mt7921_common]
[ 52.008361] Call trace:
[ 52.008377] skb_pull+0x48/0x4c
[ 52.008400] mt76s_net_worker+0x134/0x1b0 [mt76_sdio 35339a92c6eb7d4bbcc806a1d22f56365565135c]
[ 52.008431] __mt76_worker_fn+0xe8/0x170 [mt76 ef716597d11a77150bc07e3fdd68eeb0f9b56917]
[ 52.008449] kthread+0x148/0x3ac
[ 52.008466] ret_from_fork+0x10/0x30
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt76.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "13946d5a68efd11dd6af2f6ef4c908f6b00158a5",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "c37b4cab3d97ef64b206fca4d9daabd9aff7356e",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "95e2af01669c7a3cb7a933cefa06361f9db15059",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "123bc712b1de0805f9d683687e17b1ec2aba0b68",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt76.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix monitor mode crash with sdio driver\n\nmt7921s driver may receive frames with fragment buffers. If there is a\nCTS packet received in monitor mode, the payload is 10 bytes only and\nneed 6 bytes header padding after RXD buffer. However, only RXD in the\nfirst linear buffer, if we pull buffer size RXD-size+6 bytes with\nskb_pull(), that would trigger \"BUG_ON(skb-\u003elen \u003c skb-\u003edata_len)\" in\n__skb_pull().\n\nTo avoid the nonlinear buffer issue, enlarge the RXD size from 128 to\n256 to make sure all MCU operation in linear buffer.\n\n[ 52.007562] kernel BUG at include/linux/skbuff.h:2313!\n[ 52.007578] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n[ 52.007987] pc : skb_pull+0x48/0x4c\n[ 52.008015] lr : mt7921_queue_rx_skb+0x494/0x890 [mt7921_common]\n[ 52.008361] Call trace:\n[ 52.008377] skb_pull+0x48/0x4c\n[ 52.008400] mt76s_net_worker+0x134/0x1b0 [mt76_sdio 35339a92c6eb7d4bbcc806a1d22f56365565135c]\n[ 52.008431] __mt76_worker_fn+0xe8/0x170 [mt76 ef716597d11a77150bc07e3fdd68eeb0f9b56917]\n[ 52.008449] kthread+0x148/0x3ac\n[ 52.008466] ret_from_fork+0x10/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:08.471Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/13946d5a68efd11dd6af2f6ef4c908f6b00158a5"
},
{
"url": "https://git.kernel.org/stable/c/c37b4cab3d97ef64b206fca4d9daabd9aff7356e"
},
{
"url": "https://git.kernel.org/stable/c/95e2af01669c7a3cb7a933cefa06361f9db15059"
},
{
"url": "https://git.kernel.org/stable/c/123bc712b1de0805f9d683687e17b1ec2aba0b68"
}
],
"title": "mt76: fix monitor mode crash with sdio driver",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49112",
"datePublished": "2025-02-26T01:54:57.109Z",
"dateReserved": "2025-02-26T01:49:39.261Z",
"dateUpdated": "2025-05-04T08:30:08.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49164 (GCVE-0-2022-49164)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/tm: Fix more userspace r13 corruption
Commit cf13435b730a ("powerpc/tm: Fix userspace r13 corruption") fixes a
problem in treclaim where a SLB miss can occur on the
thread_struct->ckpt_regs while SCRATCH0 is live with the saved user r13
value, clobbering it with the kernel r13 and ultimately resulting in
kernel r13 being stored in ckpt_regs.
There is an equivalent problem in trechkpt where the user r13 value is
loaded into r13 from chkpt_regs to be recheckpointed, but a SLB miss
could occur on ckpt_regs accesses after that, which will result in r13
being clobbered with a kernel value and that will get recheckpointed and
then restored to user registers.
The same memory page is accessed right before this critical window where
a SLB miss could cause corruption, so hitting the bug requires the SLB
entry be removed within a small window of instructions, which is
possible if a SLB related MCE hits there. PAPR also permits the
hypervisor to discard this SLB entry (because slb_shadow->persistent is
only set to SLB_NUM_BOLTED) although it's not known whether any
implementations would do this (KVM does not). So this is an extremely
unlikely bug, only found by inspection.
Fix this by also storing user r13 in a temporary location on the kernel
stack and don't change the r13 register from kernel r13 until the RI=0
critical section that does not fault.
The SCRATCH0 change is not strictly part of the fix, it's only used in
the RI=0 section so it does not have the same problem as the previous
SCRATCH0 bug.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/kernel/tm.S"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5dce84f475d13b773a1a4c823581cab25044d86a",
"status": "affected",
"version": "98ae22e15b430bfed5def01ac1a88ec9396284c8",
"versionType": "git"
},
{
"lessThan": "73d8082c90f17dfba57cad4ca94db5cae323f1b1",
"status": "affected",
"version": "98ae22e15b430bfed5def01ac1a88ec9396284c8",
"versionType": "git"
},
{
"lessThan": "9d71165d3934e607070c4e48458c0cf161b1baea",
"status": "affected",
"version": "98ae22e15b430bfed5def01ac1a88ec9396284c8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/kernel/tm.S"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/tm: Fix more userspace r13 corruption\n\nCommit cf13435b730a (\"powerpc/tm: Fix userspace r13 corruption\") fixes a\nproblem in treclaim where a SLB miss can occur on the\nthread_struct-\u003eckpt_regs while SCRATCH0 is live with the saved user r13\nvalue, clobbering it with the kernel r13 and ultimately resulting in\nkernel r13 being stored in ckpt_regs.\n\nThere is an equivalent problem in trechkpt where the user r13 value is\nloaded into r13 from chkpt_regs to be recheckpointed, but a SLB miss\ncould occur on ckpt_regs accesses after that, which will result in r13\nbeing clobbered with a kernel value and that will get recheckpointed and\nthen restored to user registers.\n\nThe same memory page is accessed right before this critical window where\na SLB miss could cause corruption, so hitting the bug requires the SLB\nentry be removed within a small window of instructions, which is\npossible if a SLB related MCE hits there. PAPR also permits the\nhypervisor to discard this SLB entry (because slb_shadow-\u003epersistent is\nonly set to SLB_NUM_BOLTED) although it\u0027s not known whether any\nimplementations would do this (KVM does not). So this is an extremely\nunlikely bug, only found by inspection.\n\nFix this by also storing user r13 in a temporary location on the kernel\nstack and don\u0027t change the r13 register from kernel r13 until the RI=0\ncritical section that does not fault.\n\nThe SCRATCH0 change is not strictly part of the fix, it\u0027s only used in\nthe RI=0 section so it does not have the same problem as the previous\nSCRATCH0 bug."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:22.171Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5dce84f475d13b773a1a4c823581cab25044d86a"
},
{
"url": "https://git.kernel.org/stable/c/73d8082c90f17dfba57cad4ca94db5cae323f1b1"
},
{
"url": "https://git.kernel.org/stable/c/9d71165d3934e607070c4e48458c0cf161b1baea"
}
],
"title": "powerpc/tm: Fix more userspace r13 corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49164",
"datePublished": "2025-02-26T01:55:24.540Z",
"dateReserved": "2025-02-26T01:49:39.277Z",
"dateUpdated": "2025-05-04T08:31:22.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49250 (GCVE-0-2022-49250)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: rx-macro: fix accessing compander for aux
AUX interpolator does not have compander, so check before accessing
compander data for this.
Without this checkan array of out bounds access will be made in
comp_enabled[] array.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/lpass-rx-macro.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9208ecc703b5ed5b12d7ea13c79207f4c8456638",
"status": "affected",
"version": "4f692926f562ff48abfcca6b16f36ff8d57473b6",
"versionType": "git"
},
{
"lessThan": "87a2b44cb3005d30c3a72234d1e47b03ae3bb29a",
"status": "affected",
"version": "4f692926f562ff48abfcca6b16f36ff8d57473b6",
"versionType": "git"
},
{
"lessThan": "6aa8ef9535dbd561293406608ebe791627b10196",
"status": "affected",
"version": "4f692926f562ff48abfcca6b16f36ff8d57473b6",
"versionType": "git"
},
{
"lessThan": "42c709c4e1ce4c136891530646c9abd5dff3524f",
"status": "affected",
"version": "4f692926f562ff48abfcca6b16f36ff8d57473b6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/lpass-rx-macro.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: rx-macro: fix accessing compander for aux\n\nAUX interpolator does not have compander, so check before accessing\ncompander data for this.\n\nWithout this checkan array of out bounds access will be made in\ncomp_enabled[] array."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:21.563Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9208ecc703b5ed5b12d7ea13c79207f4c8456638"
},
{
"url": "https://git.kernel.org/stable/c/87a2b44cb3005d30c3a72234d1e47b03ae3bb29a"
},
{
"url": "https://git.kernel.org/stable/c/6aa8ef9535dbd561293406608ebe791627b10196"
},
{
"url": "https://git.kernel.org/stable/c/42c709c4e1ce4c136891530646c9abd5dff3524f"
}
],
"title": "ASoC: codecs: rx-macro: fix accessing compander for aux",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49250",
"datePublished": "2025-02-26T01:56:07.719Z",
"dateReserved": "2025-02-26T01:49:39.295Z",
"dateUpdated": "2025-05-04T08:33:21.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49625 (GCVE-0-2022-49625)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sfc: fix kernel panic when creating VF
When creating VFs a kernel panic can happen when calling to
efx_ef10_try_update_nic_stats_vf.
When releasing a DMA coherent buffer, sometimes, I don't know in what
specific circumstances, it has to unmap memory with vunmap. It is
disallowed to do that in IRQ context or with BH disabled. Otherwise, we
hit this line in vunmap, causing the crash:
BUG_ON(in_interrupt());
This patch reenables BH to release the buffer.
Log messages when the bug is hit:
kernel BUG at mm/vmalloc.c:2727!
invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
CPU: 6 PID: 1462 Comm: NetworkManager Kdump: loaded Tainted: G I --------- --- 5.14.0-119.el9.x86_64 #1
Hardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020
RIP: 0010:vunmap+0x2e/0x30
...skip...
Call Trace:
__iommu_dma_free+0x96/0x100
efx_nic_free_buffer+0x2b/0x40 [sfc]
efx_ef10_try_update_nic_stats_vf+0x14a/0x1c0 [sfc]
efx_ef10_update_stats_vf+0x18/0x40 [sfc]
efx_start_all+0x15e/0x1d0 [sfc]
efx_net_open+0x5a/0xe0 [sfc]
__dev_open+0xe7/0x1a0
__dev_change_flags+0x1d7/0x240
dev_change_flags+0x21/0x60
...skip...
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d778819609a27efd5358da8151a0ad3507243e19 Version: d778819609a27efd5358da8151a0ad3507243e19 Version: d778819609a27efd5358da8151a0ad3507243e19 Version: d778819609a27efd5358da8151a0ad3507243e19 Version: d778819609a27efd5358da8151a0ad3507243e19 Version: d778819609a27efd5358da8151a0ad3507243e19 Version: d778819609a27efd5358da8151a0ad3507243e19 Version: d778819609a27efd5358da8151a0ad3507243e19 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/sfc/ef10.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d9840212a9c00507347c703f4fdeda16400407e0",
"status": "affected",
"version": "d778819609a27efd5358da8151a0ad3507243e19",
"versionType": "git"
},
{
"lessThan": "b9072305270579a9d6afc9b926166231e5b1a7c8",
"status": "affected",
"version": "d778819609a27efd5358da8151a0ad3507243e19",
"versionType": "git"
},
{
"lessThan": "82bcb730f856086f033e6c04082eb4503d4c2fa4",
"status": "affected",
"version": "d778819609a27efd5358da8151a0ad3507243e19",
"versionType": "git"
},
{
"lessThan": "da346adcf5573fd8663cabfdfe8371009629a906",
"status": "affected",
"version": "d778819609a27efd5358da8151a0ad3507243e19",
"versionType": "git"
},
{
"lessThan": "b82e4ad58a7fb72456503958a93060f87896e629",
"status": "affected",
"version": "d778819609a27efd5358da8151a0ad3507243e19",
"versionType": "git"
},
{
"lessThan": "68e5f32f0de9594629ff9e599294d9801c6187de",
"status": "affected",
"version": "d778819609a27efd5358da8151a0ad3507243e19",
"versionType": "git"
},
{
"lessThan": "16662524ec5da801fb78a1afcaf6e782f1cf103a",
"status": "affected",
"version": "d778819609a27efd5358da8151a0ad3507243e19",
"versionType": "git"
},
{
"lessThan": "ada74c5539eba06cf8b47d068f92e0b3963a9a6e",
"status": "affected",
"version": "d778819609a27efd5358da8151a0ad3507243e19",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/sfc/ef10.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.289",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.324",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.289",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.253",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix kernel panic when creating VF\n\nWhen creating VFs a kernel panic can happen when calling to\nefx_ef10_try_update_nic_stats_vf.\n\nWhen releasing a DMA coherent buffer, sometimes, I don\u0027t know in what\nspecific circumstances, it has to unmap memory with vunmap. It is\ndisallowed to do that in IRQ context or with BH disabled. Otherwise, we\nhit this line in vunmap, causing the crash:\n BUG_ON(in_interrupt());\n\nThis patch reenables BH to release the buffer.\n\nLog messages when the bug is hit:\n kernel BUG at mm/vmalloc.c:2727!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 6 PID: 1462 Comm: NetworkManager Kdump: loaded Tainted: G I --------- --- 5.14.0-119.el9.x86_64 #1\n Hardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020\n RIP: 0010:vunmap+0x2e/0x30\n ...skip...\n Call Trace:\n __iommu_dma_free+0x96/0x100\n efx_nic_free_buffer+0x2b/0x40 [sfc]\n efx_ef10_try_update_nic_stats_vf+0x14a/0x1c0 [sfc]\n efx_ef10_update_stats_vf+0x18/0x40 [sfc]\n efx_start_all+0x15e/0x1d0 [sfc]\n efx_net_open+0x5a/0xe0 [sfc]\n __dev_open+0xe7/0x1a0\n __dev_change_flags+0x1d7/0x240\n dev_change_flags+0x21/0x60\n ...skip..."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:04.336Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d9840212a9c00507347c703f4fdeda16400407e0"
},
{
"url": "https://git.kernel.org/stable/c/b9072305270579a9d6afc9b926166231e5b1a7c8"
},
{
"url": "https://git.kernel.org/stable/c/82bcb730f856086f033e6c04082eb4503d4c2fa4"
},
{
"url": "https://git.kernel.org/stable/c/da346adcf5573fd8663cabfdfe8371009629a906"
},
{
"url": "https://git.kernel.org/stable/c/b82e4ad58a7fb72456503958a93060f87896e629"
},
{
"url": "https://git.kernel.org/stable/c/68e5f32f0de9594629ff9e599294d9801c6187de"
},
{
"url": "https://git.kernel.org/stable/c/16662524ec5da801fb78a1afcaf6e782f1cf103a"
},
{
"url": "https://git.kernel.org/stable/c/ada74c5539eba06cf8b47d068f92e0b3963a9a6e"
}
],
"title": "sfc: fix kernel panic when creating VF",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49625",
"datePublished": "2025-02-26T02:23:40.786Z",
"dateReserved": "2025-02-26T02:21:30.421Z",
"dateUpdated": "2025-05-04T08:42:04.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49475 (GCVE-0-2022-49475)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()
It will cause null-ptr-deref if platform_get_resource_byname() returns NULL,
we need check the return value.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:39.524948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:45.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-fsl-qspi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "560dcbe1c7a78f597f2167371ebdbe2bca3d0735",
"status": "affected",
"version": "858e26a515c28df3ef542d9c09493b54a329d6cf",
"versionType": "git"
},
{
"lessThan": "10f537219629769498ecb8515e096be213224c24",
"status": "affected",
"version": "858e26a515c28df3ef542d9c09493b54a329d6cf",
"versionType": "git"
},
{
"lessThan": "33dda87d04598ac5d9a849218a373443f7d3de66",
"status": "affected",
"version": "858e26a515c28df3ef542d9c09493b54a329d6cf",
"versionType": "git"
},
{
"lessThan": "9d9c84825c3ec359b165c762a424cfdefe87fdd7",
"status": "affected",
"version": "858e26a515c28df3ef542d9c09493b54a329d6cf",
"versionType": "git"
},
{
"lessThan": "a2b331ac11e1cac56f5b7d367e9f3c5796deaaed",
"status": "affected",
"version": "858e26a515c28df3ef542d9c09493b54a329d6cf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-fsl-qspi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()\n\nIt will cause null-ptr-deref if platform_get_resource_byname() returns NULL,\nwe need check the return value."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:31.719Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/560dcbe1c7a78f597f2167371ebdbe2bca3d0735"
},
{
"url": "https://git.kernel.org/stable/c/10f537219629769498ecb8515e096be213224c24"
},
{
"url": "https://git.kernel.org/stable/c/33dda87d04598ac5d9a849218a373443f7d3de66"
},
{
"url": "https://git.kernel.org/stable/c/9d9c84825c3ec359b165c762a424cfdefe87fdd7"
},
{
"url": "https://git.kernel.org/stable/c/a2b331ac11e1cac56f5b7d367e9f3c5796deaaed"
}
],
"title": "spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49475",
"datePublished": "2025-02-26T02:13:17.353Z",
"dateReserved": "2025-02-26T02:08:31.580Z",
"dateUpdated": "2025-10-01T19:46:45.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29901 (GCVE-0-2022-29901)
Vulnerability from cvelistv5
Published
2022-07-12 00:00
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel | Intel Microprocessors |
Version: generations 6 to 8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://comsec.ethz.ch/retbleed"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html"
},
{
"name": "[oss-security] 20220712 Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/12/2"
},
{
"name": "[oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/12/4"
},
{
"name": "[oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/12/5"
},
{
"name": "[oss-security] 20220713 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/13/1"
},
{
"name": "FEDORA-2022-c69ef9c1dd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
},
{
"name": "FEDORA-2022-8aab5b5cde",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221007-0007/"
},
{
"name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel Microprocessors",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "generations 6 to 8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Wikner - ETH Z\u00fcrich"
},
{
"lang": "en",
"value": "Kaveh Razavi - ETH Z\u00fcrich"
}
],
"descriptions": [
{
"lang": "en",
"value": "Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T08:06:41.365488",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"url": "https://comsec.ethz.ch/retbleed"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html"
},
{
"name": "[oss-security] 20220712 Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/12/2"
},
{
"name": "[oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/12/4"
},
{
"name": "[oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/12/5"
},
{
"name": "[oss-security] 20220713 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/13/1"
},
{
"name": "FEDORA-2022-c69ef9c1dd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
},
{
"name": "FEDORA-2022-8aab5b5cde",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221007-0007/"
},
{
"name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
},
{
"url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-29901",
"datePublished": "2022-07-12T00:00:00",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:33:43.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49416 (GCVE-0-2022-49416)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix use-after-free in chanctx code
In ieee80211_vif_use_reserved_context(), when we have an
old context and the new context's replace_state is set to
IEEE80211_CHANCTX_REPLACE_NONE, we free the old context
in ieee80211_vif_use_reserved_reassign(). Therefore, we
cannot check the old_ctx anymore, so we should set it to
NULL after this point.
However, since the new_ctx replace state is clearly not
IEEE80211_CHANCTX_REPLACES_OTHER, we're not going to do
anything else in this function and can just return to
avoid accessing the freed old_ctx.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f Version: 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f Version: 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f Version: 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f Version: 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f Version: 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f Version: 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f Version: 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f Version: 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:16:18.774528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:33.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/chan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "88cc8f963febe192d6ded9df7217f92f380b449a",
"status": "affected",
"version": "5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f",
"versionType": "git"
},
{
"lessThan": "4ba81e794f0fad6234f644c2da1ae14d5b95e1c4",
"status": "affected",
"version": "5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f",
"versionType": "git"
},
{
"lessThan": "9f1e5cc85ad77e52f54049a94db0407445ae2a34",
"status": "affected",
"version": "5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f",
"versionType": "git"
},
{
"lessThan": "265bec4779a38b65e86a25120370f200822dfa76",
"status": "affected",
"version": "5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f",
"versionType": "git"
},
{
"lessThan": "6118bbdf69f4718b02d26bbcf2e497eb66004331",
"status": "affected",
"version": "5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f",
"versionType": "git"
},
{
"lessThan": "b79110f2bf6022e60e590d2e094728a8eec3e79e",
"status": "affected",
"version": "5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f",
"versionType": "git"
},
{
"lessThan": "82c8e7bbdd06c7ed58e22450cc5b37f33a25bb2c",
"status": "affected",
"version": "5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f",
"versionType": "git"
},
{
"lessThan": "4f05a9e15edcdf5b97e0d86ab6ecd5f187289f6c",
"status": "affected",
"version": "5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f",
"versionType": "git"
},
{
"lessThan": "2965c4cdf7ad9ce0796fac5e57debb9519ea721e",
"status": "affected",
"version": "5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/chan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.17"
},
{
"lessThan": "3.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix use-after-free in chanctx code\n\nIn ieee80211_vif_use_reserved_context(), when we have an\nold context and the new context\u0027s replace_state is set to\nIEEE80211_CHANCTX_REPLACE_NONE, we free the old context\nin ieee80211_vif_use_reserved_reassign(). Therefore, we\ncannot check the old_ctx anymore, so we should set it to\nNULL after this point.\n\nHowever, since the new_ctx replace state is clearly not\nIEEE80211_CHANCTX_REPLACES_OTHER, we\u0027re not going to do\nanything else in this function and can just return to\navoid accessing the freed old_ctx."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:12.553Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/88cc8f963febe192d6ded9df7217f92f380b449a"
},
{
"url": "https://git.kernel.org/stable/c/4ba81e794f0fad6234f644c2da1ae14d5b95e1c4"
},
{
"url": "https://git.kernel.org/stable/c/9f1e5cc85ad77e52f54049a94db0407445ae2a34"
},
{
"url": "https://git.kernel.org/stable/c/265bec4779a38b65e86a25120370f200822dfa76"
},
{
"url": "https://git.kernel.org/stable/c/6118bbdf69f4718b02d26bbcf2e497eb66004331"
},
{
"url": "https://git.kernel.org/stable/c/b79110f2bf6022e60e590d2e094728a8eec3e79e"
},
{
"url": "https://git.kernel.org/stable/c/82c8e7bbdd06c7ed58e22450cc5b37f33a25bb2c"
},
{
"url": "https://git.kernel.org/stable/c/4f05a9e15edcdf5b97e0d86ab6ecd5f187289f6c"
},
{
"url": "https://git.kernel.org/stable/c/2965c4cdf7ad9ce0796fac5e57debb9519ea721e"
}
],
"title": "wifi: mac80211: fix use-after-free in chanctx code",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49416",
"datePublished": "2025-02-26T02:12:37.173Z",
"dateReserved": "2025-02-26T02:08:31.568Z",
"dateUpdated": "2025-05-04T08:37:12.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47647 (GCVE-0-2021-47647)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 07:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: ipq8074: fix PCI-E clock oops
Fix PCI-E clock related kernel oops that are caused by a missing clock
parent.
pcie0_rchng_clk_src has num_parents set to 2 but only one parent is
actually set via parent_hws, it should also have "XO" defined.
This will cause the kernel to panic on a NULL pointer in
clk_core_get_parent_by_index().
So, to fix this utilize clk_parent_data to provide gcc_xo_gpll0 parent
data.
Since there is already an existing static const char * const gcc_xo_gpll0[]
used to provide the same parents via parent_names convert those users to
clk_parent_data as well.
Without this earlycon is needed to even catch the OOPS as it will reset
the board before serial is initialized with the following:
[ 0.232279] Unable to handle kernel paging request at virtual address 0000a00000000000
[ 0.232322] Mem abort info:
[ 0.239094] ESR = 0x96000004
[ 0.241778] EC = 0x25: DABT (current EL), IL = 32 bits
[ 0.244908] SET = 0, FnV = 0
[ 0.250377] EA = 0, S1PTW = 0
[ 0.253236] FSC = 0x04: level 0 translation fault
[ 0.256277] Data abort info:
[ 0.261141] ISV = 0, ISS = 0x00000004
[ 0.264262] CM = 0, WnR = 0
[ 0.267820] [0000a00000000000] address between user and kernel address ranges
[ 0.270954] Internal error: Oops: 96000004 [#1] SMP
[ 0.278067] Modules linked in:
[ 0.282751] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.15.10 #0
[ 0.285882] Hardware name: Xiaomi AX3600 (DT)
[ 0.292043] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 0.296299] pc : clk_core_get_parent_by_index+0x68/0xec
[ 0.303067] lr : __clk_register+0x1d8/0x820
[ 0.308273] sp : ffffffc01111b7d0
[ 0.312438] x29: ffffffc01111b7d0 x28: 0000000000000000 x27: 0000000000000040
[ 0.315919] x26: 0000000000000002 x25: 0000000000000000 x24: ffffff8000308800
[ 0.323037] x23: ffffff8000308850 x22: ffffff8000308880 x21: ffffff8000308828
[ 0.330155] x20: 0000000000000028 x19: ffffff8000309700 x18: 0000000000000020
[ 0.337272] x17: 000000005cc86990 x16: 0000000000000004 x15: ffffff80001d9d0a
[ 0.344391] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000006
[ 0.351508] x11: 0000000000000003 x10: 0101010101010101 x9 : 0000000000000000
[ 0.358626] x8 : 7f7f7f7f7f7f7f7f x7 : 6468626f5e626266 x6 : 17000a3a403c1b06
[ 0.365744] x5 : 061b3c403a0a0017 x4 : 0000000000000000 x3 : 0000000000000001
[ 0.372863] x2 : 0000a00000000000 x1 : 0000000000000001 x0 : ffffff8000309700
[ 0.379982] Call trace:
[ 0.387091] clk_core_get_parent_by_index+0x68/0xec
[ 0.389351] __clk_register+0x1d8/0x820
[ 0.394210] devm_clk_hw_register+0x5c/0xe0
[ 0.398030] devm_clk_register_regmap+0x44/0x8c
[ 0.402198] qcom_cc_really_probe+0x17c/0x1d0
[ 0.406711] qcom_cc_probe+0x34/0x44
[ 0.411224] gcc_ipq8074_probe+0x18/0x30
[ 0.414869] platform_probe+0x68/0xe0
[ 0.418776] really_probe.part.0+0x9c/0x30c
[ 0.422336] __driver_probe_device+0x98/0x144
[ 0.426329] driver_probe_device+0x44/0x11c
[ 0.430842] __device_attach_driver+0xb4/0x120
[ 0.434836] bus_for_each_drv+0x68/0xb0
[ 0.439349] __device_attach+0xb0/0x170
[ 0.443081] device_initial_probe+0x14/0x20
[ 0.446901] bus_probe_device+0x9c/0xa4
[ 0.451067] device_add+0x35c/0x834
[ 0.454886] of_device_add+0x54/0x64
[ 0.458360] of_platform_device_create_pdata+0xc0/0x100
[ 0.462181] of_platform_bus_create+0x114/0x370
[ 0.467128] of_platform_bus_create+0x15c/0x370
[ 0.471641] of_platform_populate+0x50/0xcc
[ 0.476155] of_platform_default_populate_init+0xa8/0xc8
[ 0.480324] do_one_initcall+0x50/0x1b0
[ 0.485877] kernel_init_freeable+0x234/0x29c
[ 0.489436] kernel_init+0x24/0x120
[ 0.493948] ret_from_fork+0x10/0x20
[ 0.497253] Code: d50323bf d65f03c0 f94002a2 b4000302 (f9400042)
[ 0.501079] ---[ end trace 4ca7e1129da2abce ]---
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/qcom/gcc-ipq8074.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8b89c9e68a01a19a1dd689a42aa65d545e931899",
"status": "affected",
"version": "f0cfcf1ade201dcfd3365f231efc90e846fa46df",
"versionType": "git"
},
{
"lessThan": "41e360fa73a4c2f5b78f5ded78a5375b08c206a5",
"status": "affected",
"version": "f0cfcf1ade201dcfd3365f231efc90e846fa46df",
"versionType": "git"
},
{
"lessThan": "d02b3d4a8c525068bc5cfb4341e0023d8eb82ace",
"status": "affected",
"version": "f0cfcf1ade201dcfd3365f231efc90e846fa46df",
"versionType": "git"
},
{
"lessThan": "5a5576ad405c3c89fc9afb245c4dcc3e412b0aa9",
"status": "affected",
"version": "f0cfcf1ade201dcfd3365f231efc90e846fa46df",
"versionType": "git"
},
{
"lessThan": "bf8f5182b8f59309809b41c1d1730ed9ca6134b1",
"status": "affected",
"version": "f0cfcf1ade201dcfd3365f231efc90e846fa46df",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/qcom/gcc-ipq8074.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: ipq8074: fix PCI-E clock oops\n\nFix PCI-E clock related kernel oops that are caused by a missing clock\nparent.\n\npcie0_rchng_clk_src has num_parents set to 2 but only one parent is\nactually set via parent_hws, it should also have \"XO\" defined.\nThis will cause the kernel to panic on a NULL pointer in\nclk_core_get_parent_by_index().\n\nSo, to fix this utilize clk_parent_data to provide gcc_xo_gpll0 parent\ndata.\nSince there is already an existing static const char * const gcc_xo_gpll0[]\nused to provide the same parents via parent_names convert those users to\nclk_parent_data as well.\n\nWithout this earlycon is needed to even catch the OOPS as it will reset\nthe board before serial is initialized with the following:\n\n[ 0.232279] Unable to handle kernel paging request at virtual address 0000a00000000000\n[ 0.232322] Mem abort info:\n[ 0.239094] ESR = 0x96000004\n[ 0.241778] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 0.244908] SET = 0, FnV = 0\n[ 0.250377] EA = 0, S1PTW = 0\n[ 0.253236] FSC = 0x04: level 0 translation fault\n[ 0.256277] Data abort info:\n[ 0.261141] ISV = 0, ISS = 0x00000004\n[ 0.264262] CM = 0, WnR = 0\n[ 0.267820] [0000a00000000000] address between user and kernel address ranges\n[ 0.270954] Internal error: Oops: 96000004 [#1] SMP\n[ 0.278067] Modules linked in:\n[ 0.282751] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.15.10 #0\n[ 0.285882] Hardware name: Xiaomi AX3600 (DT)\n[ 0.292043] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 0.296299] pc : clk_core_get_parent_by_index+0x68/0xec\n[ 0.303067] lr : __clk_register+0x1d8/0x820\n[ 0.308273] sp : ffffffc01111b7d0\n[ 0.312438] x29: ffffffc01111b7d0 x28: 0000000000000000 x27: 0000000000000040\n[ 0.315919] x26: 0000000000000002 x25: 0000000000000000 x24: ffffff8000308800\n[ 0.323037] x23: ffffff8000308850 x22: ffffff8000308880 x21: ffffff8000308828\n[ 0.330155] x20: 0000000000000028 x19: ffffff8000309700 x18: 0000000000000020\n[ 0.337272] x17: 000000005cc86990 x16: 0000000000000004 x15: ffffff80001d9d0a\n[ 0.344391] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000006\n[ 0.351508] x11: 0000000000000003 x10: 0101010101010101 x9 : 0000000000000000\n[ 0.358626] x8 : 7f7f7f7f7f7f7f7f x7 : 6468626f5e626266 x6 : 17000a3a403c1b06\n[ 0.365744] x5 : 061b3c403a0a0017 x4 : 0000000000000000 x3 : 0000000000000001\n[ 0.372863] x2 : 0000a00000000000 x1 : 0000000000000001 x0 : ffffff8000309700\n[ 0.379982] Call trace:\n[ 0.387091] clk_core_get_parent_by_index+0x68/0xec\n[ 0.389351] __clk_register+0x1d8/0x820\n[ 0.394210] devm_clk_hw_register+0x5c/0xe0\n[ 0.398030] devm_clk_register_regmap+0x44/0x8c\n[ 0.402198] qcom_cc_really_probe+0x17c/0x1d0\n[ 0.406711] qcom_cc_probe+0x34/0x44\n[ 0.411224] gcc_ipq8074_probe+0x18/0x30\n[ 0.414869] platform_probe+0x68/0xe0\n[ 0.418776] really_probe.part.0+0x9c/0x30c\n[ 0.422336] __driver_probe_device+0x98/0x144\n[ 0.426329] driver_probe_device+0x44/0x11c\n[ 0.430842] __device_attach_driver+0xb4/0x120\n[ 0.434836] bus_for_each_drv+0x68/0xb0\n[ 0.439349] __device_attach+0xb0/0x170\n[ 0.443081] device_initial_probe+0x14/0x20\n[ 0.446901] bus_probe_device+0x9c/0xa4\n[ 0.451067] device_add+0x35c/0x834\n[ 0.454886] of_device_add+0x54/0x64\n[ 0.458360] of_platform_device_create_pdata+0xc0/0x100\n[ 0.462181] of_platform_bus_create+0x114/0x370\n[ 0.467128] of_platform_bus_create+0x15c/0x370\n[ 0.471641] of_platform_populate+0x50/0xcc\n[ 0.476155] of_platform_default_populate_init+0xa8/0xc8\n[ 0.480324] do_one_initcall+0x50/0x1b0\n[ 0.485877] kernel_init_freeable+0x234/0x29c\n[ 0.489436] kernel_init+0x24/0x120\n[ 0.493948] ret_from_fork+0x10/0x20\n[ 0.497253] Code: d50323bf d65f03c0 f94002a2 b4000302 (f9400042)\n[ 0.501079] ---[ end trace 4ca7e1129da2abce ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:28.292Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8b89c9e68a01a19a1dd689a42aa65d545e931899"
},
{
"url": "https://git.kernel.org/stable/c/41e360fa73a4c2f5b78f5ded78a5375b08c206a5"
},
{
"url": "https://git.kernel.org/stable/c/d02b3d4a8c525068bc5cfb4341e0023d8eb82ace"
},
{
"url": "https://git.kernel.org/stable/c/5a5576ad405c3c89fc9afb245c4dcc3e412b0aa9"
},
{
"url": "https://git.kernel.org/stable/c/bf8f5182b8f59309809b41c1d1730ed9ca6134b1"
}
],
"title": "clk: qcom: ipq8074: fix PCI-E clock oops",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47647",
"datePublished": "2025-02-26T01:54:15.635Z",
"dateReserved": "2025-02-26T01:48:21.520Z",
"dateUpdated": "2025-05-04T07:15:28.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49444 (GCVE-0-2022-49444)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
module: fix [e_shstrndx].sh_size=0 OOB access
It is trivial to craft a module to trigger OOB access in this line:
if (info->secstrings[strhdr->sh_size - 1] != '\0') {
BUG: unable to handle page fault for address: ffffc90000aa0fff
PGD 100000067 P4D 100000067 PUD 100066067 PMD 10436f067 PTE 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 7 PID: 1215 Comm: insmod Not tainted 5.18.0-rc5-00007-g9bf578647087-dirty #10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014
RIP: 0010:load_module+0x19b/0x2391
[rebased patch onto modules-next]
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ec2a29593c83ed71a7f16e3243941ebfcf75fdf6 Version: ec2a29593c83ed71a7f16e3243941ebfcf75fdf6 Version: ec2a29593c83ed71a7f16e3243941ebfcf75fdf6 Version: ec2a29593c83ed71a7f16e3243941ebfcf75fdf6 Version: 05d891e76dde3e430c707dae7d85139794eeadbd Version: d802672c7f00963613f289579073ac519f0d306c Version: 214aa69cac91a723239118bbbfe77d5654ddff6b |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/module/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "09cb6663618a74fe5572a4931ecbf098832e79ec",
"status": "affected",
"version": "ec2a29593c83ed71a7f16e3243941ebfcf75fdf6",
"versionType": "git"
},
{
"lessThan": "921630e2e5124a04158129a8f22f4b425e61a858",
"status": "affected",
"version": "ec2a29593c83ed71a7f16e3243941ebfcf75fdf6",
"versionType": "git"
},
{
"lessThan": "45a76414b6d8b8b39c23fea53b9d20e831ae72a0",
"status": "affected",
"version": "ec2a29593c83ed71a7f16e3243941ebfcf75fdf6",
"versionType": "git"
},
{
"lessThan": "391e982bfa632b8315235d8be9c0a81374c6a19c",
"status": "affected",
"version": "ec2a29593c83ed71a7f16e3243941ebfcf75fdf6",
"versionType": "git"
},
{
"status": "affected",
"version": "05d891e76dde3e430c707dae7d85139794eeadbd",
"versionType": "git"
},
{
"status": "affected",
"version": "d802672c7f00963613f289579073ac519f0d306c",
"versionType": "git"
},
{
"status": "affected",
"version": "214aa69cac91a723239118bbbfe77d5654ddff6b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/module/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmodule: fix [e_shstrndx].sh_size=0 OOB access\n\nIt is trivial to craft a module to trigger OOB access in this line:\n\n\tif (info-\u003esecstrings[strhdr-\u003esh_size - 1] != \u0027\\0\u0027) {\n\nBUG: unable to handle page fault for address: ffffc90000aa0fff\nPGD 100000067 P4D 100000067 PUD 100066067 PMD 10436f067 PTE 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 7 PID: 1215 Comm: insmod Not tainted 5.18.0-rc5-00007-g9bf578647087-dirty #10\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014\nRIP: 0010:load_module+0x19b/0x2391\n\n[rebased patch onto modules-next]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:49.062Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/09cb6663618a74fe5572a4931ecbf098832e79ec"
},
{
"url": "https://git.kernel.org/stable/c/921630e2e5124a04158129a8f22f4b425e61a858"
},
{
"url": "https://git.kernel.org/stable/c/45a76414b6d8b8b39c23fea53b9d20e831ae72a0"
},
{
"url": "https://git.kernel.org/stable/c/391e982bfa632b8315235d8be9c0a81374c6a19c"
}
],
"title": "module: fix [e_shstrndx].sh_size=0 OOB access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49444",
"datePublished": "2025-02-26T02:12:56.606Z",
"dateReserved": "2025-02-26T02:08:31.571Z",
"dateUpdated": "2025-05-04T12:44:49.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49392 (GCVE-0-2022-49392)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe
platform_get_resource() may fail and return NULL, so we should
better check it's return value to avoid a NULL pointer dereference.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49392",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:31.347786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:50.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/8250/8250_aspeed_vuart.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "923d34ce069e8e51a4d003caa6b66a8cd6ecd0ed",
"status": "affected",
"version": "54da3e381c2b55289b220601f403f17df7b20597",
"versionType": "git"
},
{
"lessThan": "90a6b6fc52bfdcfe9698454bf5bea26112abbcd1",
"status": "affected",
"version": "54da3e381c2b55289b220601f403f17df7b20597",
"versionType": "git"
},
{
"lessThan": "d5f1275f101e0e8a172d300d897f5a12e87e3485",
"status": "affected",
"version": "54da3e381c2b55289b220601f403f17df7b20597",
"versionType": "git"
},
{
"lessThan": "0e0fd55719fa081de6f9e5d9e6cef48efb04d34a",
"status": "affected",
"version": "54da3e381c2b55289b220601f403f17df7b20597",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/8250/8250_aspeed_vuart.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe\n\nplatform_get_resource() may fail and return NULL, so we should\nbetter check it\u0027s return value to avoid a NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:42.055Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/923d34ce069e8e51a4d003caa6b66a8cd6ecd0ed"
},
{
"url": "https://git.kernel.org/stable/c/90a6b6fc52bfdcfe9698454bf5bea26112abbcd1"
},
{
"url": "https://git.kernel.org/stable/c/d5f1275f101e0e8a172d300d897f5a12e87e3485"
},
{
"url": "https://git.kernel.org/stable/c/0e0fd55719fa081de6f9e5d9e6cef48efb04d34a"
}
],
"title": "serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49392",
"datePublished": "2025-02-26T02:11:24.258Z",
"dateReserved": "2025-02-26T02:08:31.562Z",
"dateUpdated": "2025-10-01T19:46:50.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49676 (GCVE-0-2022-49676)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
This function doesn't call of_node_put() in some error paths.
To unify the structure, Add put_node label and goto it on errors.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:15.517428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:47.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/memory/samsung/exynos5422-dmc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "889aad2203e09eed2071ca8985c25e9d6aea5735",
"status": "affected",
"version": "6e7674c3c6df565ab47d02b4f2e608e3477cdf86",
"versionType": "git"
},
{
"lessThan": "cde4480b5ab06195b9164184b0c02ced71e601b4",
"status": "affected",
"version": "6e7674c3c6df565ab47d02b4f2e608e3477cdf86",
"versionType": "git"
},
{
"lessThan": "bb2a481778c60f912c363e271ae46b55ff8132db",
"status": "affected",
"version": "6e7674c3c6df565ab47d02b4f2e608e3477cdf86",
"versionType": "git"
},
{
"lessThan": "1332661e09304b7b8e84e5edc11811ba08d12abe",
"status": "affected",
"version": "6e7674c3c6df565ab47d02b4f2e608e3477cdf86",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/memory/samsung/exynos5422-dmc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nThis function doesn\u0027t call of_node_put() in some error paths.\nTo unify the structure, Add put_node label and goto it on errors."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:06.325Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/889aad2203e09eed2071ca8985c25e9d6aea5735"
},
{
"url": "https://git.kernel.org/stable/c/cde4480b5ab06195b9164184b0c02ced71e601b4"
},
{
"url": "https://git.kernel.org/stable/c/bb2a481778c60f912c363e271ae46b55ff8132db"
},
{
"url": "https://git.kernel.org/stable/c/1332661e09304b7b8e84e5edc11811ba08d12abe"
}
],
"title": "memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49676",
"datePublished": "2025-02-26T02:24:07.905Z",
"dateReserved": "2025-02-26T02:21:30.438Z",
"dateUpdated": "2025-10-01T19:36:47.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49096 (GCVE-0-2022-49096)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: sfc: add missing xdp queue reinitialization
After rx/tx ring buffer size is changed, kernel panic occurs when
it acts XDP_TX or XDP_REDIRECT.
When tx/rx ring buffer size is changed(ethtool -G), sfc driver
reallocates and reinitializes rx and tx queues and their buffer
(tx_queue->buffer).
But it misses reinitializing xdp queues(efx->xdp_tx_queues).
So, while it is acting XDP_TX or XDP_REDIRECT, it uses the uninitialized
tx_queue->buffer.
A new function efx_set_xdp_channels() is separated from efx_set_channels()
to handle only xdp queues.
Splat looks like:
BUG: kernel NULL pointer dereference, address: 000000000000002a
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 0 P4D 0
Oops: 0002 [#4] PREEMPT SMP NOPTI
RIP: 0010:efx_tx_map_chunk+0x54/0x90 [sfc]
CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D 5.17.0+ #55 e8beeee8289528f11357029357cf
Code: 48 8b 8d a8 01 00 00 48 8d 14 52 4c 8d 2c d0 44 89 e0 48 85 c9 74 0e 44 89 e2 4c 89 f6 48 80
RSP: 0018:ffff92f121e45c60 EFLAGS: 00010297
RIP: 0010:efx_tx_map_chunk+0x54/0x90 [sfc]
RAX: 0000000000000040 RBX: ffff92ea506895c0 RCX: ffffffffc0330870
RDX: 0000000000000001 RSI: 00000001139b10ce RDI: ffff92ea506895c0
RBP: ffffffffc0358a80 R08: 00000001139b110d R09: 0000000000000000
R10: 0000000000000001 R11: ffff92ea414c0088 R12: 0000000000000040
R13: 0000000000000018 R14: 00000001139b10ce R15: ffff92ea506895c0
FS: 0000000000000000(0000) GS:ffff92f121ec0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Code: 48 8b 8d a8 01 00 00 48 8d 14 52 4c 8d 2c d0 44 89 e0 48 85 c9 74 0e 44 89 e2 4c 89 f6 48 80
CR2: 000000000000002a CR3: 00000003e6810004 CR4: 00000000007706e0
RSP: 0018:ffff92f121e85c60 EFLAGS: 00010297
PKRU: 55555554
RAX: 0000000000000040 RBX: ffff92ea50689700 RCX: ffffffffc0330870
RDX: 0000000000000001 RSI: 00000001145a90ce RDI: ffff92ea50689700
RBP: ffffffffc0358a80 R08: 00000001145a910d R09: 0000000000000000
R10: 0000000000000001 R11: ffff92ea414c0088 R12: 0000000000000040
R13: 0000000000000018 R14: 00000001145a90ce R15: ffff92ea50689700
FS: 0000000000000000(0000) GS:ffff92f121e80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000002a CR3: 00000003e6810005 CR4: 00000000007706e0
PKRU: 55555554
Call Trace:
<IRQ>
efx_xdp_tx_buffers+0x12b/0x3d0 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]
__efx_rx_packet+0x5c3/0x930 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]
efx_rx_packet+0x28c/0x2e0 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]
efx_ef10_ev_process+0x5f8/0xf40 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]
? enqueue_task_fair+0x95/0x550
efx_poll+0xc4/0x360 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:49:29.340028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:05.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/sfc/efx_channels.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ed7a824fda8732578d1014fad1f7fb0363705090",
"status": "affected",
"version": "3990a8fffbdad5765f47ea593f9de66c91762059",
"versionType": "git"
},
{
"lessThan": "b8c46bc358d84701e7f7ffa054037db25f25da0e",
"status": "affected",
"version": "3990a8fffbdad5765f47ea593f9de66c91762059",
"versionType": "git"
},
{
"lessThan": "dcc85e1593686e42c6749ef3d356db34759d59e8",
"status": "affected",
"version": "3990a8fffbdad5765f47ea593f9de66c91762059",
"versionType": "git"
},
{
"lessThan": "059a47f1da93811d37533556d67e72f2261b1127",
"status": "affected",
"version": "3990a8fffbdad5765f47ea593f9de66c91762059",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/sfc/efx_channels.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sfc: add missing xdp queue reinitialization\n\nAfter rx/tx ring buffer size is changed, kernel panic occurs when\nit acts XDP_TX or XDP_REDIRECT.\n\nWhen tx/rx ring buffer size is changed(ethtool -G), sfc driver\nreallocates and reinitializes rx and tx queues and their buffer\n(tx_queue-\u003ebuffer).\nBut it misses reinitializing xdp queues(efx-\u003exdp_tx_queues).\nSo, while it is acting XDP_TX or XDP_REDIRECT, it uses the uninitialized\ntx_queue-\u003ebuffer.\n\nA new function efx_set_xdp_channels() is separated from efx_set_channels()\nto handle only xdp queues.\n\nSplat looks like:\n BUG: kernel NULL pointer dereference, address: 000000000000002a\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#4] PREEMPT SMP NOPTI\n RIP: 0010:efx_tx_map_chunk+0x54/0x90 [sfc]\n CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D 5.17.0+ #55 e8beeee8289528f11357029357cf\n Code: 48 8b 8d a8 01 00 00 48 8d 14 52 4c 8d 2c d0 44 89 e0 48 85 c9 74 0e 44 89 e2 4c 89 f6 48 80\n RSP: 0018:ffff92f121e45c60 EFLAGS: 00010297\n RIP: 0010:efx_tx_map_chunk+0x54/0x90 [sfc]\n RAX: 0000000000000040 RBX: ffff92ea506895c0 RCX: ffffffffc0330870\n RDX: 0000000000000001 RSI: 00000001139b10ce RDI: ffff92ea506895c0\n RBP: ffffffffc0358a80 R08: 00000001139b110d R09: 0000000000000000\n R10: 0000000000000001 R11: ffff92ea414c0088 R12: 0000000000000040\n R13: 0000000000000018 R14: 00000001139b10ce R15: ffff92ea506895c0\n FS: 0000000000000000(0000) GS:ffff92f121ec0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n Code: 48 8b 8d a8 01 00 00 48 8d 14 52 4c 8d 2c d0 44 89 e0 48 85 c9 74 0e 44 89 e2 4c 89 f6 48 80\n CR2: 000000000000002a CR3: 00000003e6810004 CR4: 00000000007706e0\n RSP: 0018:ffff92f121e85c60 EFLAGS: 00010297\n PKRU: 55555554\n RAX: 0000000000000040 RBX: ffff92ea50689700 RCX: ffffffffc0330870\n RDX: 0000000000000001 RSI: 00000001145a90ce RDI: ffff92ea50689700\n RBP: ffffffffc0358a80 R08: 00000001145a910d R09: 0000000000000000\n R10: 0000000000000001 R11: ffff92ea414c0088 R12: 0000000000000040\n R13: 0000000000000018 R14: 00000001145a90ce R15: ffff92ea50689700\n FS: 0000000000000000(0000) GS:ffff92f121e80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000000002a CR3: 00000003e6810005 CR4: 00000000007706e0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n efx_xdp_tx_buffers+0x12b/0x3d0 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]\n __efx_rx_packet+0x5c3/0x930 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]\n efx_rx_packet+0x28c/0x2e0 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]\n efx_ef10_ev_process+0x5f8/0xf40 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]\n ? enqueue_task_fair+0x95/0x550\n efx_poll+0xc4/0x360 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:48.329Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ed7a824fda8732578d1014fad1f7fb0363705090"
},
{
"url": "https://git.kernel.org/stable/c/b8c46bc358d84701e7f7ffa054037db25f25da0e"
},
{
"url": "https://git.kernel.org/stable/c/dcc85e1593686e42c6749ef3d356db34759d59e8"
},
{
"url": "https://git.kernel.org/stable/c/059a47f1da93811d37533556d67e72f2261b1127"
}
],
"title": "net: sfc: add missing xdp queue reinitialization",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49096",
"datePublished": "2025-02-26T01:54:49.108Z",
"dateReserved": "2025-02-26T01:49:39.249Z",
"dateUpdated": "2025-10-01T19:57:05.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49244 (GCVE-0-2022-49244)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
This function only calls of_node_put() in the regular path.
And it will cause refcount leak in error paths.
Fix this by calling of_node_put() in error handling too.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "87e04a89c31e792eef62bcba6ebb77fd323d28a1",
"status": "affected",
"version": "286c6f7b28fab19d649c2e1f3bc18fdecdbadfe5",
"versionType": "git"
},
{
"lessThan": "d5a38629f1aaf397fd471b27e49d55289ddc0656",
"status": "affected",
"version": "d1be8577f0b2f679095d237aaf281dca344f06c4",
"versionType": "git"
},
{
"lessThan": "1765787ec02e824f4f5e672cf269280a5da09d2f",
"status": "affected",
"version": "4e28491a7a198c668437f2be8a91a76aa52f20eb",
"versionType": "git"
},
{
"lessThan": "e45ac7831ff3e2934d58cce319c17c8ec763c95c",
"status": "affected",
"version": "4e28491a7a198c668437f2be8a91a76aa52f20eb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error paths.\nFix this by calling of_node_put() in error handling too."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:14.176Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/87e04a89c31e792eef62bcba6ebb77fd323d28a1"
},
{
"url": "https://git.kernel.org/stable/c/d5a38629f1aaf397fd471b27e49d55289ddc0656"
},
{
"url": "https://git.kernel.org/stable/c/1765787ec02e824f4f5e672cf269280a5da09d2f"
},
{
"url": "https://git.kernel.org/stable/c/e45ac7831ff3e2934d58cce319c17c8ec763c95c"
}
],
"title": "ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49244",
"datePublished": "2025-02-26T01:56:04.783Z",
"dateReserved": "2025-02-26T01:49:39.294Z",
"dateUpdated": "2025-05-04T08:33:14.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49541 (GCVE-0-2022-49541)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix potential double free during failed mount
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:37:38.834933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:40.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/cifs/cifsfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ce0008a0e410cdd95f0d8cd81b2902ec10a660c4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9a167fc440e5693c1cdd7f07071e05658bd9d89d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ee71f8f1cd3c8c4a251fd3e8abc89215ae3457cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8378a51e3f8140f60901fb27208cc7a6e47047b5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/cifs/cifsfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential double free during failed mount\n\nRHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:09.020Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ce0008a0e410cdd95f0d8cd81b2902ec10a660c4"
},
{
"url": "https://git.kernel.org/stable/c/9a167fc440e5693c1cdd7f07071e05658bd9d89d"
},
{
"url": "https://git.kernel.org/stable/c/ee71f8f1cd3c8c4a251fd3e8abc89215ae3457cb"
},
{
"url": "https://git.kernel.org/stable/c/8378a51e3f8140f60901fb27208cc7a6e47047b5"
}
],
"title": "cifs: fix potential double free during failed mount",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49541",
"datePublished": "2025-02-26T02:13:56.496Z",
"dateReserved": "2025-02-26T02:08:31.589Z",
"dateUpdated": "2025-10-01T19:46:40.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49592 (GCVE-0-2022-49592)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: fix dma queue left shift overflow issue
When queue number is > 4, left shift overflows due to 32 bits
integer variable. Mask calculation is wrong for MTL_RXQ_DMA_MAP1.
If CONFIG_UBSAN is enabled, kernel dumps below warning:
[ 10.363842] ==================================================================
[ 10.363882] UBSAN: shift-out-of-bounds in /build/linux-intel-iotg-5.15-8e6Tf4/
linux-intel-iotg-5.15-5.15.0/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c:224:12
[ 10.363929] shift exponent 40 is too large for 32-bit type 'unsigned int'
[ 10.363953] CPU: 1 PID: 599 Comm: NetworkManager Not tainted 5.15.0-1003-intel-iotg
[ 10.363956] Hardware name: ADLINK Technology Inc. LEC-EL/LEC-EL, BIOS 0.15.11 12/22/2021
[ 10.363958] Call Trace:
[ 10.363960] <TASK>
[ 10.363963] dump_stack_lvl+0x4a/0x5f
[ 10.363971] dump_stack+0x10/0x12
[ 10.363974] ubsan_epilogue+0x9/0x45
[ 10.363976] __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e
[ 10.363979] ? wake_up_klogd+0x4a/0x50
[ 10.363983] ? vprintk_emit+0x8f/0x240
[ 10.363986] dwmac4_map_mtl_dma.cold+0x42/0x91 [stmmac]
[ 10.364001] stmmac_mtl_configuration+0x1ce/0x7a0 [stmmac]
[ 10.364009] ? dwmac410_dma_init_channel+0x70/0x70 [stmmac]
[ 10.364020] stmmac_hw_setup.cold+0xf/0xb14 [stmmac]
[ 10.364030] ? page_pool_alloc_pages+0x4d/0x70
[ 10.364034] ? stmmac_clear_tx_descriptors+0x6e/0xe0 [stmmac]
[ 10.364042] stmmac_open+0x39e/0x920 [stmmac]
[ 10.364050] __dev_open+0xf0/0x1a0
[ 10.364054] __dev_change_flags+0x188/0x1f0
[ 10.364057] dev_change_flags+0x26/0x60
[ 10.364059] do_setlink+0x908/0xc40
[ 10.364062] ? do_setlink+0xb10/0xc40
[ 10.364064] ? __nla_validate_parse+0x4c/0x1a0
[ 10.364068] __rtnl_newlink+0x597/0xa10
[ 10.364072] ? __nla_reserve+0x41/0x50
[ 10.364074] ? __kmalloc_node_track_caller+0x1d0/0x4d0
[ 10.364079] ? pskb_expand_head+0x75/0x310
[ 10.364082] ? nla_reserve_64bit+0x21/0x40
[ 10.364086] ? skb_free_head+0x65/0x80
[ 10.364089] ? security_sock_rcv_skb+0x2c/0x50
[ 10.364094] ? __cond_resched+0x19/0x30
[ 10.364097] ? kmem_cache_alloc_trace+0x15a/0x420
[ 10.364100] rtnl_newlink+0x49/0x70
This change fixes MTL_RXQ_DMA_MAP1 mask issue and channel/queue
mapping warning.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216195
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d43042f4da3e1c2e4ccac3b1d9153cb0798533a4 Version: d43042f4da3e1c2e4ccac3b1d9153cb0798533a4 Version: d43042f4da3e1c2e4ccac3b1d9153cb0798533a4 Version: d43042f4da3e1c2e4ccac3b1d9153cb0798533a4 Version: d43042f4da3e1c2e4ccac3b1d9153cb0798533a4 Version: d43042f4da3e1c2e4ccac3b1d9153cb0798533a4 Version: d43042f4da3e1c2e4ccac3b1d9153cb0798533a4 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ad2febdfbd01e1d092a08bfdba92ede79ea05ff3",
"status": "affected",
"version": "d43042f4da3e1c2e4ccac3b1d9153cb0798533a4",
"versionType": "git"
},
{
"lessThan": "508d86ead36cbd8dfb60773a33276790d668c473",
"status": "affected",
"version": "d43042f4da3e1c2e4ccac3b1d9153cb0798533a4",
"versionType": "git"
},
{
"lessThan": "573768dede0e2b7de38ecbc11cb3ee47643902dc",
"status": "affected",
"version": "d43042f4da3e1c2e4ccac3b1d9153cb0798533a4",
"versionType": "git"
},
{
"lessThan": "a3ac79f38d354b10925824899cdbd2caadce55ba",
"status": "affected",
"version": "d43042f4da3e1c2e4ccac3b1d9153cb0798533a4",
"versionType": "git"
},
{
"lessThan": "7c687a893f5cae5ca40d189635602e93af9bab73",
"status": "affected",
"version": "d43042f4da3e1c2e4ccac3b1d9153cb0798533a4",
"versionType": "git"
},
{
"lessThan": "e846bde09677fa3b203057846620b7ed96540f5f",
"status": "affected",
"version": "d43042f4da3e1c2e4ccac3b1d9153cb0798533a4",
"versionType": "git"
},
{
"lessThan": "613b065ca32e90209024ec4a6bb5ca887ee70980",
"status": "affected",
"version": "d43042f4da3e1c2e4ccac3b1d9153cb0798533a4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.290",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.254",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.208",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.290",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.254",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.208",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.134",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix dma queue left shift overflow issue\n\nWhen queue number is \u003e 4, left shift overflows due to 32 bits\ninteger variable. Mask calculation is wrong for MTL_RXQ_DMA_MAP1.\n\nIf CONFIG_UBSAN is enabled, kernel dumps below warning:\n[ 10.363842] ==================================================================\n[ 10.363882] UBSAN: shift-out-of-bounds in /build/linux-intel-iotg-5.15-8e6Tf4/\nlinux-intel-iotg-5.15-5.15.0/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c:224:12\n[ 10.363929] shift exponent 40 is too large for 32-bit type \u0027unsigned int\u0027\n[ 10.363953] CPU: 1 PID: 599 Comm: NetworkManager Not tainted 5.15.0-1003-intel-iotg\n[ 10.363956] Hardware name: ADLINK Technology Inc. LEC-EL/LEC-EL, BIOS 0.15.11 12/22/2021\n[ 10.363958] Call Trace:\n[ 10.363960] \u003cTASK\u003e\n[ 10.363963] dump_stack_lvl+0x4a/0x5f\n[ 10.363971] dump_stack+0x10/0x12\n[ 10.363974] ubsan_epilogue+0x9/0x45\n[ 10.363976] __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e\n[ 10.363979] ? wake_up_klogd+0x4a/0x50\n[ 10.363983] ? vprintk_emit+0x8f/0x240\n[ 10.363986] dwmac4_map_mtl_dma.cold+0x42/0x91 [stmmac]\n[ 10.364001] stmmac_mtl_configuration+0x1ce/0x7a0 [stmmac]\n[ 10.364009] ? dwmac410_dma_init_channel+0x70/0x70 [stmmac]\n[ 10.364020] stmmac_hw_setup.cold+0xf/0xb14 [stmmac]\n[ 10.364030] ? page_pool_alloc_pages+0x4d/0x70\n[ 10.364034] ? stmmac_clear_tx_descriptors+0x6e/0xe0 [stmmac]\n[ 10.364042] stmmac_open+0x39e/0x920 [stmmac]\n[ 10.364050] __dev_open+0xf0/0x1a0\n[ 10.364054] __dev_change_flags+0x188/0x1f0\n[ 10.364057] dev_change_flags+0x26/0x60\n[ 10.364059] do_setlink+0x908/0xc40\n[ 10.364062] ? do_setlink+0xb10/0xc40\n[ 10.364064] ? __nla_validate_parse+0x4c/0x1a0\n[ 10.364068] __rtnl_newlink+0x597/0xa10\n[ 10.364072] ? __nla_reserve+0x41/0x50\n[ 10.364074] ? __kmalloc_node_track_caller+0x1d0/0x4d0\n[ 10.364079] ? pskb_expand_head+0x75/0x310\n[ 10.364082] ? nla_reserve_64bit+0x21/0x40\n[ 10.364086] ? skb_free_head+0x65/0x80\n[ 10.364089] ? security_sock_rcv_skb+0x2c/0x50\n[ 10.364094] ? __cond_resched+0x19/0x30\n[ 10.364097] ? kmem_cache_alloc_trace+0x15a/0x420\n[ 10.364100] rtnl_newlink+0x49/0x70\n\nThis change fixes MTL_RXQ_DMA_MAP1 mask issue and channel/queue\nmapping warning.\n\nBugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216195"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:21.229Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad2febdfbd01e1d092a08bfdba92ede79ea05ff3"
},
{
"url": "https://git.kernel.org/stable/c/508d86ead36cbd8dfb60773a33276790d668c473"
},
{
"url": "https://git.kernel.org/stable/c/573768dede0e2b7de38ecbc11cb3ee47643902dc"
},
{
"url": "https://git.kernel.org/stable/c/a3ac79f38d354b10925824899cdbd2caadce55ba"
},
{
"url": "https://git.kernel.org/stable/c/7c687a893f5cae5ca40d189635602e93af9bab73"
},
{
"url": "https://git.kernel.org/stable/c/e846bde09677fa3b203057846620b7ed96540f5f"
},
{
"url": "https://git.kernel.org/stable/c/613b065ca32e90209024ec4a6bb5ca887ee70980"
}
],
"title": "net: stmmac: fix dma queue left shift overflow issue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49592",
"datePublished": "2025-02-26T02:23:24.552Z",
"dateReserved": "2025-02-26T02:21:30.413Z",
"dateUpdated": "2025-05-04T08:41:21.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49647 (GCVE-0-2022-49647)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cgroup: Use separate src/dst nodes when preloading css_sets for migration
Each cset (css_set) is pinned by its tasks. When we're moving tasks around
across csets for a migration, we need to hold the source and destination
csets to ensure that they don't go away while we're moving tasks about. This
is done by linking cset->mg_preload_node on either the
mgctx->preloaded_src_csets or mgctx->preloaded_dst_csets list. Using the
same cset->mg_preload_node for both the src and dst lists was deemed okay as
a cset can't be both the source and destination at the same time.
Unfortunately, this overloading becomes problematic when multiple tasks are
involved in a migration and some of them are identity noop migrations while
others are actually moving across cgroups. For example, this can happen with
the following sequence on cgroup1:
#1> mkdir -p /sys/fs/cgroup/misc/a/b
#2> echo $$ > /sys/fs/cgroup/misc/a/cgroup.procs
#3> RUN_A_COMMAND_WHICH_CREATES_MULTIPLE_THREADS &
#4> PID=$!
#5> echo $PID > /sys/fs/cgroup/misc/a/b/tasks
#6> echo $PID > /sys/fs/cgroup/misc/a/cgroup.procs
the process including the group leader back into a. In this final migration,
non-leader threads would be doing identity migration while the group leader
is doing an actual one.
After #3, let's say the whole process was in cset A, and that after #4, the
leader moves to cset B. Then, during #6, the following happens:
1. cgroup_migrate_add_src() is called on B for the leader.
2. cgroup_migrate_add_src() is called on A for the other threads.
3. cgroup_migrate_prepare_dst() is called. It scans the src list.
4. It notices that B wants to migrate to A, so it tries to A to the dst
list but realizes that its ->mg_preload_node is already busy.
5. and then it notices A wants to migrate to A as it's an identity
migration, it culls it by list_del_init()'ing its ->mg_preload_node and
putting references accordingly.
6. The rest of migration takes place with B on the src list but nothing on
the dst list.
This means that A isn't held while migration is in progress. If all tasks
leave A before the migration finishes and the incoming task pins it, the
cset will be destroyed leading to use-after-free.
This is caused by overloading cset->mg_preload_node for both src and dst
preload lists. We wanted to exclude the cset from the src list but ended up
inadvertently excluding it from the dst list too.
This patch fixes the issue by separating out cset->mg_preload_node into
->mg_src_preload_node and ->mg_dst_preload_node, so that the src and dst
preloadings don't interfere with each other.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f817de98513d060023be4fa1d061b29a6515273e Version: f817de98513d060023be4fa1d061b29a6515273e Version: f817de98513d060023be4fa1d061b29a6515273e Version: f817de98513d060023be4fa1d061b29a6515273e Version: f817de98513d060023be4fa1d061b29a6515273e Version: f817de98513d060023be4fa1d061b29a6515273e Version: f817de98513d060023be4fa1d061b29a6515273e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:15:22.179725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:31.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/cgroup-defs.h",
"kernel/cgroup/cgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "05f7658210d1d331e8dd4cb6e7bbbe3df5f5ac27",
"status": "affected",
"version": "f817de98513d060023be4fa1d061b29a6515273e",
"versionType": "git"
},
{
"lessThan": "cec2bbdcc14fbaa6b95ee15a7c423b05d97038be",
"status": "affected",
"version": "f817de98513d060023be4fa1d061b29a6515273e",
"versionType": "git"
},
{
"lessThan": "ad44e05f3e016bdcb1ad25af35ade5b5f41ccd68",
"status": "affected",
"version": "f817de98513d060023be4fa1d061b29a6515273e",
"versionType": "git"
},
{
"lessThan": "7657e3958535d101a24ab4400f9b8062b9107cc4",
"status": "affected",
"version": "f817de98513d060023be4fa1d061b29a6515273e",
"versionType": "git"
},
{
"lessThan": "54aee4e5ce8c21555286a6333e46c1713880cf93",
"status": "affected",
"version": "f817de98513d060023be4fa1d061b29a6515273e",
"versionType": "git"
},
{
"lessThan": "0e41774b564befa6d271e8d5086bf870d617a4e6",
"status": "affected",
"version": "f817de98513d060023be4fa1d061b29a6515273e",
"versionType": "git"
},
{
"lessThan": "07fd5b6cdf3cc30bfde8fe0f644771688be04447",
"status": "affected",
"version": "f817de98513d060023be4fa1d061b29a6515273e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/cgroup-defs.h",
"kernel/cgroup/cgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.289",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.289",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.253",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Use separate src/dst nodes when preloading css_sets for migration\n\nEach cset (css_set) is pinned by its tasks. When we\u0027re moving tasks around\nacross csets for a migration, we need to hold the source and destination\ncsets to ensure that they don\u0027t go away while we\u0027re moving tasks about. This\nis done by linking cset-\u003emg_preload_node on either the\nmgctx-\u003epreloaded_src_csets or mgctx-\u003epreloaded_dst_csets list. Using the\nsame cset-\u003emg_preload_node for both the src and dst lists was deemed okay as\na cset can\u0027t be both the source and destination at the same time.\n\nUnfortunately, this overloading becomes problematic when multiple tasks are\ninvolved in a migration and some of them are identity noop migrations while\nothers are actually moving across cgroups. For example, this can happen with\nthe following sequence on cgroup1:\n\n #1\u003e mkdir -p /sys/fs/cgroup/misc/a/b\n #2\u003e echo $$ \u003e /sys/fs/cgroup/misc/a/cgroup.procs\n #3\u003e RUN_A_COMMAND_WHICH_CREATES_MULTIPLE_THREADS \u0026\n #4\u003e PID=$!\n #5\u003e echo $PID \u003e /sys/fs/cgroup/misc/a/b/tasks\n #6\u003e echo $PID \u003e /sys/fs/cgroup/misc/a/cgroup.procs\n\nthe process including the group leader back into a. In this final migration,\nnon-leader threads would be doing identity migration while the group leader\nis doing an actual one.\n\nAfter #3, let\u0027s say the whole process was in cset A, and that after #4, the\nleader moves to cset B. Then, during #6, the following happens:\n\n 1. cgroup_migrate_add_src() is called on B for the leader.\n\n 2. cgroup_migrate_add_src() is called on A for the other threads.\n\n 3. cgroup_migrate_prepare_dst() is called. It scans the src list.\n\n 4. It notices that B wants to migrate to A, so it tries to A to the dst\n list but realizes that its -\u003emg_preload_node is already busy.\n\n 5. and then it notices A wants to migrate to A as it\u0027s an identity\n migration, it culls it by list_del_init()\u0027ing its -\u003emg_preload_node and\n putting references accordingly.\n\n 6. The rest of migration takes place with B on the src list but nothing on\n the dst list.\n\nThis means that A isn\u0027t held while migration is in progress. If all tasks\nleave A before the migration finishes and the incoming task pins it, the\ncset will be destroyed leading to use-after-free.\n\nThis is caused by overloading cset-\u003emg_preload_node for both src and dst\npreload lists. We wanted to exclude the cset from the src list but ended up\ninadvertently excluding it from the dst list too.\n\nThis patch fixes the issue by separating out cset-\u003emg_preload_node into\n-\u003emg_src_preload_node and -\u003emg_dst_preload_node, so that the src and dst\npreloadings don\u0027t interfere with each other."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:31.208Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/05f7658210d1d331e8dd4cb6e7bbbe3df5f5ac27"
},
{
"url": "https://git.kernel.org/stable/c/cec2bbdcc14fbaa6b95ee15a7c423b05d97038be"
},
{
"url": "https://git.kernel.org/stable/c/ad44e05f3e016bdcb1ad25af35ade5b5f41ccd68"
},
{
"url": "https://git.kernel.org/stable/c/7657e3958535d101a24ab4400f9b8062b9107cc4"
},
{
"url": "https://git.kernel.org/stable/c/54aee4e5ce8c21555286a6333e46c1713880cf93"
},
{
"url": "https://git.kernel.org/stable/c/0e41774b564befa6d271e8d5086bf870d617a4e6"
},
{
"url": "https://git.kernel.org/stable/c/07fd5b6cdf3cc30bfde8fe0f644771688be04447"
}
],
"title": "cgroup: Use separate src/dst nodes when preloading css_sets for migration",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49647",
"datePublished": "2025-02-26T02:23:51.561Z",
"dateReserved": "2025-02-26T02:21:30.432Z",
"dateUpdated": "2025-05-04T08:42:31.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49331 (GCVE-0-2022-49331)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
Error paths do not free previously allocated memory. Add devm_kfree() to
those failure paths.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 Version: 26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 Version: 26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 Version: 26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 Version: 26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 Version: 26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 Version: 26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 Version: 26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 Version: 26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:43:19.500104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:55.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nfc/st21nfca/se.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "593773088d615a46a42c97e01a0550d192bb7f74",
"status": "affected",
"version": "26fc6c7f02cb26c39c4733de3dbc3c0646fc1074",
"versionType": "git"
},
{
"lessThan": "d221ce54ce331c1a23be71eebf57f6a088632383",
"status": "affected",
"version": "26fc6c7f02cb26c39c4733de3dbc3c0646fc1074",
"versionType": "git"
},
{
"lessThan": "6fce324b530dd74750ad870699e33eeed1029ded",
"status": "affected",
"version": "26fc6c7f02cb26c39c4733de3dbc3c0646fc1074",
"versionType": "git"
},
{
"lessThan": "3eca2c42daa4659965db6817479027cbc6df7899",
"status": "affected",
"version": "26fc6c7f02cb26c39c4733de3dbc3c0646fc1074",
"versionType": "git"
},
{
"lessThan": "54423649bc0ed464b75807a7cf2857a5871f738f",
"status": "affected",
"version": "26fc6c7f02cb26c39c4733de3dbc3c0646fc1074",
"versionType": "git"
},
{
"lessThan": "f444ecd3f57f4ba5090fe8b6756933e37de4226e",
"status": "affected",
"version": "26fc6c7f02cb26c39c4733de3dbc3c0646fc1074",
"versionType": "git"
},
{
"lessThan": "db836b97464d44340b568e041fd24602858713f7",
"status": "affected",
"version": "26fc6c7f02cb26c39c4733de3dbc3c0646fc1074",
"versionType": "git"
},
{
"lessThan": "55904086041ba4ee4070187b36590f8f8d6df4cd",
"status": "affected",
"version": "26fc6c7f02cb26c39c4733de3dbc3c0646fc1074",
"versionType": "git"
},
{
"lessThan": "996419e0594abb311fb958553809f24f38e7abbe",
"status": "affected",
"version": "26fc6c7f02cb26c39c4733de3dbc3c0646fc1074",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nfc/st21nfca/se.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling\n\nError paths do not free previously allocated memory. Add devm_kfree() to\nthose failure paths."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:22.157Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/593773088d615a46a42c97e01a0550d192bb7f74"
},
{
"url": "https://git.kernel.org/stable/c/d221ce54ce331c1a23be71eebf57f6a088632383"
},
{
"url": "https://git.kernel.org/stable/c/6fce324b530dd74750ad870699e33eeed1029ded"
},
{
"url": "https://git.kernel.org/stable/c/3eca2c42daa4659965db6817479027cbc6df7899"
},
{
"url": "https://git.kernel.org/stable/c/54423649bc0ed464b75807a7cf2857a5871f738f"
},
{
"url": "https://git.kernel.org/stable/c/f444ecd3f57f4ba5090fe8b6756933e37de4226e"
},
{
"url": "https://git.kernel.org/stable/c/db836b97464d44340b568e041fd24602858713f7"
},
{
"url": "https://git.kernel.org/stable/c/55904086041ba4ee4070187b36590f8f8d6df4cd"
},
{
"url": "https://git.kernel.org/stable/c/996419e0594abb311fb958553809f24f38e7abbe"
}
],
"title": "nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49331",
"datePublished": "2025-02-26T02:10:51.040Z",
"dateReserved": "2025-02-26T02:08:31.538Z",
"dateUpdated": "2025-10-01T19:46:55.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49437 (GCVE-0-2022-49437)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/xive: Fix refcount leak in xive_spapr_init
of_find_compatible_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:05.966582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:49.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/sysdev/xive/spapr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "65f11ccdd746e0e7f0b469cc989ba43d4f30ecfe",
"status": "affected",
"version": "eac1e731b59ee3b5f5e641a7765c7ed41ed26226",
"versionType": "git"
},
{
"lessThan": "6e806485d851986a2445267608f27cb4ba2ed774",
"status": "affected",
"version": "eac1e731b59ee3b5f5e641a7765c7ed41ed26226",
"versionType": "git"
},
{
"lessThan": "cc62dde2a5f4ba14016fd9caec76f08d388f4b9c",
"status": "affected",
"version": "eac1e731b59ee3b5f5e641a7765c7ed41ed26226",
"versionType": "git"
},
{
"lessThan": "1d1fb9618bdd5a5fbf9a9eb75133da301d33721c",
"status": "affected",
"version": "eac1e731b59ee3b5f5e641a7765c7ed41ed26226",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/sysdev/xive/spapr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xive: Fix refcount leak in xive_spapr_init\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:38.780Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/65f11ccdd746e0e7f0b469cc989ba43d4f30ecfe"
},
{
"url": "https://git.kernel.org/stable/c/6e806485d851986a2445267608f27cb4ba2ed774"
},
{
"url": "https://git.kernel.org/stable/c/cc62dde2a5f4ba14016fd9caec76f08d388f4b9c"
},
{
"url": "https://git.kernel.org/stable/c/1d1fb9618bdd5a5fbf9a9eb75133da301d33721c"
}
],
"title": "powerpc/xive: Fix refcount leak in xive_spapr_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49437",
"datePublished": "2025-02-26T02:12:52.524Z",
"dateReserved": "2025-02-26T02:08:31.570Z",
"dateUpdated": "2025-10-01T19:46:49.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49177 (GCVE-0-2022-49177)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hwrng: cavium - fix NULL but dereferenced coccicheck error
Fix following coccicheck warning:
./drivers/char/hw_random/cavium-rng-vf.c:182:17-20: ERROR:
pdev is NULL but dereferenced.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:47:36.860050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:56:59.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/hw_random/cavium-rng-vf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e47b12f9415169eceda6770fcf45802e0c8d2a66",
"status": "affected",
"version": "680efb33546be8960ccbb2f4e0e43034d9c93b30",
"versionType": "git"
},
{
"lessThan": "e6205ad58a7ac194abfb33897585b38687d797fa",
"status": "affected",
"version": "680efb33546be8960ccbb2f4e0e43034d9c93b30",
"versionType": "git"
},
{
"status": "affected",
"version": "bc20294cc8da53c0dc0f5a076b4883be6ec96930",
"versionType": "git"
},
{
"status": "affected",
"version": "7919dfd84b352782df92c1ff2f0ca4dd5328d198",
"versionType": "git"
},
{
"status": "affected",
"version": "cc744db61229b6c55164b8cbdfaad4caacce62f9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/hw_random/cavium-rng-vf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: cavium - fix NULL but dereferenced coccicheck error\n\nFix following coccicheck warning:\n./drivers/char/hw_random/cavium-rng-vf.c:182:17-20: ERROR:\npdev is NULL but dereferenced."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:27:27.774Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e47b12f9415169eceda6770fcf45802e0c8d2a66"
},
{
"url": "https://git.kernel.org/stable/c/e6205ad58a7ac194abfb33897585b38687d797fa"
}
],
"title": "hwrng: cavium - fix NULL but dereferenced coccicheck error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49177",
"datePublished": "2025-02-26T01:55:31.078Z",
"dateReserved": "2025-02-26T01:49:39.281Z",
"dateUpdated": "2025-10-01T19:56:59.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49534 (GCVE-0-2022-49534)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
There is a potential memory leak in lpfc_ignore_els_cmpl() and
lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT
(lpfc_rcv_plogi()'s login_mbox).
Check if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(),
and then free it back to phba->mbox_mem_pool along with mbox->ctx_buf for
service parameters.
For lpfc_els_rsp_reject() failure, free both the ctx_buf for service
parameters and the login_mbox.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:37:49.137797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:40.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_nportdisc.c",
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c00df0f34a6d5e14da379f96ea67e501ce67b002",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "672d1cb40551ea9c95efad43ab6d45e4ab4e015f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_nportdisc.c",
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT\n\nThere is a potential memory leak in lpfc_ignore_els_cmpl() and\nlpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT\n(lpfc_rcv_plogi()\u0027s login_mbox).\n\nCheck if cmdiocb-\u003econtext_un.mbox was allocated in lpfc_ignore_els_cmpl(),\nand then free it back to phba-\u003embox_mem_pool along with mbox-\u003ectx_buf for\nservice parameters.\n\nFor lpfc_els_rsp_reject() failure, free both the ctx_buf for service\nparameters and the login_mbox."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:59.782Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c00df0f34a6d5e14da379f96ea67e501ce67b002"
},
{
"url": "https://git.kernel.org/stable/c/672d1cb40551ea9c95efad43ab6d45e4ab4e015f"
}
],
"title": "scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49534",
"datePublished": "2025-02-26T02:13:52.978Z",
"dateReserved": "2025-02-26T02:08:31.589Z",
"dateUpdated": "2025-10-01T19:46:40.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49084 (GCVE-0-2022-49084)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
qede: confirm skb is allocated before using
qede_build_skb() assumes build_skb() always works and goes straight
to skb_reserve(). However, build_skb() can fail under memory pressure.
This results in a kernel panic because the skb to reserve is NULL.
Add a check in case build_skb() failed to allocate and return NULL.
The NULL return is handled correctly in callers to qede_build_skb().
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8a8633978b842c88fbcfe00d4e5dde96048f630e Version: 8a8633978b842c88fbcfe00d4e5dde96048f630e Version: 8a8633978b842c88fbcfe00d4e5dde96048f630e Version: 8a8633978b842c88fbcfe00d4e5dde96048f630e Version: 8a8633978b842c88fbcfe00d4e5dde96048f630e Version: 8a8633978b842c88fbcfe00d4e5dde96048f630e Version: 8a8633978b842c88fbcfe00d4e5dde96048f630e |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/qlogic/qede/qede_fp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9648adb1b3ece55c657d3a4f52bfee663b710dfe",
"status": "affected",
"version": "8a8633978b842c88fbcfe00d4e5dde96048f630e",
"versionType": "git"
},
{
"lessThan": "034a92c6a81048128fc7b18d278d52438a13902a",
"status": "affected",
"version": "8a8633978b842c88fbcfe00d4e5dde96048f630e",
"versionType": "git"
},
{
"lessThan": "8928239e5e2e460d95b8a0b89f61671625e7ece0",
"status": "affected",
"version": "8a8633978b842c88fbcfe00d4e5dde96048f630e",
"versionType": "git"
},
{
"lessThan": "c9bdce2359b5f4986eb38d1e81865b3586cc20d2",
"status": "affected",
"version": "8a8633978b842c88fbcfe00d4e5dde96048f630e",
"versionType": "git"
},
{
"lessThan": "b2d6b3db9d1cf80908964036dbe1c52a86b1afb1",
"status": "affected",
"version": "8a8633978b842c88fbcfe00d4e5dde96048f630e",
"versionType": "git"
},
{
"lessThan": "e1fd0c42acfa22bb34d2ab6a111484f466ab8093",
"status": "affected",
"version": "8a8633978b842c88fbcfe00d4e5dde96048f630e",
"versionType": "git"
},
{
"lessThan": "4e910dbe36508654a896d5735b318c0b88172570",
"status": "affected",
"version": "8a8633978b842c88fbcfe00d4e5dde96048f630e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/qlogic/qede/qede_fp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nqede: confirm skb is allocated before using\n\nqede_build_skb() assumes build_skb() always works and goes straight\nto skb_reserve(). However, build_skb() can fail under memory pressure.\nThis results in a kernel panic because the skb to reserve is NULL.\n\nAdd a check in case build_skb() failed to allocate and return NULL.\n\nThe NULL return is handled correctly in callers to qede_build_skb()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:23.165Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9648adb1b3ece55c657d3a4f52bfee663b710dfe"
},
{
"url": "https://git.kernel.org/stable/c/034a92c6a81048128fc7b18d278d52438a13902a"
},
{
"url": "https://git.kernel.org/stable/c/8928239e5e2e460d95b8a0b89f61671625e7ece0"
},
{
"url": "https://git.kernel.org/stable/c/c9bdce2359b5f4986eb38d1e81865b3586cc20d2"
},
{
"url": "https://git.kernel.org/stable/c/b2d6b3db9d1cf80908964036dbe1c52a86b1afb1"
},
{
"url": "https://git.kernel.org/stable/c/e1fd0c42acfa22bb34d2ab6a111484f466ab8093"
},
{
"url": "https://git.kernel.org/stable/c/4e910dbe36508654a896d5735b318c0b88172570"
}
],
"title": "qede: confirm skb is allocated before using",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49084",
"datePublished": "2025-02-26T01:54:43.099Z",
"dateReserved": "2025-02-26T01:49:39.248Z",
"dateUpdated": "2025-05-04T08:29:23.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49412 (GCVE-0-2022-49412)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-06-19 12:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bfq: Avoid merging queues with different parents
It can happen that the parent of a bfqq changes between the moment we
decide two queues are worth to merge (and set bic->stable_merge_bfqq)
and the moment bfq_setup_merge() is called. This can happen e.g. because
the process submitted IO for a different cgroup and thus bfqq got
reparented. It can even happen that the bfqq we are merging with has
parent cgroup that is already offline and going to be destroyed in which
case the merge can lead to use-after-free issues such as:
BUG: KASAN: use-after-free in __bfq_deactivate_entity+0x9cb/0xa50
Read of size 8 at addr ffff88800693c0c0 by task runc:[2:INIT]/10544
CPU: 0 PID: 10544 Comm: runc:[2:INIT] Tainted: G E 5.15.2-0.g5fb85fd-default #1 openSUSE Tumbleweed (unreleased) f1f3b891c72369aebecd2e43e4641a6358867c70
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014
Call Trace:
<IRQ>
dump_stack_lvl+0x46/0x5a
print_address_description.constprop.0+0x1f/0x140
? __bfq_deactivate_entity+0x9cb/0xa50
kasan_report.cold+0x7f/0x11b
? __bfq_deactivate_entity+0x9cb/0xa50
__bfq_deactivate_entity+0x9cb/0xa50
? update_curr+0x32f/0x5d0
bfq_deactivate_entity+0xa0/0x1d0
bfq_del_bfqq_busy+0x28a/0x420
? resched_curr+0x116/0x1d0
? bfq_requeue_bfqq+0x70/0x70
? check_preempt_wakeup+0x52b/0xbc0
__bfq_bfqq_expire+0x1a2/0x270
bfq_bfqq_expire+0xd16/0x2160
? try_to_wake_up+0x4ee/0x1260
? bfq_end_wr_async_queues+0xe0/0xe0
? _raw_write_unlock_bh+0x60/0x60
? _raw_spin_lock_irq+0x81/0xe0
bfq_idle_slice_timer+0x109/0x280
? bfq_dispatch_request+0x4870/0x4870
__hrtimer_run_queues+0x37d/0x700
? enqueue_hrtimer+0x1b0/0x1b0
? kvm_clock_get_cycles+0xd/0x10
? ktime_get_update_offsets_now+0x6f/0x280
hrtimer_interrupt+0x2c8/0x740
Fix the problem by checking that the parent of the two bfqqs we are
merging in bfq_setup_merge() is the same.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:16:26.495959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:33.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/bfq-iosched.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5ee21edaed09e6b25f2c007b3f326752bc89bacf",
"status": "affected",
"version": "430a67f9d6169a7b3e328bceb2ef9542e4153c7c",
"versionType": "git"
},
{
"lessThan": "a16c65cca7d2c7ff965fdd3adc8df2156529caf1",
"status": "affected",
"version": "430a67f9d6169a7b3e328bceb2ef9542e4153c7c",
"versionType": "git"
},
{
"lessThan": "8abc8763b11c35e03cc91d59fd0cd28d39f88ca9",
"status": "affected",
"version": "430a67f9d6169a7b3e328bceb2ef9542e4153c7c",
"versionType": "git"
},
{
"lessThan": "c1cee4ab36acef271be9101590756ed0c0c374d9",
"status": "affected",
"version": "430a67f9d6169a7b3e328bceb2ef9542e4153c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/bfq-iosched.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbfq: Avoid merging queues with different parents\n\nIt can happen that the parent of a bfqq changes between the moment we\ndecide two queues are worth to merge (and set bic-\u003estable_merge_bfqq)\nand the moment bfq_setup_merge() is called. This can happen e.g. because\nthe process submitted IO for a different cgroup and thus bfqq got\nreparented. It can even happen that the bfqq we are merging with has\nparent cgroup that is already offline and going to be destroyed in which\ncase the merge can lead to use-after-free issues such as:\n\nBUG: KASAN: use-after-free in __bfq_deactivate_entity+0x9cb/0xa50\nRead of size 8 at addr ffff88800693c0c0 by task runc:[2:INIT]/10544\n\nCPU: 0 PID: 10544 Comm: runc:[2:INIT] Tainted: G E 5.15.2-0.g5fb85fd-default #1 openSUSE Tumbleweed (unreleased) f1f3b891c72369aebecd2e43e4641a6358867c70\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x46/0x5a\n print_address_description.constprop.0+0x1f/0x140\n ? __bfq_deactivate_entity+0x9cb/0xa50\n kasan_report.cold+0x7f/0x11b\n ? __bfq_deactivate_entity+0x9cb/0xa50\n __bfq_deactivate_entity+0x9cb/0xa50\n ? update_curr+0x32f/0x5d0\n bfq_deactivate_entity+0xa0/0x1d0\n bfq_del_bfqq_busy+0x28a/0x420\n ? resched_curr+0x116/0x1d0\n ? bfq_requeue_bfqq+0x70/0x70\n ? check_preempt_wakeup+0x52b/0xbc0\n __bfq_bfqq_expire+0x1a2/0x270\n bfq_bfqq_expire+0xd16/0x2160\n ? try_to_wake_up+0x4ee/0x1260\n ? bfq_end_wr_async_queues+0xe0/0xe0\n ? _raw_write_unlock_bh+0x60/0x60\n ? _raw_spin_lock_irq+0x81/0xe0\n bfq_idle_slice_timer+0x109/0x280\n ? bfq_dispatch_request+0x4870/0x4870\n __hrtimer_run_queues+0x37d/0x700\n ? enqueue_hrtimer+0x1b0/0x1b0\n ? kvm_clock_get_cycles+0xd/0x10\n ? ktime_get_update_offsets_now+0x6f/0x280\n hrtimer_interrupt+0x2c8/0x740\n\nFix the problem by checking that the parent of the two bfqqs we are\nmerging in bfq_setup_merge() is the same."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:39:08.177Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5ee21edaed09e6b25f2c007b3f326752bc89bacf"
},
{
"url": "https://git.kernel.org/stable/c/a16c65cca7d2c7ff965fdd3adc8df2156529caf1"
},
{
"url": "https://git.kernel.org/stable/c/8abc8763b11c35e03cc91d59fd0cd28d39f88ca9"
},
{
"url": "https://git.kernel.org/stable/c/c1cee4ab36acef271be9101590756ed0c0c374d9"
}
],
"title": "bfq: Avoid merging queues with different parents",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49412",
"datePublished": "2025-02-26T02:12:34.114Z",
"dateReserved": "2025-02-26T02:08:31.567Z",
"dateUpdated": "2025-06-19T12:39:08.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49562 (GCVE-0-2022-49562)
Vulnerability from cvelistv5
Published
2025-02-26 02:14
Modified
2025-05-04 08:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
Use the recently introduced __try_cmpxchg_user() to update guest PTE A/D
bits instead of mapping the PTE into kernel address space. The VM_PFNMAP
path is broken as it assumes that vm_pgoff is the base pfn of the mapped
VMA range, which is conceptually wrong as vm_pgoff is the offset relative
to the file and has nothing to do with the pfn. The horrific hack worked
for the original use case (backing guest memory with /dev/mem), but leads
to accessing "random" pfns for pretty much any other VM_PFNMAP case.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/mmu/paging_tmpl.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "38b888911e8dc89b89d8147cfb1d2dbe6373bf78",
"status": "affected",
"version": "bd53cb35a3e9adb73a834a36586e9ad80e877767",
"versionType": "git"
},
{
"lessThan": "8089e5e1d18402fb8152d6b6815450a36fffa9b0",
"status": "affected",
"version": "bd53cb35a3e9adb73a834a36586e9ad80e877767",
"versionType": "git"
},
{
"lessThan": "f122dfe4476890d60b8c679128cd2259ec96a24c",
"status": "affected",
"version": "bd53cb35a3e9adb73a834a36586e9ad80e877767",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/mmu/paging_tmpl.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.13",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.2",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits\n\nUse the recently introduced __try_cmpxchg_user() to update guest PTE A/D\nbits instead of mapping the PTE into kernel address space. The VM_PFNMAP\npath is broken as it assumes that vm_pgoff is the base pfn of the mapped\nVMA range, which is conceptually wrong as vm_pgoff is the offset relative\nto the file and has nothing to do with the pfn. The horrific hack worked\nfor the original use case (backing guest memory with /dev/mem), but leads\nto accessing \"random\" pfns for pretty much any other VM_PFNMAP case."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:41.692Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/38b888911e8dc89b89d8147cfb1d2dbe6373bf78"
},
{
"url": "https://git.kernel.org/stable/c/8089e5e1d18402fb8152d6b6815450a36fffa9b0"
},
{
"url": "https://git.kernel.org/stable/c/f122dfe4476890d60b8c679128cd2259ec96a24c"
}
],
"title": "KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49562",
"datePublished": "2025-02-26T02:14:06.515Z",
"dateReserved": "2025-02-26T02:08:31.591Z",
"dateUpdated": "2025-05-04T08:40:41.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49431 (GCVE-0-2022-49431)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
The device_node pointer is returned by of_find_compatible_node
with refcount incremented. We should use of_node_put() to avoid
the refcount leak.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/sysdev/dart_iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cb4f2dc513e99c5d0485661f114e4dda73612d10",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dfc308d6f29aa28463deb9a12278a85a382385ca",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "df6d8b689252c0acc0448d4ae3d33f2d6db048ab",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8657e8ea23325949091da72453ba84fb73cc2bd9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7e3f1dfb9e21733d7276bc9ccea4daada163f2ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "57b742a5b8945118022973e6416b71351df512fb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/sysdev/dart_iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/iommu: Add missing of_node_put in iommu_init_early_dart\n\nThe device_node pointer is returned by of_find_compatible_node\nwith refcount incremented. We should use of_node_put() to avoid\nthe refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:31.350Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cb4f2dc513e99c5d0485661f114e4dda73612d10"
},
{
"url": "https://git.kernel.org/stable/c/dfc308d6f29aa28463deb9a12278a85a382385ca"
},
{
"url": "https://git.kernel.org/stable/c/df6d8b689252c0acc0448d4ae3d33f2d6db048ab"
},
{
"url": "https://git.kernel.org/stable/c/8657e8ea23325949091da72453ba84fb73cc2bd9"
},
{
"url": "https://git.kernel.org/stable/c/7e3f1dfb9e21733d7276bc9ccea4daada163f2ba"
},
{
"url": "https://git.kernel.org/stable/c/57b742a5b8945118022973e6416b71351df512fb"
}
],
"title": "powerpc/iommu: Add missing of_node_put in iommu_init_early_dart",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49431",
"datePublished": "2025-02-26T02:12:49.592Z",
"dateReserved": "2025-02-26T02:08:31.569Z",
"dateUpdated": "2025-05-04T08:37:31.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49151 (GCVE-0-2022-49151)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: mcba_usb: properly check endpoint type
Syzbot reported warning in usb_submit_urb() which is caused by wrong
endpoint type. We should check that in endpoint is actually present to
prevent this warning.
Found pipes are now saved to struct mcba_priv and code uses them
directly instead of making pipes in place.
Fail log:
| usb 5-1: BOGUS urb xfer, pipe 3 != type 1
| WARNING: CPU: 1 PID: 49 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502
| Modules linked in:
| CPU: 1 PID: 49 Comm: kworker/1:2 Not tainted 5.17.0-rc6-syzkaller-00184-g38f80f42147f #0
| Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
| Workqueue: usb_hub_wq hub_event
| RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502
| ...
| Call Trace:
| <TASK>
| mcba_usb_start drivers/net/can/usb/mcba_usb.c:662 [inline]
| mcba_usb_probe+0x8a3/0xc50 drivers/net/can/usb/mcba_usb.c:858
| usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
| call_driver_probe drivers/base/dd.c:517 [inline]
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 51f3baad7de943780ce0c17bd7975df567dd6e14 Version: 51f3baad7de943780ce0c17bd7975df567dd6e14 Version: 51f3baad7de943780ce0c17bd7975df567dd6e14 Version: 51f3baad7de943780ce0c17bd7975df567dd6e14 Version: 51f3baad7de943780ce0c17bd7975df567dd6e14 Version: 51f3baad7de943780ce0c17bd7975df567dd6e14 Version: 51f3baad7de943780ce0c17bd7975df567dd6e14 Version: 51f3baad7de943780ce0c17bd7975df567dd6e14 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/can/usb/mcba_usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5598442edc29e8f6f2380e4b471dc1a3fcd80508",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "b48d1bb3f1ca337ad653022aefb5a40a47dfe5cd",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "cbd110b8dd7ad763bf413f71c0484116ae9302d4",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "ef0acc514123140157b19a9ff2e2de5d91d612bc",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "fa9c1f14002dc0d5293e16a2007bd89b6e79207b",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "88272b4a37913bdf6f339162a7920bd8e9b49de2",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "f2ec3cd0f34f8c3f94bc21fbba14868301c9c49d",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
},
{
"lessThan": "136bed0bfd3bc9c95c88aafff2d22ecb3a919f23",
"status": "affected",
"version": "51f3baad7de943780ce0c17bd7975df567dd6e14",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/can/usb/mcba_usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: properly check endpoint type\n\nSyzbot reported warning in usb_submit_urb() which is caused by wrong\nendpoint type. We should check that in endpoint is actually present to\nprevent this warning.\n\nFound pipes are now saved to struct mcba_priv and code uses them\ndirectly instead of making pipes in place.\n\nFail log:\n\n| usb 5-1: BOGUS urb xfer, pipe 3 != type 1\n| WARNING: CPU: 1 PID: 49 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n| Modules linked in:\n| CPU: 1 PID: 49 Comm: kworker/1:2 Not tainted 5.17.0-rc6-syzkaller-00184-g38f80f42147f #0\n| Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\n| Workqueue: usb_hub_wq hub_event\n| RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n| ...\n| Call Trace:\n| \u003cTASK\u003e\n| mcba_usb_start drivers/net/can/usb/mcba_usb.c:662 [inline]\n| mcba_usb_probe+0x8a3/0xc50 drivers/net/can/usb/mcba_usb.c:858\n| usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\n| call_driver_probe drivers/base/dd.c:517 [inline]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:05.112Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5598442edc29e8f6f2380e4b471dc1a3fcd80508"
},
{
"url": "https://git.kernel.org/stable/c/b48d1bb3f1ca337ad653022aefb5a40a47dfe5cd"
},
{
"url": "https://git.kernel.org/stable/c/cbd110b8dd7ad763bf413f71c0484116ae9302d4"
},
{
"url": "https://git.kernel.org/stable/c/ef0acc514123140157b19a9ff2e2de5d91d612bc"
},
{
"url": "https://git.kernel.org/stable/c/fa9c1f14002dc0d5293e16a2007bd89b6e79207b"
},
{
"url": "https://git.kernel.org/stable/c/88272b4a37913bdf6f339162a7920bd8e9b49de2"
},
{
"url": "https://git.kernel.org/stable/c/f2ec3cd0f34f8c3f94bc21fbba14868301c9c49d"
},
{
"url": "https://git.kernel.org/stable/c/136bed0bfd3bc9c95c88aafff2d22ecb3a919f23"
}
],
"title": "can: mcba_usb: properly check endpoint type",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49151",
"datePublished": "2025-02-26T01:55:17.665Z",
"dateReserved": "2025-02-26T01:49:39.274Z",
"dateUpdated": "2025-05-04T08:31:05.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49384 (GCVE-0-2022-49384)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
md: fix double free of io_acct_set bioset
Now io_acct_set is alloc and free in personality. Remove the codes that
free io_acct_set in md_free and md_stop.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:48.818598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:51.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "36a2fc44c574a59ee3b5e2cb327182f227b2b07e",
"status": "affected",
"version": "00e3d58f50a875343124bcf5a9637520a492b0d1",
"versionType": "git"
},
{
"lessThan": "f99d5b5dc8a42c807b5f1176b925aa45d61962ab",
"status": "affected",
"version": "0c031fd37f69deb0cd8c43bbfcfccd62ebd7e952",
"versionType": "git"
},
{
"lessThan": "ea7d7bd90079d96f9c86bdaf0b106e0cd2a70661",
"status": "affected",
"version": "0c031fd37f69deb0cd8c43bbfcfccd62ebd7e952",
"versionType": "git"
},
{
"lessThan": "42b805af102471f53e3c7867b8c2b502ea4eef7e",
"status": "affected",
"version": "0c031fd37f69deb0cd8c43bbfcfccd62ebd7e952",
"versionType": "git"
},
{
"status": "affected",
"version": "92053ae0398a58c6914e807d5e070297ba8cfe88",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix double free of io_acct_set bioset\n\nNow io_acct_set is alloc and free in personality. Remove the codes that\nfree io_acct_set in md_free and md_stop."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:31.958Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/36a2fc44c574a59ee3b5e2cb327182f227b2b07e"
},
{
"url": "https://git.kernel.org/stable/c/f99d5b5dc8a42c807b5f1176b925aa45d61962ab"
},
{
"url": "https://git.kernel.org/stable/c/ea7d7bd90079d96f9c86bdaf0b106e0cd2a70661"
},
{
"url": "https://git.kernel.org/stable/c/42b805af102471f53e3c7867b8c2b502ea4eef7e"
}
],
"title": "md: fix double free of io_acct_set bioset",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49384",
"datePublished": "2025-02-26T02:11:20.246Z",
"dateReserved": "2025-02-26T02:08:31.560Z",
"dateUpdated": "2025-10-01T19:46:51.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47652 (GCVE-0-2021-47652)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
I got a null-ptr-deref report:
BUG: kernel NULL pointer dereference, address: 0000000000000000
...
RIP: 0010:fb_destroy_modelist+0x38/0x100
...
Call Trace:
ufx_usb_probe.cold+0x2b5/0xac1 [smscufx]
usb_probe_interface+0x1aa/0x3c0 [usbcore]
really_probe+0x167/0x460
...
ret_from_fork+0x1f/0x30
If fb_alloc_cmap() fails in ufx_usb_probe(), fb_destroy_modelist() will
be called to destroy modelist in the error handling path. But modelist
has not been initialized yet, so it will result in null-ptr-deref.
Initialize modelist before calling fb_alloc_cmap() to fix this bug.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 Version: 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 Version: 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 Version: 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 Version: 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 Version: 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 Version: 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 Version: 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 Version: 3c8a63e22a0802fd56380f6ab305b419f18eb6f5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:21.892843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:07.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/smscufx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d1b6a1f0c23b7164250479bf92e2893291dca539",
"status": "affected",
"version": "3c8a63e22a0802fd56380f6ab305b419f18eb6f5",
"versionType": "git"
},
{
"lessThan": "0fd28daec73525382e5c992db8743bf76e42cd5c",
"status": "affected",
"version": "3c8a63e22a0802fd56380f6ab305b419f18eb6f5",
"versionType": "git"
},
{
"lessThan": "dd3a6cc7385b89ec2303f39dfc3bafa4e24cec4b",
"status": "affected",
"version": "3c8a63e22a0802fd56380f6ab305b419f18eb6f5",
"versionType": "git"
},
{
"lessThan": "da8b269cc0a2526ebeaccbe2484c999eb0f822cf",
"status": "affected",
"version": "3c8a63e22a0802fd56380f6ab305b419f18eb6f5",
"versionType": "git"
},
{
"lessThan": "64ec3e678d76419f207b9cdd338dda438ca10b1c",
"status": "affected",
"version": "3c8a63e22a0802fd56380f6ab305b419f18eb6f5",
"versionType": "git"
},
{
"lessThan": "c420b540db4b5d69de0a36d8b9d9a6a79a04f05a",
"status": "affected",
"version": "3c8a63e22a0802fd56380f6ab305b419f18eb6f5",
"versionType": "git"
},
{
"lessThan": "d396c651e2b508b6179bb678cc029f3becbf5170",
"status": "affected",
"version": "3c8a63e22a0802fd56380f6ab305b419f18eb6f5",
"versionType": "git"
},
{
"lessThan": "9280ef235b05e8f19f8bc6d547b992f0a0ef398d",
"status": "affected",
"version": "3c8a63e22a0802fd56380f6ab305b419f18eb6f5",
"versionType": "git"
},
{
"lessThan": "1791f487f877a9e83d81c8677bd3e7b259e7cb27",
"status": "affected",
"version": "3c8a63e22a0802fd56380f6ab305b419f18eb6f5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/smscufx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.2"
},
{
"lessThan": "3.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()\n\nI got a null-ptr-deref report:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nRIP: 0010:fb_destroy_modelist+0x38/0x100\n...\nCall Trace:\n ufx_usb_probe.cold+0x2b5/0xac1 [smscufx]\n usb_probe_interface+0x1aa/0x3c0 [usbcore]\n really_probe+0x167/0x460\n...\n ret_from_fork+0x1f/0x30\n\nIf fb_alloc_cmap() fails in ufx_usb_probe(), fb_destroy_modelist() will\nbe called to destroy modelist in the error handling path. But modelist\nhas not been initialized yet, so it will result in null-ptr-deref.\n\nInitialize modelist before calling fb_alloc_cmap() to fix this bug."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:33.844Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d1b6a1f0c23b7164250479bf92e2893291dca539"
},
{
"url": "https://git.kernel.org/stable/c/0fd28daec73525382e5c992db8743bf76e42cd5c"
},
{
"url": "https://git.kernel.org/stable/c/dd3a6cc7385b89ec2303f39dfc3bafa4e24cec4b"
},
{
"url": "https://git.kernel.org/stable/c/da8b269cc0a2526ebeaccbe2484c999eb0f822cf"
},
{
"url": "https://git.kernel.org/stable/c/64ec3e678d76419f207b9cdd338dda438ca10b1c"
},
{
"url": "https://git.kernel.org/stable/c/c420b540db4b5d69de0a36d8b9d9a6a79a04f05a"
},
{
"url": "https://git.kernel.org/stable/c/d396c651e2b508b6179bb678cc029f3becbf5170"
},
{
"url": "https://git.kernel.org/stable/c/9280ef235b05e8f19f8bc6d547b992f0a0ef398d"
},
{
"url": "https://git.kernel.org/stable/c/1791f487f877a9e83d81c8677bd3e7b259e7cb27"
}
],
"title": "video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47652",
"datePublished": "2025-02-26T01:54:18.089Z",
"dateReserved": "2025-02-26T01:48:21.520Z",
"dateUpdated": "2025-10-01T19:57:07.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21718 (GCVE-0-2025-21718)
Vulnerability from cvelistv5
Published
2025-02-27 02:07
Modified
2025-11-03 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: rose: fix timer races against user threads
Rose timers only acquire the socket spinlock, without
checking if the socket is owned by one user thread.
Add a check and rearm the timers if needed.
BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174
Read of size 2 at addr ffff88802f09b82a by task swapper/0/0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0x169/0x550 mm/kasan/report.c:489
kasan_report+0x143/0x180 mm/kasan/report.c:602
rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174
call_timer_fn+0x187/0x650 kernel/time/timer.c:1793
expire_timers kernel/time/timer.c:1844 [inline]
__run_timers kernel/time/timer.c:2418 [inline]
__run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430
run_timer_base kernel/time/timer.c:2439 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449
handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
__do_softirq kernel/softirq.c:595 [inline]
invoke_softirq kernel/softirq.c:435 [inline]
__irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
</IRQ>
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:36:13.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/rose/rose_timer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "52f5aff33ca73b2c2fa93f40a3de308012e63cf4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0d5bca3be27bfcf8f980f2fed49b6cbb7dafe4a1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1409b45d4690308c502c6caf22f01c3c205b4717",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f55c88e3ca5939a6a8a329024aed8f3d98eea8e4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "51c128ba038cf1b79d605cbee325919b45ab95a5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1992fb261c90e9827cf5dc3115d89bb0853252c9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "58051a284ac18a3bb815aac6289a679903ddcc3f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5de7665e0a0746b5ad7943554b34db8f8614a196",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/rose/rose_timer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:19:42.210Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/52f5aff33ca73b2c2fa93f40a3de308012e63cf4"
},
{
"url": "https://git.kernel.org/stable/c/0d5bca3be27bfcf8f980f2fed49b6cbb7dafe4a1"
},
{
"url": "https://git.kernel.org/stable/c/1409b45d4690308c502c6caf22f01c3c205b4717"
},
{
"url": "https://git.kernel.org/stable/c/f55c88e3ca5939a6a8a329024aed8f3d98eea8e4"
},
{
"url": "https://git.kernel.org/stable/c/51c128ba038cf1b79d605cbee325919b45ab95a5"
},
{
"url": "https://git.kernel.org/stable/c/1992fb261c90e9827cf5dc3115d89bb0853252c9"
},
{
"url": "https://git.kernel.org/stable/c/58051a284ac18a3bb815aac6289a679903ddcc3f"
},
{
"url": "https://git.kernel.org/stable/c/5de7665e0a0746b5ad7943554b34db8f8614a196"
}
],
"title": "net: rose: fix timer races against user threads",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21718",
"datePublished": "2025-02-27T02:07:27.971Z",
"dateReserved": "2024-12-29T08:45:45.753Z",
"dateUpdated": "2025-11-03T19:36:13.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49162 (GCVE-0-2022-49162)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
video: fbdev: sm712fb: Fix crash in smtcfb_write()
When the sm712fb driver writes three bytes to the framebuffer, the
driver will crash:
BUG: unable to handle page fault for address: ffffc90001ffffff
RIP: 0010:smtcfb_write+0x454/0x5b0
Call Trace:
vfs_write+0x291/0xd60
? do_sys_openat2+0x27d/0x350
? __fget_light+0x54/0x340
ksys_write+0xce/0x190
do_syscall_64+0x43/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
Fix it by removing the open-coded endianness fixup-code.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/sm712fb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fb791514acf9070225eed46e1ccbb0aa7aae5da5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0ec746674296c94137f074309c26d17e644c0498",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1aea36a62f0a0ad67eccc945bac0bd6422ef720f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3b36c05f68ba32d0dfb63abc9016d6fe9117829f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b1c28577529cdfad40c8242673285f1e1e4c314e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eae90015d10f0c9a47fc4adccba4cd79dce664e4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "aeb635b49530b7d19e140949753409f759ba99be",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "809b8cde86320698661eec677222bc5c5df76176",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4f01d09b2bbfbcb47b3eb305560a7f4857a32260",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/sm712fb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: sm712fb: Fix crash in smtcfb_write()\n\nWhen the sm712fb driver writes three bytes to the framebuffer, the\ndriver will crash:\n\n BUG: unable to handle page fault for address: ffffc90001ffffff\n RIP: 0010:smtcfb_write+0x454/0x5b0\n Call Trace:\n vfs_write+0x291/0xd60\n ? do_sys_openat2+0x27d/0x350\n ? __fget_light+0x54/0x340\n ksys_write+0xce/0x190\n do_syscall_64+0x43/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nFix it by removing the open-coded endianness fixup-code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:19.568Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fb791514acf9070225eed46e1ccbb0aa7aae5da5"
},
{
"url": "https://git.kernel.org/stable/c/0ec746674296c94137f074309c26d17e644c0498"
},
{
"url": "https://git.kernel.org/stable/c/1aea36a62f0a0ad67eccc945bac0bd6422ef720f"
},
{
"url": "https://git.kernel.org/stable/c/3b36c05f68ba32d0dfb63abc9016d6fe9117829f"
},
{
"url": "https://git.kernel.org/stable/c/b1c28577529cdfad40c8242673285f1e1e4c314e"
},
{
"url": "https://git.kernel.org/stable/c/eae90015d10f0c9a47fc4adccba4cd79dce664e4"
},
{
"url": "https://git.kernel.org/stable/c/aeb635b49530b7d19e140949753409f759ba99be"
},
{
"url": "https://git.kernel.org/stable/c/809b8cde86320698661eec677222bc5c5df76176"
},
{
"url": "https://git.kernel.org/stable/c/4f01d09b2bbfbcb47b3eb305560a7f4857a32260"
}
],
"title": "video: fbdev: sm712fb: Fix crash in smtcfb_write()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49162",
"datePublished": "2025-02-26T01:55:23.548Z",
"dateReserved": "2025-02-26T01:49:39.277Z",
"dateUpdated": "2025-05-04T08:31:19.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49264 (GCVE-0-2022-49264)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
exec: Force single empty string when argv is empty
Quoting[1] Ariadne Conill:
"In several other operating systems, it is a hard requirement that the
second argument to execve(2) be the name of a program, thus prohibiting
a scenario where argc < 1. POSIX 2017 also recommends this behaviour,
but it is not an explicit requirement[2]:
The argument arg0 should point to a filename string that is
associated with the process being started by one of the exec
functions.
...
Interestingly, Michael Kerrisk opened an issue about this in 2008[3],
but there was no consensus to support fixing this issue then.
Hopefully now that CVE-2021-4034 shows practical exploitative use[4]
of this bug in a shellcode, we can reconsider.
This issue is being tracked in the KSPP issue tracker[5]."
While the initial code searches[6][7] turned up what appeared to be
mostly corner case tests, trying to that just reject argv == NULL
(or an immediately terminated pointer list) quickly started tripping[8]
existing userspace programs.
The next best approach is forcing a single empty string into argv and
adjusting argc to match. The number of programs depending on argc == 0
seems a smaller set than those calling execve with a NULL argv.
Account for the additional stack space in bprm_stack_limits(). Inject an
empty string when argc == 0 (and set argc = 1). Warn about the case so
userspace has some notice about the change:
process './argc0' launched './argc0' with NULL argv: empty string added
Additionally WARN() and reject NULL argv usage for kernel threads.
[1] https://lore.kernel.org/lkml/20220127000724.15106-1-ariadne@dereferenced.org/
[2] https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html
[3] https://bugzilla.kernel.org/show_bug.cgi?id=8408
[4] https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
[5] https://github.com/KSPP/linux/issues/176
[6] https://codesearch.debian.net/search?q=execve%5C+*%5C%28%5B%5E%2C%5D%2B%2C+*NULL&literal=0
[7] https://codesearch.debian.net/search?q=execlp%3F%5Cs*%5C%28%5B%5E%2C%5D%2B%2C%5Cs*NULL&literal=0
[8] https://lore.kernel.org/lkml/20220131144352.GE16385@xsang-OptiPlex-9020/
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/exec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "41f6ea5b9aaa28b740d47ffe995a5013211fdbb0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "98e0c7c702894987732776736c99b85ade6fba45",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b50fb8dbc8b81aaa126387de428f4c42a7c72a73",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1fe82bfd9e4ce93399d815ca458b58505191c3e8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "27a6f495b63a1804cc71be45911065db7757a98c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1290eb4412aa0f0e9f3434b406dc8e255da85f9e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a8054d3fa5deb84b215d6be1b910a978f3cb840d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cfbfff8ce5e3d674947581f1eb9af0a1b1807950",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dcd46d897adb70d63e025f175a00a89797d31a43",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/exec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.246",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.197",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexec: Force single empty string when argv is empty\n\nQuoting[1] Ariadne Conill:\n\n\"In several other operating systems, it is a hard requirement that the\nsecond argument to execve(2) be the name of a program, thus prohibiting\na scenario where argc \u003c 1. POSIX 2017 also recommends this behaviour,\nbut it is not an explicit requirement[2]:\n\n The argument arg0 should point to a filename string that is\n associated with the process being started by one of the exec\n functions.\n...\nInterestingly, Michael Kerrisk opened an issue about this in 2008[3],\nbut there was no consensus to support fixing this issue then.\nHopefully now that CVE-2021-4034 shows practical exploitative use[4]\nof this bug in a shellcode, we can reconsider.\n\nThis issue is being tracked in the KSPP issue tracker[5].\"\n\nWhile the initial code searches[6][7] turned up what appeared to be\nmostly corner case tests, trying to that just reject argv == NULL\n(or an immediately terminated pointer list) quickly started tripping[8]\nexisting userspace programs.\n\nThe next best approach is forcing a single empty string into argv and\nadjusting argc to match. The number of programs depending on argc == 0\nseems a smaller set than those calling execve with a NULL argv.\n\nAccount for the additional stack space in bprm_stack_limits(). Inject an\nempty string when argc == 0 (and set argc = 1). Warn about the case so\nuserspace has some notice about the change:\n\n process \u0027./argc0\u0027 launched \u0027./argc0\u0027 with NULL argv: empty string added\n\nAdditionally WARN() and reject NULL argv usage for kernel threads.\n\n[1] https://lore.kernel.org/lkml/20220127000724.15106-1-ariadne@dereferenced.org/\n[2] https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html\n[3] https://bugzilla.kernel.org/show_bug.cgi?id=8408\n[4] https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt\n[5] https://github.com/KSPP/linux/issues/176\n[6] https://codesearch.debian.net/search?q=execve%5C+*%5C%28%5B%5E%2C%5D%2B%2C+*NULL\u0026literal=0\n[7] https://codesearch.debian.net/search?q=execlp%3F%5Cs*%5C%28%5B%5E%2C%5D%2B%2C%5Cs*NULL\u0026literal=0\n[8] https://lore.kernel.org/lkml/20220131144352.GE16385@xsang-OptiPlex-9020/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:39.705Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/41f6ea5b9aaa28b740d47ffe995a5013211fdbb0"
},
{
"url": "https://git.kernel.org/stable/c/98e0c7c702894987732776736c99b85ade6fba45"
},
{
"url": "https://git.kernel.org/stable/c/b50fb8dbc8b81aaa126387de428f4c42a7c72a73"
},
{
"url": "https://git.kernel.org/stable/c/1fe82bfd9e4ce93399d815ca458b58505191c3e8"
},
{
"url": "https://git.kernel.org/stable/c/27a6f495b63a1804cc71be45911065db7757a98c"
},
{
"url": "https://git.kernel.org/stable/c/1290eb4412aa0f0e9f3434b406dc8e255da85f9e"
},
{
"url": "https://git.kernel.org/stable/c/a8054d3fa5deb84b215d6be1b910a978f3cb840d"
},
{
"url": "https://git.kernel.org/stable/c/cfbfff8ce5e3d674947581f1eb9af0a1b1807950"
},
{
"url": "https://git.kernel.org/stable/c/dcd46d897adb70d63e025f175a00a89797d31a43"
}
],
"title": "exec: Force single empty string when argv is empty",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49264",
"datePublished": "2025-02-26T01:56:14.664Z",
"dateReserved": "2025-02-26T01:49:39.296Z",
"dateUpdated": "2025-05-04T08:33:39.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49716 (GCVE-0-2022-49716)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
When kcalloc fails, it missing of_node_put() and results in refcount
leak. Fix this by goto out_put_node label.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:32:16.480466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:44.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-gic-v3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "58e67c81e229351027d28c610638378606e33a08",
"status": "affected",
"version": "52085d3f2028d853f8d6ce7ead2f8a504f6077fa",
"versionType": "git"
},
{
"lessThan": "7c9dd9d23f26dabcfb14148b9acdfba540418b19",
"status": "affected",
"version": "52085d3f2028d853f8d6ce7ead2f8a504f6077fa",
"versionType": "git"
},
{
"lessThan": "0b325d993995a321f6ab4e6c51f0504ec092bf5b",
"status": "affected",
"version": "52085d3f2028d853f8d6ce7ead2f8a504f6077fa",
"versionType": "git"
},
{
"lessThan": "c83c34c57798fc41faefcf078be78683db2f4beb",
"status": "affected",
"version": "52085d3f2028d853f8d6ce7ead2f8a504f6077fa",
"versionType": "git"
},
{
"lessThan": "ec8401a429ffee34ccf38cebf3443f8d5ae6cb0d",
"status": "affected",
"version": "52085d3f2028d853f8d6ce7ead2f8a504f6077fa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-gic-v3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nWhen kcalloc fails, it missing of_node_put() and results in refcount\nleak. Fix this by goto out_put_node label."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:57.739Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/58e67c81e229351027d28c610638378606e33a08"
},
{
"url": "https://git.kernel.org/stable/c/7c9dd9d23f26dabcfb14148b9acdfba540418b19"
},
{
"url": "https://git.kernel.org/stable/c/0b325d993995a321f6ab4e6c51f0504ec092bf5b"
},
{
"url": "https://git.kernel.org/stable/c/c83c34c57798fc41faefcf078be78683db2f4beb"
},
{
"url": "https://git.kernel.org/stable/c/ec8401a429ffee34ccf38cebf3443f8d5ae6cb0d"
}
],
"title": "irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49716",
"datePublished": "2025-02-26T02:24:31.586Z",
"dateReserved": "2025-02-26T02:21:30.445Z",
"dateUpdated": "2025-10-01T19:36:44.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49490 (GCVE-0-2022-49490)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
mdp5_get_global_state runs the risk of hitting a -EDEADLK when acquiring
the modeset lock, but currently mdp5_pipe_release doesn't check for if
an error is returned. Because of this, there is a possibility of
mdp5_pipe_release hitting a NULL dereference error.
To avoid this, let's have mdp5_pipe_release check if
mdp5_get_global_state returns an error and propogate that error.
Changes since v1:
- Separated declaration and initialization of *new_state to avoid
compiler warning
- Fixed some spelling mistakes in commit message
Changes since v2:
- Return 0 in case where hwpipe is NULL as this is considered normal
behavior
- Added 2nd patch in series to fix a similar NULL dereference issue in
mdp5_mixer_release
Patchwork: https://patchwork.freedesktop.org/patch/485179/
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7907a0d77cb461f58045763c205a5830be72e97c Version: 7907a0d77cb461f58045763c205a5830be72e97c Version: 7907a0d77cb461f58045763c205a5830be72e97c Version: 7907a0d77cb461f58045763c205a5830be72e97c Version: 7907a0d77cb461f58045763c205a5830be72e97c Version: 7907a0d77cb461f58045763c205a5830be72e97c Version: 7907a0d77cb461f58045763c205a5830be72e97c |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c",
"drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h",
"drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "776f5c58bfe16cf322d71eeed3c5dda1eeac7e6b",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
},
{
"lessThan": "b2aa2c4efe93e2580d6a8774b04fe2b99756a322",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
},
{
"lessThan": "49dc28b4b2e28ef7564e355c91487996c1cbebd7",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
},
{
"lessThan": "04bef5f1ba8ea6d7c1c8f5f65e0395c62db59cb8",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
},
{
"lessThan": "19964dfb39bda4d7716a71009488f0668ecbcf52",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
},
{
"lessThan": "33dc5aac46e0fad8f5eb193e5906ed0eb6b66ceb",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
},
{
"lessThan": "d59be579fa932c46b908f37509f319cbd4ca9a68",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c",
"drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h",
"drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected\n\nmdp5_get_global_state runs the risk of hitting a -EDEADLK when acquiring\nthe modeset lock, but currently mdp5_pipe_release doesn\u0027t check for if\nan error is returned. Because of this, there is a possibility of\nmdp5_pipe_release hitting a NULL dereference error.\n\nTo avoid this, let\u0027s have mdp5_pipe_release check if\nmdp5_get_global_state returns an error and propogate that error.\n\nChanges since v1:\n- Separated declaration and initialization of *new_state to avoid\n compiler warning\n- Fixed some spelling mistakes in commit message\n\nChanges since v2:\n- Return 0 in case where hwpipe is NULL as this is considered normal\n behavior\n- Added 2nd patch in series to fix a similar NULL dereference issue in\n mdp5_mixer_release\n\nPatchwork: https://patchwork.freedesktop.org/patch/485179/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:01.705Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/776f5c58bfe16cf322d71eeed3c5dda1eeac7e6b"
},
{
"url": "https://git.kernel.org/stable/c/b2aa2c4efe93e2580d6a8774b04fe2b99756a322"
},
{
"url": "https://git.kernel.org/stable/c/49dc28b4b2e28ef7564e355c91487996c1cbebd7"
},
{
"url": "https://git.kernel.org/stable/c/04bef5f1ba8ea6d7c1c8f5f65e0395c62db59cb8"
},
{
"url": "https://git.kernel.org/stable/c/19964dfb39bda4d7716a71009488f0668ecbcf52"
},
{
"url": "https://git.kernel.org/stable/c/33dc5aac46e0fad8f5eb193e5906ed0eb6b66ceb"
},
{
"url": "https://git.kernel.org/stable/c/d59be579fa932c46b908f37509f319cbd4ca9a68"
}
],
"title": "drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49490",
"datePublished": "2025-02-26T02:13:27.529Z",
"dateReserved": "2025-02-26T02:08:31.585Z",
"dateUpdated": "2025-05-04T08:39:01.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49685 (GCVE-0-2022-49685)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: trigger: sysfs: fix use-after-free on remove
Ensure that the irq_work has completed before the trigger is freed.
==================================================================
BUG: KASAN: use-after-free in irq_work_run_list
Read of size 8 at addr 0000000064702248 by task python3/25
Call Trace:
irq_work_run_list
irq_work_tick
update_process_times
tick_sched_handle
tick_sched_timer
__hrtimer_run_queues
hrtimer_interrupt
Allocated by task 25:
kmem_cache_alloc_trace
iio_sysfs_trig_add
dev_attr_store
sysfs_kf_write
kernfs_fop_write_iter
new_sync_write
vfs_write
ksys_write
sys_write
Freed by task 25:
kfree
iio_sysfs_trig_remove
dev_attr_store
sysfs_kf_write
kernfs_fop_write_iter
new_sync_write
vfs_write
ksys_write
sys_write
==================================================================
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f38bc926d022ebd67baad6ac7fc22c95fbc6238c Version: f38bc926d022ebd67baad6ac7fc22c95fbc6238c Version: f38bc926d022ebd67baad6ac7fc22c95fbc6238c Version: f38bc926d022ebd67baad6ac7fc22c95fbc6238c Version: f38bc926d022ebd67baad6ac7fc22c95fbc6238c Version: f38bc926d022ebd67baad6ac7fc22c95fbc6238c Version: f38bc926d022ebd67baad6ac7fc22c95fbc6238c Version: f38bc926d022ebd67baad6ac7fc22c95fbc6238c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:15:09.914625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:31.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/trigger/iio-trig-sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d6111e7bdb8ec27eb43d01c4cd4ff1620a75f7f2",
"status": "affected",
"version": "f38bc926d022ebd67baad6ac7fc22c95fbc6238c",
"versionType": "git"
},
{
"lessThan": "fd5d8fb298a2866c337da635c79d63c3afabcaf7",
"status": "affected",
"version": "f38bc926d022ebd67baad6ac7fc22c95fbc6238c",
"versionType": "git"
},
{
"lessThan": "31ff3309b47d98313c61b8301bf595820cc3cc33",
"status": "affected",
"version": "f38bc926d022ebd67baad6ac7fc22c95fbc6238c",
"versionType": "git"
},
{
"lessThan": "5e39397d60dacc7f5d81d442c1c958eaaaf31128",
"status": "affected",
"version": "f38bc926d022ebd67baad6ac7fc22c95fbc6238c",
"versionType": "git"
},
{
"lessThan": "b07a30a774b3c3e584a68dc91779c68ea2da4813",
"status": "affected",
"version": "f38bc926d022ebd67baad6ac7fc22c95fbc6238c",
"versionType": "git"
},
{
"lessThan": "4687c3f955240ca2a576bdc3f742d4d915b6272d",
"status": "affected",
"version": "f38bc926d022ebd67baad6ac7fc22c95fbc6238c",
"versionType": "git"
},
{
"lessThan": "4ef1e521be610b720daeb7cf899fedc7db0274c4",
"status": "affected",
"version": "f38bc926d022ebd67baad6ac7fc22c95fbc6238c",
"versionType": "git"
},
{
"lessThan": "78601726d4a59a291acc5a52da1d3a0a6831e4e8",
"status": "affected",
"version": "f38bc926d022ebd67baad6ac7fc22c95fbc6238c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/trigger/iio-trig-sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.250",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.321",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.286",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.250",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.202",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: trigger: sysfs: fix use-after-free on remove\n\nEnsure that the irq_work has completed before the trigger is freed.\n\n ==================================================================\n BUG: KASAN: use-after-free in irq_work_run_list\n Read of size 8 at addr 0000000064702248 by task python3/25\n\n Call Trace:\n irq_work_run_list\n irq_work_tick\n update_process_times\n tick_sched_handle\n tick_sched_timer\n __hrtimer_run_queues\n hrtimer_interrupt\n\n Allocated by task 25:\n kmem_cache_alloc_trace\n iio_sysfs_trig_add\n dev_attr_store\n sysfs_kf_write\n kernfs_fop_write_iter\n new_sync_write\n vfs_write\n ksys_write\n sys_write\n\n Freed by task 25:\n kfree\n iio_sysfs_trig_remove\n dev_attr_store\n sysfs_kf_write\n kernfs_fop_write_iter\n new_sync_write\n vfs_write\n ksys_write\n sys_write\n\n =================================================================="
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:17.291Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d6111e7bdb8ec27eb43d01c4cd4ff1620a75f7f2"
},
{
"url": "https://git.kernel.org/stable/c/fd5d8fb298a2866c337da635c79d63c3afabcaf7"
},
{
"url": "https://git.kernel.org/stable/c/31ff3309b47d98313c61b8301bf595820cc3cc33"
},
{
"url": "https://git.kernel.org/stable/c/5e39397d60dacc7f5d81d442c1c958eaaaf31128"
},
{
"url": "https://git.kernel.org/stable/c/b07a30a774b3c3e584a68dc91779c68ea2da4813"
},
{
"url": "https://git.kernel.org/stable/c/4687c3f955240ca2a576bdc3f742d4d915b6272d"
},
{
"url": "https://git.kernel.org/stable/c/4ef1e521be610b720daeb7cf899fedc7db0274c4"
},
{
"url": "https://git.kernel.org/stable/c/78601726d4a59a291acc5a52da1d3a0a6831e4e8"
}
],
"title": "iio: trigger: sysfs: fix use-after-free on remove",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49685",
"datePublished": "2025-02-26T02:24:12.143Z",
"dateReserved": "2025-02-26T02:21:30.441Z",
"dateUpdated": "2025-05-04T08:43:17.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49451 (GCVE-0-2022-49451)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Fix list protocols enumeration in the base protocol
While enumerating protocols implemented by the SCMI platform using
BASE_DISCOVER_LIST_PROTOCOLS, the number of returned protocols is
currently validated in an improper way since the check employs a sum
between unsigned integers that could overflow and cause the check itself
to be silently bypassed if the returned value 'loop_num_ret' is big
enough.
Fix the validation avoiding the addition.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b6f20ff8bd94ad34032804a60bab5ee56752007e Version: b6f20ff8bd94ad34032804a60bab5ee56752007e Version: b6f20ff8bd94ad34032804a60bab5ee56752007e Version: b6f20ff8bd94ad34032804a60bab5ee56752007e Version: b6f20ff8bd94ad34032804a60bab5ee56752007e Version: b6f20ff8bd94ad34032804a60bab5ee56752007e Version: b6f20ff8bd94ad34032804a60bab5ee56752007e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:40:29.513301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:48.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/arm_scmi/base.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "444a2d27fe9867d0da4b28fc45b793f32e099ab8",
"status": "affected",
"version": "b6f20ff8bd94ad34032804a60bab5ee56752007e",
"versionType": "git"
},
{
"lessThan": "b0e4bafac8963c2d85ee18d3d01f393735acceec",
"status": "affected",
"version": "b6f20ff8bd94ad34032804a60bab5ee56752007e",
"versionType": "git"
},
{
"lessThan": "1052f22e127d0c34c3387bb389424ba1c61491ff",
"status": "affected",
"version": "b6f20ff8bd94ad34032804a60bab5ee56752007e",
"versionType": "git"
},
{
"lessThan": "98342148a8cd242855d7e257f298c966c96dba9f",
"status": "affected",
"version": "b6f20ff8bd94ad34032804a60bab5ee56752007e",
"versionType": "git"
},
{
"lessThan": "6e7978695f4a6cbd83616b5a702b77fa2087b247",
"status": "affected",
"version": "b6f20ff8bd94ad34032804a60bab5ee56752007e",
"versionType": "git"
},
{
"lessThan": "2ccfcd7a09c826516edcfe464b05071961aada3f",
"status": "affected",
"version": "b6f20ff8bd94ad34032804a60bab5ee56752007e",
"versionType": "git"
},
{
"lessThan": "8009120e0354a67068e920eb10dce532391361d0",
"status": "affected",
"version": "b6f20ff8bd94ad34032804a60bab5ee56752007e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/arm_scmi/base.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix list protocols enumeration in the base protocol\n\nWhile enumerating protocols implemented by the SCMI platform using\nBASE_DISCOVER_LIST_PROTOCOLS, the number of returned protocols is\ncurrently validated in an improper way since the check employs a sum\nbetween unsigned integers that could overflow and cause the check itself\nto be silently bypassed if the returned value \u0027loop_num_ret\u0027 is big\nenough.\n\nFix the validation avoiding the addition."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:01.468Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/444a2d27fe9867d0da4b28fc45b793f32e099ab8"
},
{
"url": "https://git.kernel.org/stable/c/b0e4bafac8963c2d85ee18d3d01f393735acceec"
},
{
"url": "https://git.kernel.org/stable/c/1052f22e127d0c34c3387bb389424ba1c61491ff"
},
{
"url": "https://git.kernel.org/stable/c/98342148a8cd242855d7e257f298c966c96dba9f"
},
{
"url": "https://git.kernel.org/stable/c/6e7978695f4a6cbd83616b5a702b77fa2087b247"
},
{
"url": "https://git.kernel.org/stable/c/2ccfcd7a09c826516edcfe464b05071961aada3f"
},
{
"url": "https://git.kernel.org/stable/c/8009120e0354a67068e920eb10dce532391361d0"
}
],
"title": "firmware: arm_scmi: Fix list protocols enumeration in the base protocol",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49451",
"datePublished": "2025-02-26T02:13:01.077Z",
"dateReserved": "2025-02-26T02:08:31.572Z",
"dateUpdated": "2025-10-01T19:46:48.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49527 (GCVE-0-2022-49527)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: venus: hfi: avoid null dereference in deinit
If venus_probe fails at pm_runtime_put_sync the error handling first
calls hfi_destroy and afterwards hfi_core_deinit. As hfi_destroy sets
core->ops to NULL, hfi_core_deinit cannot call the core_deinit function
anymore.
Avoid this null pointer derefence by skipping the call when necessary.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 09c2845e8fe4fcab942929480203f504a6e0a114 Version: 09c2845e8fe4fcab942929480203f504a6e0a114 Version: 09c2845e8fe4fcab942929480203f504a6e0a114 Version: 09c2845e8fe4fcab942929480203f504a6e0a114 Version: 09c2845e8fe4fcab942929480203f504a6e0a114 Version: 09c2845e8fe4fcab942929480203f504a6e0a114 Version: 09c2845e8fe4fcab942929480203f504a6e0a114 Version: 09c2845e8fe4fcab942929480203f504a6e0a114 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:38:05.634392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:41.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/qcom/venus/hfi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2533acb652359c9e097dfa33587896af782e8a91",
"status": "affected",
"version": "09c2845e8fe4fcab942929480203f504a6e0a114",
"versionType": "git"
},
{
"lessThan": "a21d15dde21d7e8ae047eb8368677407db45d840",
"status": "affected",
"version": "09c2845e8fe4fcab942929480203f504a6e0a114",
"versionType": "git"
},
{
"lessThan": "0ac84ab50712879eac3c1dd2598440652a85d3d0",
"status": "affected",
"version": "09c2845e8fe4fcab942929480203f504a6e0a114",
"versionType": "git"
},
{
"lessThan": "27ad46da44177a78a4a0cae6fe03906888c61aa1",
"status": "affected",
"version": "09c2845e8fe4fcab942929480203f504a6e0a114",
"versionType": "git"
},
{
"lessThan": "9c385b961d4c378228e80f6abea8509cb67feab6",
"status": "affected",
"version": "09c2845e8fe4fcab942929480203f504a6e0a114",
"versionType": "git"
},
{
"lessThan": "0ed5a643b1a4a46b9b7bfba5d468c10cc30e1359",
"status": "affected",
"version": "09c2845e8fe4fcab942929480203f504a6e0a114",
"versionType": "git"
},
{
"lessThan": "b73ed0510bb8d9647cd8e8a4c4c8772bbe545c3a",
"status": "affected",
"version": "09c2845e8fe4fcab942929480203f504a6e0a114",
"versionType": "git"
},
{
"lessThan": "86594f6af867b5165d2ba7b5a71fae3a5961e56c",
"status": "affected",
"version": "09c2845e8fe4fcab942929480203f504a6e0a114",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/qcom/venus/hfi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: hfi: avoid null dereference in deinit\n\nIf venus_probe fails at pm_runtime_put_sync the error handling first\ncalls hfi_destroy and afterwards hfi_core_deinit. As hfi_destroy sets\ncore-\u003eops to NULL, hfi_core_deinit cannot call the core_deinit function\nanymore.\n\nAvoid this null pointer derefence by skipping the call when necessary."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:51.025Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2533acb652359c9e097dfa33587896af782e8a91"
},
{
"url": "https://git.kernel.org/stable/c/a21d15dde21d7e8ae047eb8368677407db45d840"
},
{
"url": "https://git.kernel.org/stable/c/0ac84ab50712879eac3c1dd2598440652a85d3d0"
},
{
"url": "https://git.kernel.org/stable/c/27ad46da44177a78a4a0cae6fe03906888c61aa1"
},
{
"url": "https://git.kernel.org/stable/c/9c385b961d4c378228e80f6abea8509cb67feab6"
},
{
"url": "https://git.kernel.org/stable/c/0ed5a643b1a4a46b9b7bfba5d468c10cc30e1359"
},
{
"url": "https://git.kernel.org/stable/c/b73ed0510bb8d9647cd8e8a4c4c8772bbe545c3a"
},
{
"url": "https://git.kernel.org/stable/c/86594f6af867b5165d2ba7b5a71fae3a5961e56c"
}
],
"title": "media: venus: hfi: avoid null dereference in deinit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49527",
"datePublished": "2025-02-26T02:13:49.627Z",
"dateReserved": "2025-02-26T02:08:31.588Z",
"dateUpdated": "2025-10-01T19:46:41.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56658 (GCVE-0-2024-56658)
Vulnerability from cvelistv5
Published
2024-12-27 15:06
Modified
2025-11-03 20:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: defer final 'struct net' free in netns dismantle
Ilya reported a slab-use-after-free in dst_destroy [1]
Issue is in xfrm6_net_init() and xfrm4_net_init() :
They copy xfrm[46]_dst_ops_template into net->xfrm.xfrm[46]_dst_ops.
But net structure might be freed before all the dst callbacks are
called. So when dst_destroy() calls later :
if (dst->ops->destroy)
dst->ops->destroy(dst);
dst->ops points to the old net->xfrm.xfrm[46]_dst_ops, which has been freed.
See a relevant issue fixed in :
ac888d58869b ("net: do not delay dst_entries_add() in dst_release()")
A fix is to queue the 'struct net' to be freed after one
another cleanup_net() round (and existing rcu_barrier())
[1]
BUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)
Read of size 8 at addr ffff8882137ccab0 by task swapper/37/0
Dec 03 05:46:18 kernel:
CPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67
Hardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014
Call Trace:
<IRQ>
dump_stack_lvl (lib/dump_stack.c:124)
print_address_description.constprop.0 (mm/kasan/report.c:378)
? dst_destroy (net/core/dst.c:112)
print_report (mm/kasan/report.c:489)
? dst_destroy (net/core/dst.c:112)
? kasan_addr_to_slab (mm/kasan/common.c:37)
kasan_report (mm/kasan/report.c:603)
? dst_destroy (net/core/dst.c:112)
? rcu_do_batch (kernel/rcu/tree.c:2567)
dst_destroy (net/core/dst.c:112)
rcu_do_batch (kernel/rcu/tree.c:2567)
? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)
? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)
rcu_core (kernel/rcu/tree.c:2825)
handle_softirqs (kernel/softirq.c:554)
__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)
irq_exit_rcu (kernel/softirq.c:651)
sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)
RIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)
Code: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90
RSP: 0018:ffff888100d2fe00 EFLAGS: 00000246
RAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d
R10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000
R13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000
? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)
? cpuidle_idle_call (kernel/sched/idle.c:186)
default_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)
cpuidle_idle_call (kernel/sched/idle.c:186)
? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)
? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)
? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)
? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)
do_idle (kernel/sched/idle.c:326)
cpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))
start_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)
? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)
? soft_restart_cpu (arch/x86/kernel/head_64.S:452)
common_startup_64 (arch/x86/kernel/head_64.S:414)
</TASK>
Dec 03 05:46:18 kernel:
Allocated by task 12184:
kasan_save_stack (mm/kasan/common.c:48)
kasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)
__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)
kmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)
copy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)
create_new_namespaces
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8 Version: a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8 Version: a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8 Version: a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8 Version: a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8 Version: a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8 Version: 3e29fa5b742479f73400468314a1c6b9cf553ee4 Version: ce43f6a650a6689551a217276fb0dcca33790425 Version: eeca98948d8c4922e6deb16bfc9ee0bd9902dbb0 Version: 1bd631fc9a4515878c1bb7effd19335d2f2d87c2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-56658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T16:07:39.771240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T16:14:32.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:51:59.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/net_namespace.h",
"net/core/net_namespace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c261dcd61c9e88a8f1a66654354d32295a975230",
"status": "affected",
"version": "a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8",
"versionType": "git"
},
{
"lessThan": "dac465986a4a38cd2f13e934f562b6ca344e5720",
"status": "affected",
"version": "a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8",
"versionType": "git"
},
{
"lessThan": "3267b254dc0a04dfa362a2be24573cfa6d2d78f5",
"status": "affected",
"version": "a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8",
"versionType": "git"
},
{
"lessThan": "b7a79e51297f7b82adb687086f5cb2da446f1e40",
"status": "affected",
"version": "a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8",
"versionType": "git"
},
{
"lessThan": "6610c7f8a8d47fd1123eed55ba8c11c2444d8842",
"status": "affected",
"version": "a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8",
"versionType": "git"
},
{
"lessThan": "0f6ede9fbc747e2553612271bce108f7517e7a45",
"status": "affected",
"version": "a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8",
"versionType": "git"
},
{
"status": "affected",
"version": "3e29fa5b742479f73400468314a1c6b9cf553ee4",
"versionType": "git"
},
{
"status": "affected",
"version": "ce43f6a650a6689551a217276fb0dcca33790425",
"versionType": "git"
},
{
"status": "affected",
"version": "eeca98948d8c4922e6deb16bfc9ee0bd9902dbb0",
"versionType": "git"
},
{
"status": "affected",
"version": "1bd631fc9a4515878c1bb7effd19335d2f2d87c2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/net_namespace.h",
"net/core/net_namespace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.121",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.67",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.6",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T13:01:04.087Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c261dcd61c9e88a8f1a66654354d32295a975230"
},
{
"url": "https://git.kernel.org/stable/c/dac465986a4a38cd2f13e934f562b6ca344e5720"
},
{
"url": "https://git.kernel.org/stable/c/3267b254dc0a04dfa362a2be24573cfa6d2d78f5"
},
{
"url": "https://git.kernel.org/stable/c/b7a79e51297f7b82adb687086f5cb2da446f1e40"
},
{
"url": "https://git.kernel.org/stable/c/6610c7f8a8d47fd1123eed55ba8c11c2444d8842"
},
{
"url": "https://git.kernel.org/stable/c/0f6ede9fbc747e2553612271bce108f7517e7a45"
}
],
"title": "net: defer final \u0027struct net\u0027 free in netns dismantle",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-56658",
"datePublished": "2024-12-27T15:06:21.516Z",
"dateReserved": "2024-12-27T15:00:39.841Z",
"dateUpdated": "2025-11-03T20:51:59.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0995 (GCVE-0-2022-0995)
Vulnerability from cvelistv5
Published
2022-03-25 18:03
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063786"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.17 rc8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds (OOB) memory write flaw was found in the Linux kernel\u2019s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-29T13:07:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063786"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.17 rc8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds (OOB) memory write flaw was found in the Linux kernel\u2019s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2063786",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063786"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb"
},
{
"name": "http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html"
},
{
"name": "http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220429-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220429-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0995",
"datePublished": "2022-03-25T18:03:08",
"dateReserved": "2022-03-16T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49332 (GCVE-0-2022-49332)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Address NULL pointer dereference after starget_to_rport()
Calls to starget_to_rport() may return NULL. Add check for NULL rport
before dereference.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:43:15.634513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:55.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_scsi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "68fcff1127e4995ddbd4b6861892a25c23db3f70",
"status": "affected",
"version": "bb21fc9911eea92afd476f7e64b327716e042a25",
"versionType": "git"
},
{
"lessThan": "6f808bd78e8296b4ded813b7182988d57e1f6176",
"status": "affected",
"version": "bb21fc9911eea92afd476f7e64b327716e042a25",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_scsi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Address NULL pointer dereference after starget_to_rport()\n\nCalls to starget_to_rport() may return NULL. Add check for NULL rport\nbefore dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:23.474Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/68fcff1127e4995ddbd4b6861892a25c23db3f70"
},
{
"url": "https://git.kernel.org/stable/c/6f808bd78e8296b4ded813b7182988d57e1f6176"
}
],
"title": "scsi: lpfc: Address NULL pointer dereference after starget_to_rport()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49332",
"datePublished": "2025-02-26T02:10:51.612Z",
"dateReserved": "2025-02-26T02:08:31.539Z",
"dateUpdated": "2025-10-01T19:46:55.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49433 (GCVE-0-2022-49433)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hfi1: Prevent use of lock before it is initialized
If there is a failure during probe of hfi1 before the sdma_map_lock is
initialized, the call to hfi1_free_devdata() will attempt to use a lock
that has not been initialized. If the locking correctness validator is on
then an INFO message and stack trace resembling the following may be seen:
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Call Trace:
register_lock_class+0x11b/0x880
__lock_acquire+0xf3/0x7930
lock_acquire+0xff/0x2d0
_raw_spin_lock_irq+0x46/0x60
sdma_clean+0x42a/0x660 [hfi1]
hfi1_free_devdata+0x3a7/0x420 [hfi1]
init_one+0x867/0x11a0 [hfi1]
pci_device_probe+0x40e/0x8d0
The use of sdma_map_lock in sdma_clean() is for freeing the sdma_map
memory, and sdma_map is not allocated/initialized until after
sdma_map_lock has been initialized. This code only needs to be run if
sdma_map is not NULL, and so checking for that condition will avoid trying
to use the lock before it is initialized.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/sdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "66090815a24ce14cf51ef5453fc0218fe8a39bc2",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "addb192000d8819c0b1553453994df9bb54c28db",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "fc0750e659db7b315bf6348902cc8ca3cdd4b8d8",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "ca55150bff5817af4f857a746ecab9862c23e12a",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "30eb275e7ed588270ae159cc590a96658e0cfd8f",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "288d198f50434f29b4a26a9de4394ae2305ad8af",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "05c03dfd09c069c4ffd783b47b2da5dcc9421f2c",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/sdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Prevent use of lock before it is initialized\n\nIf there is a failure during probe of hfi1 before the sdma_map_lock is\ninitialized, the call to hfi1_free_devdata() will attempt to use a lock\nthat has not been initialized. If the locking correctness validator is on\nthen an INFO message and stack trace resembling the following may be seen:\n\n INFO: trying to register non-static key.\n The code is fine but needs lockdep annotation, or maybe\n you didn\u0027t initialize this object before use?\n turning off the locking correctness validator.\n Call Trace:\n register_lock_class+0x11b/0x880\n __lock_acquire+0xf3/0x7930\n lock_acquire+0xff/0x2d0\n _raw_spin_lock_irq+0x46/0x60\n sdma_clean+0x42a/0x660 [hfi1]\n hfi1_free_devdata+0x3a7/0x420 [hfi1]\n init_one+0x867/0x11a0 [hfi1]\n pci_device_probe+0x40e/0x8d0\n\nThe use of sdma_map_lock in sdma_clean() is for freeing the sdma_map\nmemory, and sdma_map is not allocated/initialized until after\nsdma_map_lock has been initialized. This code only needs to be run if\nsdma_map is not NULL, and so checking for that condition will avoid trying\nto use the lock before it is initialized."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:33.881Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/66090815a24ce14cf51ef5453fc0218fe8a39bc2"
},
{
"url": "https://git.kernel.org/stable/c/addb192000d8819c0b1553453994df9bb54c28db"
},
{
"url": "https://git.kernel.org/stable/c/fc0750e659db7b315bf6348902cc8ca3cdd4b8d8"
},
{
"url": "https://git.kernel.org/stable/c/ca55150bff5817af4f857a746ecab9862c23e12a"
},
{
"url": "https://git.kernel.org/stable/c/30eb275e7ed588270ae159cc590a96658e0cfd8f"
},
{
"url": "https://git.kernel.org/stable/c/288d198f50434f29b4a26a9de4394ae2305ad8af"
},
{
"url": "https://git.kernel.org/stable/c/05c03dfd09c069c4ffd783b47b2da5dcc9421f2c"
}
],
"title": "RDMA/hfi1: Prevent use of lock before it is initialized",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49433",
"datePublished": "2025-02-26T02:12:50.553Z",
"dateReserved": "2025-02-26T02:08:31.570Z",
"dateUpdated": "2025-05-04T08:37:33.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49160 (GCVE-0-2022-49160)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix crash during module load unload test
During purex packet handling the driver was incorrectly freeing a
pre-allocated structure. Fix this by skipping that entry.
System crashed with the following stack during a module unload test.
Call Trace:
sbitmap_init_node+0x7f/0x1e0
sbitmap_queue_init_node+0x24/0x150
blk_mq_init_bitmaps+0x3d/0xa0
blk_mq_init_tags+0x68/0x90
blk_mq_alloc_map_and_rqs+0x44/0x120
blk_mq_alloc_set_map_and_rqs+0x63/0x150
blk_mq_alloc_tag_set+0x11b/0x230
scsi_add_host_with_dma.cold+0x3f/0x245
qla2x00_probe_one+0xd5a/0x1b80 [qla2xxx]
Call Trace with slub_debug and debug kernel:
kasan_report_invalid_free+0x50/0x80
__kasan_slab_free+0x137/0x150
slab_free_freelist_hook+0xc6/0x190
kfree+0xe8/0x2e0
qla2x00_free_device+0x3bb/0x5d0 [qla2xxx]
qla2x00_remove_one+0x668/0xcf0 [qla2xxx]
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9b7eb92dac240ab3bc83e188d83a3df834b41eb2",
"status": "affected",
"version": "62e9dd177732843ae6c5b9d2ed61e7c9538fa276",
"versionType": "git"
},
{
"lessThan": "213e57b42537f1a2e5395caa9d7189854133ed12",
"status": "affected",
"version": "62e9dd177732843ae6c5b9d2ed61e7c9538fa276",
"versionType": "git"
},
{
"lessThan": "67f744f73eba870ab96411d0310e831a4adc3713",
"status": "affected",
"version": "62e9dd177732843ae6c5b9d2ed61e7c9538fa276",
"versionType": "git"
},
{
"lessThan": "0972252450f90db56dd5415a20e2aec21a08d036",
"status": "affected",
"version": "62e9dd177732843ae6c5b9d2ed61e7c9538fa276",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix crash during module load unload test\n\nDuring purex packet handling the driver was incorrectly freeing a\npre-allocated structure. Fix this by skipping that entry.\n\nSystem crashed with the following stack during a module unload test.\n\nCall Trace:\n\tsbitmap_init_node+0x7f/0x1e0\n\tsbitmap_queue_init_node+0x24/0x150\n\tblk_mq_init_bitmaps+0x3d/0xa0\n\tblk_mq_init_tags+0x68/0x90\n\tblk_mq_alloc_map_and_rqs+0x44/0x120\n\tblk_mq_alloc_set_map_and_rqs+0x63/0x150\n\tblk_mq_alloc_tag_set+0x11b/0x230\n\tscsi_add_host_with_dma.cold+0x3f/0x245\n\tqla2x00_probe_one+0xd5a/0x1b80 [qla2xxx]\n\nCall Trace with slub_debug and debug kernel:\n\tkasan_report_invalid_free+0x50/0x80\n\t__kasan_slab_free+0x137/0x150\n\tslab_free_freelist_hook+0xc6/0x190\n\tkfree+0xe8/0x2e0\n\tqla2x00_free_device+0x3bb/0x5d0 [qla2xxx]\n\tqla2x00_remove_one+0x668/0xcf0 [qla2xxx]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:16.690Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9b7eb92dac240ab3bc83e188d83a3df834b41eb2"
},
{
"url": "https://git.kernel.org/stable/c/213e57b42537f1a2e5395caa9d7189854133ed12"
},
{
"url": "https://git.kernel.org/stable/c/67f744f73eba870ab96411d0310e831a4adc3713"
},
{
"url": "https://git.kernel.org/stable/c/0972252450f90db56dd5415a20e2aec21a08d036"
}
],
"title": "scsi: qla2xxx: Fix crash during module load unload test",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49160",
"datePublished": "2025-02-26T01:55:22.562Z",
"dateReserved": "2025-02-26T01:49:39.276Z",
"dateUpdated": "2025-05-04T08:31:16.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49122 (GCVE-0-2022-49122)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm ioctl: prevent potential spectre v1 gadget
It appears like cmd could be a Spectre v1 gadget as it's supplied by a
user and used as an array index. Prevent the contents of kernel memory
from being leaked to userspace via speculative execution by using
array_index_nospec.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "76c94651005f58885facf9c973007f5ea01ab01f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "58880025e3362024f6d8ea01cb0c7a5df6c84ba6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7ae2c5b89da3cfaf856df880af27d3bb32a74b3d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0320bac5801b31407200227173205d017488f140",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "71c8df33fd777c7628f6fbc09b14e84806c55914",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "02cc46f397eb3691c56affbd5073e54f7a82ac32",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "44e6cb3ab177faae840bb2c1ebda9a2539876184",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dd86064417de828ff2102ddc6049c829bf7585b4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cd9c88da171a62c4b0f1c70e50c75845969fbc18",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm ioctl: prevent potential spectre v1 gadget\n\nIt appears like cmd could be a Spectre v1 gadget as it\u0027s supplied by a\nuser and used as an array index. Prevent the contents of kernel memory\nfrom being leaked to userspace via speculative execution by using\narray_index_nospec."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:21.824Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/76c94651005f58885facf9c973007f5ea01ab01f"
},
{
"url": "https://git.kernel.org/stable/c/58880025e3362024f6d8ea01cb0c7a5df6c84ba6"
},
{
"url": "https://git.kernel.org/stable/c/7ae2c5b89da3cfaf856df880af27d3bb32a74b3d"
},
{
"url": "https://git.kernel.org/stable/c/0320bac5801b31407200227173205d017488f140"
},
{
"url": "https://git.kernel.org/stable/c/71c8df33fd777c7628f6fbc09b14e84806c55914"
},
{
"url": "https://git.kernel.org/stable/c/02cc46f397eb3691c56affbd5073e54f7a82ac32"
},
{
"url": "https://git.kernel.org/stable/c/44e6cb3ab177faae840bb2c1ebda9a2539876184"
},
{
"url": "https://git.kernel.org/stable/c/dd86064417de828ff2102ddc6049c829bf7585b4"
},
{
"url": "https://git.kernel.org/stable/c/cd9c88da171a62c4b0f1c70e50c75845969fbc18"
}
],
"title": "dm ioctl: prevent potential spectre v1 gadget",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49122",
"datePublished": "2025-02-26T01:55:02.161Z",
"dateReserved": "2025-02-26T01:49:39.264Z",
"dateUpdated": "2025-05-04T08:30:21.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49251 (GCVE-0-2022-49251)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: va-macro: fix accessing array out of bounds for enum type
Accessing enums using integer would result in array out of bounds access
on platforms like aarch64 where sizeof(long) is 8 compared to enum size
which is 4 bytes.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/lpass-va-macro.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "966408e37d84b762d11978b7bfb03fff0c6222ad",
"status": "affected",
"version": "908e6b1df26efc9d2df70c9a7bf4f5eae5c5702f",
"versionType": "git"
},
{
"lessThan": "4a799972a283ab4ec031041304d7e2d34e1a16eb",
"status": "affected",
"version": "908e6b1df26efc9d2df70c9a7bf4f5eae5c5702f",
"versionType": "git"
},
{
"lessThan": "c0099bbf8bc85d30c4cf38220fca3c8d4253fa7f",
"status": "affected",
"version": "908e6b1df26efc9d2df70c9a7bf4f5eae5c5702f",
"versionType": "git"
},
{
"lessThan": "0ea5eff7c6063a8f124188424f8e4c6727f35051",
"status": "affected",
"version": "908e6b1df26efc9d2df70c9a7bf4f5eae5c5702f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/lpass-va-macro.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: va-macro: fix accessing array out of bounds for enum type\n\nAccessing enums using integer would result in array out of bounds access\non platforms like aarch64 where sizeof(long) is 8 compared to enum size\nwhich is 4 bytes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:22.619Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/966408e37d84b762d11978b7bfb03fff0c6222ad"
},
{
"url": "https://git.kernel.org/stable/c/4a799972a283ab4ec031041304d7e2d34e1a16eb"
},
{
"url": "https://git.kernel.org/stable/c/c0099bbf8bc85d30c4cf38220fca3c8d4253fa7f"
},
{
"url": "https://git.kernel.org/stable/c/0ea5eff7c6063a8f124188424f8e4c6727f35051"
}
],
"title": "ASoC: codecs: va-macro: fix accessing array out of bounds for enum type",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49251",
"datePublished": "2025-02-26T01:56:08.180Z",
"dateReserved": "2025-02-26T01:49:39.295Z",
"dateUpdated": "2025-05-04T08:33:22.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49326 (GCVE-0-2022-49326)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rtl818x: Prevent using not initialized queues
Using not existing queues can panic the kernel with rtl8180/rtl8185 cards.
Ignore the skb priority for those cards, they only have one tx queue. Pierre
Asselin (pa@panix.com) reported the kernel crash in the Gentoo forum:
https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html
He also confirmed that this patch fixes the issue. In summary this happened:
After updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a
"divide error: 0000" when connecting to an AP. Control port tx now tries to
use IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in
2.10.
Since only the rtl8187se part of the driver supports QoS, the priority
of the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185
cards.
rtl8180 is then unconditionally reading out the priority and finally crashes on
drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this
patch:
idx = (ring->idx + skb_queue_len(&ring->queue)) % ring->entries
"ring->entries" is zero for rtl8180/rtl8185 cards, tx_ring[2] never got
initialized.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:43:30.625103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:56.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b5dca2cd3f0239512da808598b4e70557eb4c2a1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d7e30dfc166d33470bba31a42f9bbc346e5409d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9d5e96cc1f1720019ce27b127a31695148d38bb0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b8ce58ab80faaea015c206382041ff3bcf5495ff",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "769ec2a824deae2f1268dfda14999a4d14d0d0c5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6ad81ad0cf5744738ce94c8e64051ddd80a1734c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9ad1981fc4de3afb7db3e8eb5a6a52d4c7d0d577",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "98e55b0b876bde3353f4e074883d66ecb55c65a3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "746285cf81dc19502ab238249d75f5990bd2d231",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtl818x: Prevent using not initialized queues\n\nUsing not existing queues can panic the kernel with rtl8180/rtl8185 cards.\nIgnore the skb priority for those cards, they only have one tx queue. Pierre\nAsselin (pa@panix.com) reported the kernel crash in the Gentoo forum:\n\nhttps://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html\n\nHe also confirmed that this patch fixes the issue. In summary this happened:\n\nAfter updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a\n\"divide error: 0000\" when connecting to an AP. Control port tx now tries to\nuse IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in\n2.10.\n\nSince only the rtl8187se part of the driver supports QoS, the priority\nof the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185\ncards.\n\nrtl8180 is then unconditionally reading out the priority and finally crashes on\ndrivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this\npatch:\n\tidx = (ring-\u003eidx + skb_queue_len(\u0026ring-\u003equeue)) % ring-\u003eentries\n\n\"ring-\u003eentries\" is zero for rtl8180/rtl8185 cards, tx_ring[2] never got\ninitialized."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:15.508Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b5dca2cd3f0239512da808598b4e70557eb4c2a1"
},
{
"url": "https://git.kernel.org/stable/c/d7e30dfc166d33470bba31a42f9bbc346e5409d5"
},
{
"url": "https://git.kernel.org/stable/c/9d5e96cc1f1720019ce27b127a31695148d38bb0"
},
{
"url": "https://git.kernel.org/stable/c/b8ce58ab80faaea015c206382041ff3bcf5495ff"
},
{
"url": "https://git.kernel.org/stable/c/769ec2a824deae2f1268dfda14999a4d14d0d0c5"
},
{
"url": "https://git.kernel.org/stable/c/6ad81ad0cf5744738ce94c8e64051ddd80a1734c"
},
{
"url": "https://git.kernel.org/stable/c/9ad1981fc4de3afb7db3e8eb5a6a52d4c7d0d577"
},
{
"url": "https://git.kernel.org/stable/c/98e55b0b876bde3353f4e074883d66ecb55c65a3"
},
{
"url": "https://git.kernel.org/stable/c/746285cf81dc19502ab238249d75f5990bd2d231"
}
],
"title": "rtl818x: Prevent using not initialized queues",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49326",
"datePublished": "2025-02-26T02:10:48.630Z",
"dateReserved": "2025-02-26T02:08:31.538Z",
"dateUpdated": "2025-10-01T19:46:56.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49699 (GCVE-0-2022-49699)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
filemap: Handle sibling entries in filemap_get_read_batch()
If a read races with an invalidation followed by another read, it is
possible for a folio to be replaced with a higher-order folio. If that
happens, we'll see a sibling entry for the new folio in the next iteration
of the loop. This manifests as a NULL pointer dereference while holding
the RCU read lock.
Handle this by simply returning. The next call will find the new folio
and handle it correctly. The other ways of handling this rare race are
more complex and it's just not worth it.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/filemap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a66f131d30e53000f08301776bf85c912ef47aad",
"status": "affected",
"version": "cbd59c48ae2bcadc4a7599c29cf32fd3f9b78251",
"versionType": "git"
},
{
"lessThan": "cb995f4eeba9d268fd4b56c2423ad6c1d1ea1b82",
"status": "affected",
"version": "cbd59c48ae2bcadc4a7599c29cf32fd3f9b78251",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/filemap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: Handle sibling entries in filemap_get_read_batch()\n\nIf a read races with an invalidation followed by another read, it is\npossible for a folio to be replaced with a higher-order folio. If that\nhappens, we\u0027ll see a sibling entry for the new folio in the next iteration\nof the loop. This manifests as a NULL pointer dereference while holding\nthe RCU read lock.\n\nHandle this by simply returning. The next call will find the new folio\nand handle it correctly. The other ways of handling this rare race are\nmore complex and it\u0027s just not worth it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:31.832Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a66f131d30e53000f08301776bf85c912ef47aad"
},
{
"url": "https://git.kernel.org/stable/c/cb995f4eeba9d268fd4b56c2423ad6c1d1ea1b82"
}
],
"title": "filemap: Handle sibling entries in filemap_get_read_batch()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49699",
"datePublished": "2025-02-26T02:24:20.198Z",
"dateReserved": "2025-02-26T02:21:30.443Z",
"dateUpdated": "2025-05-04T08:43:31.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49673 (GCVE-0-2022-49673)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm raid: fix KASAN warning in raid5_add_disks
There's a KASAN warning in raid5_add_disk when running the LVM testsuite.
The warning happens in the test
lvconvert-raid-reshape-linear_to_raid6-single-type.sh. We fix the warning
by verifying that rdev->saved_raid_disk is within limits.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/raid5.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2d4e7c9898c20fb3d3f55381cab601761aab7d64",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2fb2928728038280bd925ce2aafb4997e9d47ee9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3553a69bb52be2deba61d0ca064c41aee842bb35",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f157bd9cf377a947fdb7035e69466b6ecdc17c17",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d8bca518d5272fe349e0a722fdb9e3acb661f3f0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d5b06039b195d4b6f94f5d345b1e4ac1975a9832",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "02cffb1921edadd9b6e4eee7ada4a5213e8ba12e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "617b365872a247480e9dcd50a32c8d1806b21861",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/raid5.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.251",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.204",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm raid: fix KASAN warning in raid5_add_disks\n\nThere\u0027s a KASAN warning in raid5_add_disk when running the LVM testsuite.\nThe warning happens in the test\nlvconvert-raid-reshape-linear_to_raid6-single-type.sh. We fix the warning\nby verifying that rdev-\u003esaved_raid_disk is within limits."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:02.339Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2d4e7c9898c20fb3d3f55381cab601761aab7d64"
},
{
"url": "https://git.kernel.org/stable/c/2fb2928728038280bd925ce2aafb4997e9d47ee9"
},
{
"url": "https://git.kernel.org/stable/c/3553a69bb52be2deba61d0ca064c41aee842bb35"
},
{
"url": "https://git.kernel.org/stable/c/f157bd9cf377a947fdb7035e69466b6ecdc17c17"
},
{
"url": "https://git.kernel.org/stable/c/d8bca518d5272fe349e0a722fdb9e3acb661f3f0"
},
{
"url": "https://git.kernel.org/stable/c/d5b06039b195d4b6f94f5d345b1e4ac1975a9832"
},
{
"url": "https://git.kernel.org/stable/c/02cffb1921edadd9b6e4eee7ada4a5213e8ba12e"
},
{
"url": "https://git.kernel.org/stable/c/617b365872a247480e9dcd50a32c8d1806b21861"
}
],
"title": "dm raid: fix KASAN warning in raid5_add_disks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49673",
"datePublished": "2025-02-26T02:24:05.945Z",
"dateReserved": "2025-02-26T02:21:30.437Z",
"dateUpdated": "2025-05-04T08:43:02.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47644 (GCVE-0-2021-47644)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: staging: media: zoran: move videodev alloc
Move some code out of zr36057_init() and create new functions for handling
zr->video_dev. This permit to ease code reading and fix a zr->video_dev
memory leak.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 61c3b19f7b9eb7c7838fd35f86566230fefd6550 Version: 61c3b19f7b9eb7c7838fd35f86566230fefd6550 Version: 61c3b19f7b9eb7c7838fd35f86566230fefd6550 Version: 61c3b19f7b9eb7c7838fd35f86566230fefd6550 Version: 61c3b19f7b9eb7c7838fd35f86566230fefd6550 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:36.427391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:07.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/media/zoran/zoran.h",
"drivers/staging/media/zoran/zoran_card.c",
"drivers/staging/media/zoran/zoran_driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8dce4b265a5357731058f69645840dabc718c687",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bd01629315ffd5b63da91d0bd529a77d30e55028",
"status": "affected",
"version": "61c3b19f7b9eb7c7838fd35f86566230fefd6550",
"versionType": "git"
},
{
"lessThan": "ff3357bffd9fb78f59762d8955afc7382a279079",
"status": "affected",
"version": "61c3b19f7b9eb7c7838fd35f86566230fefd6550",
"versionType": "git"
},
{
"lessThan": "c1ba65100a359fe28cfe37e09e10c99f247cbf1e",
"status": "affected",
"version": "61c3b19f7b9eb7c7838fd35f86566230fefd6550",
"versionType": "git"
},
{
"lessThan": "1e501ec38796f43e995731d1bcd4173cb1ccfce0",
"status": "affected",
"version": "61c3b19f7b9eb7c7838fd35f86566230fefd6550",
"versionType": "git"
},
{
"lessThan": "82e3a496eb56da0b9f29fdc5b63cedb3289e91de",
"status": "affected",
"version": "61c3b19f7b9eb7c7838fd35f86566230fefd6550",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/media/zoran/zoran.h",
"drivers/staging/media/zoran/zoran_card.c",
"drivers/staging/media/zoran/zoran_driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "5.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: staging: media: zoran: move videodev alloc\n\nMove some code out of zr36057_init() and create new functions for handling\nzr-\u003evideo_dev. This permit to ease code reading and fix a zr-\u003evideo_dev\nmemory leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T11:16:57.060Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8dce4b265a5357731058f69645840dabc718c687"
},
{
"url": "https://git.kernel.org/stable/c/bd01629315ffd5b63da91d0bd529a77d30e55028"
},
{
"url": "https://git.kernel.org/stable/c/ff3357bffd9fb78f59762d8955afc7382a279079"
},
{
"url": "https://git.kernel.org/stable/c/c1ba65100a359fe28cfe37e09e10c99f247cbf1e"
},
{
"url": "https://git.kernel.org/stable/c/1e501ec38796f43e995731d1bcd4173cb1ccfce0"
},
{
"url": "https://git.kernel.org/stable/c/82e3a496eb56da0b9f29fdc5b63cedb3289e91de"
}
],
"title": "media: staging: media: zoran: move videodev alloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47644",
"datePublished": "2025-02-26T01:54:14.179Z",
"dateReserved": "2025-02-26T01:48:21.519Z",
"dateUpdated": "2025-10-01T19:57:07.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49216 (GCVE-0-2022-49216)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
The reference taken by 'of_find_device_by_node()' must be released when
not needed anymore. Add put_device() call to fix this.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f Version: e94236cde4d519cdecd45e2435defba33abdc99f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:46:34.911172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:04.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/tegra/dsi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0e2f4e434e71dffd1085c3dccd676514bd71d316",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "5e8fdb6392d945d33fef959eab73f8c34bc0a63b",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "2d6ae8b747fe55f54de4a4441d636974aa53f56a",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "a725070701883fe62266ee6d2f31d67e6cdd31df",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "1e06710c43a090f14bb67714265a01cd1d7a37c5",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "852c1f5f3119a38ee68e319bab10277fc1ab06b7",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "cd78b74031cbc94133965f1017deb822657fc1a6",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "f3c99c686e098300c246e5e8a1474133e3dacb05",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
},
{
"lessThan": "221e3638feb8bc42143833c9a704fa89b6c366bb",
"status": "affected",
"version": "e94236cde4d519cdecd45e2435defba33abdc99f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/tegra/dsi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: Fix reference leak in tegra_dsi_ganged_probe\n\nThe reference taken by \u0027of_find_device_by_node()\u0027 must be released when\nnot needed anymore. Add put_device() call to fix this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:33.471Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0e2f4e434e71dffd1085c3dccd676514bd71d316"
},
{
"url": "https://git.kernel.org/stable/c/5e8fdb6392d945d33fef959eab73f8c34bc0a63b"
},
{
"url": "https://git.kernel.org/stable/c/2d6ae8b747fe55f54de4a4441d636974aa53f56a"
},
{
"url": "https://git.kernel.org/stable/c/a725070701883fe62266ee6d2f31d67e6cdd31df"
},
{
"url": "https://git.kernel.org/stable/c/1e06710c43a090f14bb67714265a01cd1d7a37c5"
},
{
"url": "https://git.kernel.org/stable/c/852c1f5f3119a38ee68e319bab10277fc1ab06b7"
},
{
"url": "https://git.kernel.org/stable/c/cd78b74031cbc94133965f1017deb822657fc1a6"
},
{
"url": "https://git.kernel.org/stable/c/f3c99c686e098300c246e5e8a1474133e3dacb05"
},
{
"url": "https://git.kernel.org/stable/c/221e3638feb8bc42143833c9a704fa89b6c366bb"
}
],
"title": "drm/tegra: Fix reference leak in tegra_dsi_ganged_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49216",
"datePublished": "2025-02-26T01:55:50.651Z",
"dateReserved": "2025-02-26T01:49:39.292Z",
"dateUpdated": "2025-10-01T19:47:04.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49678 (GCVE-0-2022-49678)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
In brcmstb_init_sram, it pass dn to of_address_to_resource(),
of_address_to_resource() will call of_find_device_by_node() to take
reference, so we should release the reference returned by
of_find_matching_node().
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0b741b8234c86065fb6954d32d427b3f7e14756f Version: 0b741b8234c86065fb6954d32d427b3f7e14756f Version: 0b741b8234c86065fb6954d32d427b3f7e14756f Version: 0b741b8234c86065fb6954d32d427b3f7e14756f Version: 0b741b8234c86065fb6954d32d427b3f7e14756f Version: 0b741b8234c86065fb6954d32d427b3f7e14756f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:09.025205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:46.972Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/bcm/brcmstb/pm/pm-arm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4f5877bdf7b593e988f1924f4c3df6523f80b39c",
"status": "affected",
"version": "0b741b8234c86065fb6954d32d427b3f7e14756f",
"versionType": "git"
},
{
"lessThan": "734a4d15142bb4c8ecad2d8ec70d7564e78ae34d",
"status": "affected",
"version": "0b741b8234c86065fb6954d32d427b3f7e14756f",
"versionType": "git"
},
{
"lessThan": "30bbfeb480ae8b5ee43199d72417b232590440c2",
"status": "affected",
"version": "0b741b8234c86065fb6954d32d427b3f7e14756f",
"versionType": "git"
},
{
"lessThan": "10ba9d499a9fd82ed40897e734ba19870a879407",
"status": "affected",
"version": "0b741b8234c86065fb6954d32d427b3f7e14756f",
"versionType": "git"
},
{
"lessThan": "dcafd5463d8f20c4f90ddc138a5738adb99f74c8",
"status": "affected",
"version": "0b741b8234c86065fb6954d32d427b3f7e14756f",
"versionType": "git"
},
{
"lessThan": "37d838de369b07b596c19ff3662bf0293fdb09ee",
"status": "affected",
"version": "0b741b8234c86065fb6954d32d427b3f7e14756f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/bcm/brcmstb/pm/pm-arm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.250",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.250",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.202",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\n\nIn brcmstb_init_sram, it pass dn to of_address_to_resource(),\nof_address_to_resource() will call of_find_device_by_node() to take\nreference, so we should release the reference returned by\nof_find_matching_node()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:08.661Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4f5877bdf7b593e988f1924f4c3df6523f80b39c"
},
{
"url": "https://git.kernel.org/stable/c/734a4d15142bb4c8ecad2d8ec70d7564e78ae34d"
},
{
"url": "https://git.kernel.org/stable/c/30bbfeb480ae8b5ee43199d72417b232590440c2"
},
{
"url": "https://git.kernel.org/stable/c/10ba9d499a9fd82ed40897e734ba19870a879407"
},
{
"url": "https://git.kernel.org/stable/c/dcafd5463d8f20c4f90ddc138a5738adb99f74c8"
},
{
"url": "https://git.kernel.org/stable/c/37d838de369b07b596c19ff3662bf0293fdb09ee"
}
],
"title": "soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49678",
"datePublished": "2025-02-26T02:24:08.833Z",
"dateReserved": "2025-02-26T02:21:30.438Z",
"dateUpdated": "2025-10-01T19:36:46.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49356 (GCVE-0-2022-49356)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Trap RDMA segment overflows
Prevent svc_rdma_build_writes() from walking off the end of a Write
chunk's segment array. Caught with KASAN.
The test that this fix replaces is invalid, and might have been left
over from an earlier prototype of the PCL work.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtrdma/svc_rdma_rw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ea26bf5eca1459b5a7824997d7823409ce38214e",
"status": "affected",
"version": "7a1cbfa18059a40d4752dab057384c3ca2de326c",
"versionType": "git"
},
{
"lessThan": "812c13521d4a72469c78ce06d8cdc8dc5b5557b5",
"status": "affected",
"version": "7a1cbfa18059a40d4752dab057384c3ca2de326c",
"versionType": "git"
},
{
"lessThan": "659f7568e09593945c221bf20217a82ebdfe1328",
"status": "affected",
"version": "7a1cbfa18059a40d4752dab057384c3ca2de326c",
"versionType": "git"
},
{
"lessThan": "f012e95b377c73c0283f009823c633104dedb337",
"status": "affected",
"version": "7a1cbfa18059a40d4752dab057384c3ca2de326c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtrdma/svc_rdma_rw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Trap RDMA segment overflows\n\nPrevent svc_rdma_build_writes() from walking off the end of a Write\nchunk\u0027s segment array. Caught with KASAN.\n\nThe test that this fix replaces is invalid, and might have been left\nover from an earlier prototype of the PCL work."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:56.828Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ea26bf5eca1459b5a7824997d7823409ce38214e"
},
{
"url": "https://git.kernel.org/stable/c/812c13521d4a72469c78ce06d8cdc8dc5b5557b5"
},
{
"url": "https://git.kernel.org/stable/c/659f7568e09593945c221bf20217a82ebdfe1328"
},
{
"url": "https://git.kernel.org/stable/c/f012e95b377c73c0283f009823c633104dedb337"
}
],
"title": "SUNRPC: Trap RDMA segment overflows",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49356",
"datePublished": "2025-02-26T02:11:06.430Z",
"dateReserved": "2025-02-26T02:08:31.545Z",
"dateUpdated": "2025-05-04T08:35:56.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49373 (GCVE-0-2022-49373)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() in some error paths.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bf9006399939762e6cd32445e848e56727df9d98 Version: bf9006399939762e6cd32445e848e56727df9d98 Version: bf9006399939762e6cd32445e848e56727df9d98 Version: bf9006399939762e6cd32445e848e56727df9d98 Version: bf9006399939762e6cd32445e848e56727df9d98 Version: bf9006399939762e6cd32445e848e56727df9d98 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:11.612020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:52.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/watchdog/ts4800_wdt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5b110d940417942bc87d9e4bea6d4f24e05ed483",
"status": "affected",
"version": "bf9006399939762e6cd32445e848e56727df9d98",
"versionType": "git"
},
{
"lessThan": "910b1cdf6c50ae8fb222e46657d04fb181577017",
"status": "affected",
"version": "bf9006399939762e6cd32445e848e56727df9d98",
"versionType": "git"
},
{
"lessThan": "7a4afd8a003d6abf1f5d159c2bb67e6b7cbde253",
"status": "affected",
"version": "bf9006399939762e6cd32445e848e56727df9d98",
"versionType": "git"
},
{
"lessThan": "91fa5aa53f68b85e779164b3127c7e23cad5c457",
"status": "affected",
"version": "bf9006399939762e6cd32445e848e56727df9d98",
"versionType": "git"
},
{
"lessThan": "f067b5286edfd83d2d3903e8578b561599d62539",
"status": "affected",
"version": "bf9006399939762e6cd32445e848e56727df9d98",
"versionType": "git"
},
{
"lessThan": "5d24df3d690809952528e7a19a43d84bc5b99d44",
"status": "affected",
"version": "bf9006399939762e6cd32445e848e56727df9d98",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/watchdog/ts4800_wdt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() in some error paths."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:18.473Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5b110d940417942bc87d9e4bea6d4f24e05ed483"
},
{
"url": "https://git.kernel.org/stable/c/910b1cdf6c50ae8fb222e46657d04fb181577017"
},
{
"url": "https://git.kernel.org/stable/c/7a4afd8a003d6abf1f5d159c2bb67e6b7cbde253"
},
{
"url": "https://git.kernel.org/stable/c/91fa5aa53f68b85e779164b3127c7e23cad5c457"
},
{
"url": "https://git.kernel.org/stable/c/f067b5286edfd83d2d3903e8578b561599d62539"
},
{
"url": "https://git.kernel.org/stable/c/5d24df3d690809952528e7a19a43d84bc5b99d44"
}
],
"title": "watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49373",
"datePublished": "2025-02-26T02:11:14.603Z",
"dateReserved": "2025-02-26T02:08:31.556Z",
"dateUpdated": "2025-10-01T19:46:52.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49494 (GCVE-0-2022-49494)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe()
It will cause null-ptr-deref when using 'res', if platform_get_resource()
returns NULL, so move using 'res' after devm_ioremap_resource() that
will check it to avoid null-ptr-deref.
And use devm_platform_get_and_ioremap_resource() to simplify code.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49494",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:38:52.763047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:43.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mtd/nand/raw/cadence-nand-controller.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "81f1ddffdc22ca5789e33b9d4712914e302090c1",
"status": "affected",
"version": "ec4ba01e894d3165e4d1ccbef782ef5593b708b4",
"versionType": "git"
},
{
"lessThan": "0cfee868b89ffa945f3d535ee5c985cb40c5a0f8",
"status": "affected",
"version": "ec4ba01e894d3165e4d1ccbef782ef5593b708b4",
"versionType": "git"
},
{
"lessThan": "069af5e27c1b0f7677ef76d8d3102e503ca4f80b",
"status": "affected",
"version": "ec4ba01e894d3165e4d1ccbef782ef5593b708b4",
"versionType": "git"
},
{
"lessThan": "13b60d3dc84b47307669edb66b633b18466014b4",
"status": "affected",
"version": "ec4ba01e894d3165e4d1ccbef782ef5593b708b4",
"versionType": "git"
},
{
"lessThan": "a28ed09dafee20da51eb26452950839633afd824",
"status": "affected",
"version": "ec4ba01e894d3165e4d1ccbef782ef5593b708b4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mtd/nand/raw/cadence-nand-controller.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe()\n\nIt will cause null-ptr-deref when using \u0027res\u0027, if platform_get_resource()\nreturns NULL, so move using \u0027res\u0027 after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.\nAnd use devm_platform_get_and_ioremap_resource() to simplify code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:07.650Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/81f1ddffdc22ca5789e33b9d4712914e302090c1"
},
{
"url": "https://git.kernel.org/stable/c/0cfee868b89ffa945f3d535ee5c985cb40c5a0f8"
},
{
"url": "https://git.kernel.org/stable/c/069af5e27c1b0f7677ef76d8d3102e503ca4f80b"
},
{
"url": "https://git.kernel.org/stable/c/13b60d3dc84b47307669edb66b633b18466014b4"
},
{
"url": "https://git.kernel.org/stable/c/a28ed09dafee20da51eb26452950839633afd824"
}
],
"title": "mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49494",
"datePublished": "2025-02-26T02:13:30.184Z",
"dateReserved": "2025-02-26T02:08:31.586Z",
"dateUpdated": "2025-10-01T19:46:43.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49668 (GCVE-0-2022-49668)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
This function only calls of_node_put() in normal path,
missing it in error paths.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:24.960757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:47.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/devfreq/event/exynos-ppmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bdecd912e99acfd61507f1720d3f4eed1b3418d8",
"status": "affected",
"version": "f262f28c147051e7aa6daaf4fb5996833ffadff4",
"versionType": "git"
},
{
"lessThan": "e65027fdebbacd40595e96ef7b5d2418f71bddf2",
"status": "affected",
"version": "f262f28c147051e7aa6daaf4fb5996833ffadff4",
"versionType": "git"
},
{
"lessThan": "01121e39ef537289926ae6f5374dce92c796d863",
"status": "affected",
"version": "f262f28c147051e7aa6daaf4fb5996833ffadff4",
"versionType": "git"
},
{
"lessThan": "194781229d4cbc804b8ded13156eb8addce87d6c",
"status": "affected",
"version": "f262f28c147051e7aa6daaf4fb5996833ffadff4",
"versionType": "git"
},
{
"lessThan": "f44b799603a9b5d2e375b0b2d54dd0b791eddfc2",
"status": "affected",
"version": "f262f28c147051e7aa6daaf4fb5996833ffadff4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/devfreq/event/exynos-ppmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.204",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.204",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.129",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.53",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.10",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nThis function only calls of_node_put() in normal path,\nmissing it in error paths.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:56.200Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bdecd912e99acfd61507f1720d3f4eed1b3418d8"
},
{
"url": "https://git.kernel.org/stable/c/e65027fdebbacd40595e96ef7b5d2418f71bddf2"
},
{
"url": "https://git.kernel.org/stable/c/01121e39ef537289926ae6f5374dce92c796d863"
},
{
"url": "https://git.kernel.org/stable/c/194781229d4cbc804b8ded13156eb8addce87d6c"
},
{
"url": "https://git.kernel.org/stable/c/f44b799603a9b5d2e375b0b2d54dd0b791eddfc2"
}
],
"title": "PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49668",
"datePublished": "2025-02-26T02:24:02.662Z",
"dateReserved": "2025-02-26T02:21:30.436Z",
"dateUpdated": "2025-10-01T19:36:47.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4453 (GCVE-0-2021-4453)
Vulnerability from cvelistv5
Published
2025-02-26 02:19
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: fix a potential gpu_metrics_table memory leak
Memory is allocated for gpu_metrics_table in renoir_init_smc_tables(),
but not freed in int smu_v12_0_fini_smc_tables(). Free it!
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-4453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:37:13.399991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:38.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/swsmu/smu12/smu_v12_0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "222cebd995cdf11fe0d502749560f65e64990e55",
"status": "affected",
"version": "95868b85764aff2dcbf78d3054076df75446ad15",
"versionType": "git"
},
{
"lessThan": "257b3bb16634fd936129fe2f57a91594a75b8751",
"status": "affected",
"version": "95868b85764aff2dcbf78d3054076df75446ad15",
"versionType": "git"
},
{
"lessThan": "aa464957f7e660abd554f2546a588f6533720e21",
"status": "affected",
"version": "95868b85764aff2dcbf78d3054076df75446ad15",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/swsmu/smu12/smu_v12_0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.88",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.11",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix a potential gpu_metrics_table memory leak\n\nMemory is allocated for gpu_metrics_table in renoir_init_smc_tables(),\nbut not freed in int smu_v12_0_fini_smc_tables(). Free it!"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T06:59:57.454Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/222cebd995cdf11fe0d502749560f65e64990e55"
},
{
"url": "https://git.kernel.org/stable/c/257b3bb16634fd936129fe2f57a91594a75b8751"
},
{
"url": "https://git.kernel.org/stable/c/aa464957f7e660abd554f2546a588f6533720e21"
}
],
"title": "drm/amd/pm: fix a potential gpu_metrics_table memory leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-4453",
"datePublished": "2025-02-26T02:19:34.893Z",
"dateReserved": "2025-02-26T02:18:22.518Z",
"dateUpdated": "2025-10-01T19:46:38.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47646 (GCVE-0-2021-47646)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 07:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Revert "Revert "block, bfq: honor already-setup queue merges""
A crash [1] happened to be triggered in conjunction with commit
2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The
latter was then reverted by commit ebc69e897e17 ("Revert "block, bfq:
honor already-setup queue merges""). Yet, the reverted commit was not
the one introducing the bug. In fact, it actually triggered a UAF
introduced by a different commit, and now fixed by commit d29bd41428cf
("block, bfq: reset last_bfqq_created on group change").
So, there is no point in keeping commit 2d52c58b9c9b ("block, bfq:
honor already-setup queue merges") out. This commit restores it.
[1] https://bugzilla.kernel.org/show_bug.cgi?id=214503
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:59:39.194997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:30.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/bfq-iosched.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f990f0985eda59d4f29fc83fcf300c92b1225d39",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "931aff627469a75c77b9fd3823146d0575afffd6",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "cc051f497eac9d8a0d816cd4bffa3415f2724871",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "65d8a737452e88f251fe5d925371de6d606df613",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "abc2129e646af7b43025d90a071f83043f1ae76c",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "4083925bd6dc89216d156474a8076feec904e607",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "15729ff8143f8135b03988a100a19e66d7cb7ecd",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/bfq-iosched.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"Revert \"block, bfq: honor already-setup queue merges\"\"\n\nA crash [1] happened to be triggered in conjunction with commit\n2d52c58b9c9b (\"block, bfq: honor already-setup queue merges\"). The\nlatter was then reverted by commit ebc69e897e17 (\"Revert \"block, bfq:\nhonor already-setup queue merges\"\"). Yet, the reverted commit was not\nthe one introducing the bug. In fact, it actually triggered a UAF\nintroduced by a different commit, and now fixed by commit d29bd41428cf\n(\"block, bfq: reset last_bfqq_created on group change\").\n\nSo, there is no point in keeping commit 2d52c58b9c9b (\"block, bfq:\nhonor already-setup queue merges\") out. This commit restores it.\n\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=214503"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:26.899Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f990f0985eda59d4f29fc83fcf300c92b1225d39"
},
{
"url": "https://git.kernel.org/stable/c/931aff627469a75c77b9fd3823146d0575afffd6"
},
{
"url": "https://git.kernel.org/stable/c/cc051f497eac9d8a0d816cd4bffa3415f2724871"
},
{
"url": "https://git.kernel.org/stable/c/65d8a737452e88f251fe5d925371de6d606df613"
},
{
"url": "https://git.kernel.org/stable/c/abc2129e646af7b43025d90a071f83043f1ae76c"
},
{
"url": "https://git.kernel.org/stable/c/4083925bd6dc89216d156474a8076feec904e607"
},
{
"url": "https://git.kernel.org/stable/c/15729ff8143f8135b03988a100a19e66d7cb7ecd"
}
],
"title": "Revert \"Revert \"block, bfq: honor already-setup queue merges\"\"",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47646",
"datePublished": "2025-02-26T01:54:15.122Z",
"dateReserved": "2025-02-26T01:48:21.520Z",
"dateUpdated": "2025-05-04T07:15:26.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49311 (GCVE-0-2022-49311)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()
There is a deadlock in rtw_joinbss_event_prehandle(), which is shown
below:
(Thread 1) | (Thread 2)
| _set_timer()
rtw_joinbss_event_prehandle()| mod_timer()
spin_lock_bh() //(1) | (wait a time)
... | _rtw_join_timeout_handler()
del_timer_sync() | spin_lock_bh() //(2)
(wait timer to stop) | ...
We hold pmlmepriv->lock in position (1) of thread 1 and
use del_timer_sync() to wait timer to stop, but timer handler
also need pmlmepriv->lock in position (2) of thread 2.
As a result, rtw_joinbss_event_prehandle() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_bh(), which could let timer handler to obtain
the needed lock. What`s more, we change spin_lock_bh() to
spin_lock_irq() in _rtw_join_timeout_handler() in order to
prevent deadlock.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:17.966247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:58.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8723bs/core/rtw_mlme.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae60744d5fad840b9d056d35b4b652d95e755846",
"status": "affected",
"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b",
"versionType": "git"
},
{
"lessThan": "1f6c99b94ca3caad346876b3e22e3ca3d25bc8ee",
"status": "affected",
"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b",
"versionType": "git"
},
{
"lessThan": "eca9748d9267a38d532464e3305a38629e9c35a9",
"status": "affected",
"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b",
"versionType": "git"
},
{
"lessThan": "041879b12ddb0c6c83ed9c0bdd10dc82a056f2fc",
"status": "affected",
"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8723bs/core/rtw_mlme.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()\n\nThere is a deadlock in rtw_joinbss_event_prehandle(), which is shown\nbelow:\n\n (Thread 1) | (Thread 2)\n | _set_timer()\nrtw_joinbss_event_prehandle()| mod_timer()\n spin_lock_bh() //(1) | (wait a time)\n ... | _rtw_join_timeout_handler()\n del_timer_sync() | spin_lock_bh() //(2)\n (wait timer to stop) | ...\n\nWe hold pmlmepriv-\u003elock in position (1) of thread 1 and\nuse del_timer_sync() to wait timer to stop, but timer handler\nalso need pmlmepriv-\u003elock in position (2) of thread 2.\nAs a result, rtw_joinbss_event_prehandle() will block forever.\n\nThis patch extracts del_timer_sync() from the protection of\nspin_lock_bh(), which could let timer handler to obtain\nthe needed lock. What`s more, we change spin_lock_bh() to\nspin_lock_irq() in _rtw_join_timeout_handler() in order to\nprevent deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:56.531Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae60744d5fad840b9d056d35b4b652d95e755846"
},
{
"url": "https://git.kernel.org/stable/c/1f6c99b94ca3caad346876b3e22e3ca3d25bc8ee"
},
{
"url": "https://git.kernel.org/stable/c/eca9748d9267a38d532464e3305a38629e9c35a9"
},
{
"url": "https://git.kernel.org/stable/c/041879b12ddb0c6c83ed9c0bdd10dc82a056f2fc"
}
],
"title": "drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49311",
"datePublished": "2025-02-26T02:10:41.139Z",
"dateReserved": "2025-02-26T02:08:31.536Z",
"dateUpdated": "2025-10-01T19:46:58.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49729 (GCVE-0-2022-49729)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
Similar to the handling of play_deferred in commit 19cfe912c37b
("Bluetooth: btusb: Fix memory leak in play_deferred"), we thought
a patch might be needed here as well.
Currently usb_submit_urb is called directly to submit deferred tx
urbs after unanchor them.
So the usb_giveback_urb_bh would failed to unref it in usb_unanchor_urb
and cause memory leak.
Put those urbs in tx_anchor to avoid the leak, and also fix the error
handling.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:31:56.699706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:43.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nfc/nfcmrvl/usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1eb0afecfb9cd0f38424b82bd9aaa542310934ee",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f21f908347712b8288ffe83b531b5e977042b29c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3e7c7df6991ac349f2fa8540047757df666e610f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6b4d8b44e7163a77fe942f5b80e1651c1b78c537",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0eeec1a8b0cd38c47edeb042980a6aeacecf35ed",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6616872cfe7f0474a22dd1f12699f95bcf81a54d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3eadc560c1919b8193d17334145dad9a917960e4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8a4d480702b71184fabcf379b80bf7539716752e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nfc/nfcmrvl/usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred\n\nSimilar to the handling of play_deferred in commit 19cfe912c37b\n(\"Bluetooth: btusb: Fix memory leak in play_deferred\"), we thought\na patch might be needed here as well.\n\nCurrently usb_submit_urb is called directly to submit deferred tx\nurbs after unanchor them.\n\nSo the usb_giveback_urb_bh would failed to unref it in usb_unanchor_urb\nand cause memory leak.\n\nPut those urbs in tx_anchor to avoid the leak, and also fix the error\nhandling."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:44:13.229Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1eb0afecfb9cd0f38424b82bd9aaa542310934ee"
},
{
"url": "https://git.kernel.org/stable/c/f21f908347712b8288ffe83b531b5e977042b29c"
},
{
"url": "https://git.kernel.org/stable/c/3e7c7df6991ac349f2fa8540047757df666e610f"
},
{
"url": "https://git.kernel.org/stable/c/6b4d8b44e7163a77fe942f5b80e1651c1b78c537"
},
{
"url": "https://git.kernel.org/stable/c/0eeec1a8b0cd38c47edeb042980a6aeacecf35ed"
},
{
"url": "https://git.kernel.org/stable/c/6616872cfe7f0474a22dd1f12699f95bcf81a54d"
},
{
"url": "https://git.kernel.org/stable/c/3eadc560c1919b8193d17334145dad9a917960e4"
},
{
"url": "https://git.kernel.org/stable/c/8a4d480702b71184fabcf379b80bf7539716752e"
}
],
"title": "nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49729",
"datePublished": "2025-02-26T02:24:40.021Z",
"dateReserved": "2025-02-26T02:21:30.448Z",
"dateUpdated": "2025-10-01T19:36:43.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49607 (GCVE-0-2022-49607)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()
Yang Jihing reported a race between perf_event_set_output() and
perf_mmap_close():
CPU1 CPU2
perf_mmap_close(e2)
if (atomic_dec_and_test(&e2->rb->mmap_count)) // 1 - > 0
detach_rest = true
ioctl(e1, IOC_SET_OUTPUT, e2)
perf_event_set_output(e1, e2)
...
list_for_each_entry_rcu(e, &e2->rb->event_list, rb_entry)
ring_buffer_attach(e, NULL);
// e1 isn't yet added and
// therefore not detached
ring_buffer_attach(e1, e2->rb)
list_add_rcu(&e1->rb_entry,
&e2->rb->event_list)
After this; e1 is attached to an unmapped rb and a subsequent
perf_mmap() will loop forever more:
again:
mutex_lock(&e->mmap_mutex);
if (event->rb) {
...
if (!atomic_inc_not_zero(&e->rb->mmap_count)) {
...
mutex_unlock(&e->mmap_mutex);
goto again;
}
}
The loop in perf_mmap_close() holds e2->mmap_mutex, while the attach
in perf_event_set_output() holds e1->mmap_mutex. As such there is no
serialization to avoid this race.
Change perf_event_set_output() to take both e1->mmap_mutex and
e2->mmap_mutex to alleviate that problem. Additionally, have the loop
in perf_mmap() detach the rb directly, this avoids having to wait for
the concurrent perf_mmap_close() to get around to doing it to make
progress.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9bb5d40cd93c9dd4be74834b1dcb1ba03629716b Version: 9bb5d40cd93c9dd4be74834b1dcb1ba03629716b Version: 9bb5d40cd93c9dd4be74834b1dcb1ba03629716b Version: 9bb5d40cd93c9dd4be74834b1dcb1ba03629716b Version: 9bb5d40cd93c9dd4be74834b1dcb1ba03629716b Version: 9bb5d40cd93c9dd4be74834b1dcb1ba03629716b Version: 9bb5d40cd93c9dd4be74834b1dcb1ba03629716b Version: 9bb5d40cd93c9dd4be74834b1dcb1ba03629716b Version: 2487f0db30527032c4d56fc2d0b1a240fe89fef8 Version: 703197b61d05f5edae54bad3256901c5a5c8794c Version: c52217e88ae0f3a4ae00562d86e338f8f85969b4 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:35:03.904350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:51.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/events/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3bbd868099287ff9027db59029b502fcfa2202a0",
"status": "affected",
"version": "9bb5d40cd93c9dd4be74834b1dcb1ba03629716b",
"versionType": "git"
},
{
"lessThan": "f836f9ac95df15f1e0af4beb0ec20021e8c91998",
"status": "affected",
"version": "9bb5d40cd93c9dd4be74834b1dcb1ba03629716b",
"versionType": "git"
},
{
"lessThan": "17f5417194136517ee9bbd6511249e5310e5617c",
"status": "affected",
"version": "9bb5d40cd93c9dd4be74834b1dcb1ba03629716b",
"versionType": "git"
},
{
"lessThan": "98c3c8fd0d4c560e0f8335b79c407bbf7fc9462c",
"status": "affected",
"version": "9bb5d40cd93c9dd4be74834b1dcb1ba03629716b",
"versionType": "git"
},
{
"lessThan": "43128b3eee337824158f34da6648163d2f2fb937",
"status": "affected",
"version": "9bb5d40cd93c9dd4be74834b1dcb1ba03629716b",
"versionType": "git"
},
{
"lessThan": "da3c256e2d0ebc87c7db0c605c9692b6f1722074",
"status": "affected",
"version": "9bb5d40cd93c9dd4be74834b1dcb1ba03629716b",
"versionType": "git"
},
{
"lessThan": "a9391ff7a7c5f113d6f2bf6621d49110950de49c",
"status": "affected",
"version": "9bb5d40cd93c9dd4be74834b1dcb1ba03629716b",
"versionType": "git"
},
{
"lessThan": "68e3c69803dada336893640110cb87221bb01dcf",
"status": "affected",
"version": "9bb5d40cd93c9dd4be74834b1dcb1ba03629716b",
"versionType": "git"
},
{
"status": "affected",
"version": "2487f0db30527032c4d56fc2d0b1a240fe89fef8",
"versionType": "git"
},
{
"status": "affected",
"version": "703197b61d05f5edae54bad3256901c5a5c8794c",
"versionType": "git"
},
{
"status": "affected",
"version": "c52217e88ae0f3a4ae00562d86e338f8f85969b4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/events/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.325",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.290",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.254",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.208",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.325",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.290",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.254",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.208",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.134",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix data race between perf_event_set_output() and perf_mmap_close()\n\nYang Jihing reported a race between perf_event_set_output() and\nperf_mmap_close():\n\n\tCPU1\t\t\t\t\tCPU2\n\n\tperf_mmap_close(e2)\n\t if (atomic_dec_and_test(\u0026e2-\u003erb-\u003emmap_count)) // 1 - \u003e 0\n\t detach_rest = true\n\n\t\t\t\t\t\tioctl(e1, IOC_SET_OUTPUT, e2)\n\t\t\t\t\t\t perf_event_set_output(e1, e2)\n\n\t ...\n\t list_for_each_entry_rcu(e, \u0026e2-\u003erb-\u003eevent_list, rb_entry)\n\t ring_buffer_attach(e, NULL);\n\t // e1 isn\u0027t yet added and\n\t // therefore not detached\n\n\t\t\t\t\t\t ring_buffer_attach(e1, e2-\u003erb)\n\t\t\t\t\t\t list_add_rcu(\u0026e1-\u003erb_entry,\n\t\t\t\t\t\t\t\t \u0026e2-\u003erb-\u003eevent_list)\n\nAfter this; e1 is attached to an unmapped rb and a subsequent\nperf_mmap() will loop forever more:\n\n\tagain:\n\t\tmutex_lock(\u0026e-\u003emmap_mutex);\n\t\tif (event-\u003erb) {\n\t\t\t...\n\t\t\tif (!atomic_inc_not_zero(\u0026e-\u003erb-\u003emmap_count)) {\n\t\t\t\t...\n\t\t\t\tmutex_unlock(\u0026e-\u003emmap_mutex);\n\t\t\t\tgoto again;\n\t\t\t}\n\t\t}\n\nThe loop in perf_mmap_close() holds e2-\u003emmap_mutex, while the attach\nin perf_event_set_output() holds e1-\u003emmap_mutex. As such there is no\nserialization to avoid this race.\n\nChange perf_event_set_output() to take both e1-\u003emmap_mutex and\ne2-\u003emmap_mutex to alleviate that problem. Additionally, have the loop\nin perf_mmap() detach the rb directly, this avoids having to wait for\nthe concurrent perf_mmap_close() to get around to doing it to make\nprogress."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:58.322Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3bbd868099287ff9027db59029b502fcfa2202a0"
},
{
"url": "https://git.kernel.org/stable/c/f836f9ac95df15f1e0af4beb0ec20021e8c91998"
},
{
"url": "https://git.kernel.org/stable/c/17f5417194136517ee9bbd6511249e5310e5617c"
},
{
"url": "https://git.kernel.org/stable/c/98c3c8fd0d4c560e0f8335b79c407bbf7fc9462c"
},
{
"url": "https://git.kernel.org/stable/c/43128b3eee337824158f34da6648163d2f2fb937"
},
{
"url": "https://git.kernel.org/stable/c/da3c256e2d0ebc87c7db0c605c9692b6f1722074"
},
{
"url": "https://git.kernel.org/stable/c/a9391ff7a7c5f113d6f2bf6621d49110950de49c"
},
{
"url": "https://git.kernel.org/stable/c/68e3c69803dada336893640110cb87221bb01dcf"
}
],
"title": "perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49607",
"datePublished": "2025-02-26T02:23:31.823Z",
"dateReserved": "2025-02-26T02:21:30.417Z",
"dateUpdated": "2025-10-01T19:36:51.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49503 (GCVE-0-2022-49503)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
The "rxstatus->rs_keyix" eventually gets passed to test_bit() so we need to
ensure that it is within the bitmap.
drivers/net/wireless/ath/ath9k/common.c:46 ath9k_cmn_rx_accept()
error: passing untrusted data 'rx_stats->rs_keyix' to 'test_bit()'
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4ed1a8d4a25711f780b96920fff2bb531229e322 Version: 4ed1a8d4a25711f780b96920fff2bb531229e322 Version: 4ed1a8d4a25711f780b96920fff2bb531229e322 Version: 4ed1a8d4a25711f780b96920fff2bb531229e322 Version: 4ed1a8d4a25711f780b96920fff2bb531229e322 Version: 4ed1a8d4a25711f780b96920fff2bb531229e322 Version: 4ed1a8d4a25711f780b96920fff2bb531229e322 Version: 4ed1a8d4a25711f780b96920fff2bb531229e322 Version: 4ed1a8d4a25711f780b96920fff2bb531229e322 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/htc_drv_txrx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0bcb528402cd5e1a6e1833e956fd58a12d509e8e",
"status": "affected",
"version": "4ed1a8d4a25711f780b96920fff2bb531229e322",
"versionType": "git"
},
{
"lessThan": "a048e0c3caa852397b7b50d4c82a0415c05f7ac3",
"status": "affected",
"version": "4ed1a8d4a25711f780b96920fff2bb531229e322",
"versionType": "git"
},
{
"lessThan": "4bdcf32c965c27f55ccc4ee71c1927131115b0bb",
"status": "affected",
"version": "4ed1a8d4a25711f780b96920fff2bb531229e322",
"versionType": "git"
},
{
"lessThan": "2326d398ccd41ba6d93b8346532dfa432ab00fee",
"status": "affected",
"version": "4ed1a8d4a25711f780b96920fff2bb531229e322",
"versionType": "git"
},
{
"lessThan": "461e4c1f199076275f16bf6f3d3e42c6b6c79f33",
"status": "affected",
"version": "4ed1a8d4a25711f780b96920fff2bb531229e322",
"versionType": "git"
},
{
"lessThan": "7f6defe0fabc79f29603c6fa3c80e4fe0456a3e9",
"status": "affected",
"version": "4ed1a8d4a25711f780b96920fff2bb531229e322",
"versionType": "git"
},
{
"lessThan": "eda518db7db16c360bc84379d90675650daa3048",
"status": "affected",
"version": "4ed1a8d4a25711f780b96920fff2bb531229e322",
"versionType": "git"
},
{
"lessThan": "3dad3fed5672828c7fb0465cb66a3d9a70952fa6",
"status": "affected",
"version": "4ed1a8d4a25711f780b96920fff2bb531229e322",
"versionType": "git"
},
{
"lessThan": "2dc509305cf956381532792cb8dceef2b1504765",
"status": "affected",
"version": "4ed1a8d4a25711f780b96920fff2bb531229e322",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/htc_drv_txrx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.15"
},
{
"lessThan": "3.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath9k_htc: fix potential out of bounds access with invalid rxstatus-\u003ers_keyix\n\nThe \"rxstatus-\u003ers_keyix\" eventually gets passed to test_bit() so we need to\nensure that it is within the bitmap.\n\ndrivers/net/wireless/ath/ath9k/common.c:46 ath9k_cmn_rx_accept()\nerror: passing untrusted data \u0027rx_stats-\u003ers_keyix\u0027 to \u0027test_bit()\u0027"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:20.063Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0bcb528402cd5e1a6e1833e956fd58a12d509e8e"
},
{
"url": "https://git.kernel.org/stable/c/a048e0c3caa852397b7b50d4c82a0415c05f7ac3"
},
{
"url": "https://git.kernel.org/stable/c/4bdcf32c965c27f55ccc4ee71c1927131115b0bb"
},
{
"url": "https://git.kernel.org/stable/c/2326d398ccd41ba6d93b8346532dfa432ab00fee"
},
{
"url": "https://git.kernel.org/stable/c/461e4c1f199076275f16bf6f3d3e42c6b6c79f33"
},
{
"url": "https://git.kernel.org/stable/c/7f6defe0fabc79f29603c6fa3c80e4fe0456a3e9"
},
{
"url": "https://git.kernel.org/stable/c/eda518db7db16c360bc84379d90675650daa3048"
},
{
"url": "https://git.kernel.org/stable/c/3dad3fed5672828c7fb0465cb66a3d9a70952fa6"
},
{
"url": "https://git.kernel.org/stable/c/2dc509305cf956381532792cb8dceef2b1504765"
}
],
"title": "ath9k_htc: fix potential out of bounds access with invalid rxstatus-\u003ers_keyix",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49503",
"datePublished": "2025-02-26T02:13:36.149Z",
"dateReserved": "2025-02-26T02:08:31.586Z",
"dateUpdated": "2025-05-04T08:39:20.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49661 (GCVE-0-2022-49661)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: gs_usb: gs_usb_open/close(): fix memory leak
The gs_usb driver appears to suffer from a malady common to many USB
CAN adapter drivers in that it performs usb_alloc_coherent() to
allocate a number of USB request blocks (URBs) for RX, and then later
relies on usb_kill_anchored_urbs() to free them, but this doesn't
actually free them. As a result, this may be leaking DMA memory that's
been used by the driver.
This commit is an adaptation of the techniques found in the esd_usb2
driver where a similar design pattern led to a memory leak. It
explicitly frees the RX URBs and their DMA memory via a call to
usb_free_coherent(). Since the RX URBs were allocated in the
gs_can_open(), we remove them in gs_can_close() rather than in the
disconnect function as was done in esd_usb2.
For more information, see the 928150fad41b ("can: esd_usb2: fix memory
leak").
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d08e973a77d128b25e01a08c34d89593fdf222da Version: d08e973a77d128b25e01a08c34d89593fdf222da Version: d08e973a77d128b25e01a08c34d89593fdf222da Version: d08e973a77d128b25e01a08c34d89593fdf222da Version: d08e973a77d128b25e01a08c34d89593fdf222da Version: d08e973a77d128b25e01a08c34d89593fdf222da Version: d08e973a77d128b25e01a08c34d89593fdf222da Version: d08e973a77d128b25e01a08c34d89593fdf222da |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/can/usb/gs_usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "339fa9f80d3b94177a7a459c6d115d3b56007d5a",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
},
{
"lessThan": "c1d806bc29ff7ffe0e2a023583c8720ed96cb0b0",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
},
{
"lessThan": "d91492638b054f4a359621ef216242be5973ed6b",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
},
{
"lessThan": "6f655b5e13fa4b27e915b6c209ac0da74fd75963",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
},
{
"lessThan": "d0b8e223998866b3e7b2895927d4e9689b0a80d8",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
},
{
"lessThan": "0e60230bc64355c80abe993d1719fdb318094e20",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
},
{
"lessThan": "ffb6cc6601ec7c8fa963dcf76025df4a02f2cf5c",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
},
{
"lessThan": "2bda24ef95c0311ab93bda00db40486acf30bd0a",
"status": "affected",
"version": "d08e973a77d128b25e01a08c34d89593fdf222da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/can/usb/gs_usb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.288",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.252",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.205",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.323",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.288",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.252",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.205",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.130",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.11",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_open/close(): fix memory leak\n\nThe gs_usb driver appears to suffer from a malady common to many USB\nCAN adapter drivers in that it performs usb_alloc_coherent() to\nallocate a number of USB request blocks (URBs) for RX, and then later\nrelies on usb_kill_anchored_urbs() to free them, but this doesn\u0027t\nactually free them. As a result, this may be leaking DMA memory that\u0027s\nbeen used by the driver.\n\nThis commit is an adaptation of the techniques found in the esd_usb2\ndriver where a similar design pattern led to a memory leak. It\nexplicitly frees the RX URBs and their DMA memory via a call to\nusb_free_coherent(). Since the RX URBs were allocated in the\ngs_can_open(), we remove them in gs_can_close() rather than in the\ndisconnect function as was done in esd_usb2.\n\nFor more information, see the 928150fad41b (\"can: esd_usb2: fix memory\nleak\")."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:47.296Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/339fa9f80d3b94177a7a459c6d115d3b56007d5a"
},
{
"url": "https://git.kernel.org/stable/c/c1d806bc29ff7ffe0e2a023583c8720ed96cb0b0"
},
{
"url": "https://git.kernel.org/stable/c/d91492638b054f4a359621ef216242be5973ed6b"
},
{
"url": "https://git.kernel.org/stable/c/6f655b5e13fa4b27e915b6c209ac0da74fd75963"
},
{
"url": "https://git.kernel.org/stable/c/d0b8e223998866b3e7b2895927d4e9689b0a80d8"
},
{
"url": "https://git.kernel.org/stable/c/0e60230bc64355c80abe993d1719fdb318094e20"
},
{
"url": "https://git.kernel.org/stable/c/ffb6cc6601ec7c8fa963dcf76025df4a02f2cf5c"
},
{
"url": "https://git.kernel.org/stable/c/2bda24ef95c0311ab93bda00db40486acf30bd0a"
}
],
"title": "can: gs_usb: gs_usb_open/close(): fix memory leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49661",
"datePublished": "2025-02-26T02:23:58.352Z",
"dateReserved": "2025-02-26T02:21:30.435Z",
"dateUpdated": "2025-05-04T08:42:47.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49259 (GCVE-0-2022-49259)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: don't delete queue kobject before its children
kobjects aren't supposed to be deleted before their child kobjects are
deleted. Apparently this is usually benign; however, a WARN will be
triggered if one of the child kobjects has a named attribute group:
sysfs group 'modes' not found for kobject 'crypto'
WARNING: CPU: 0 PID: 1 at fs/sysfs/group.c:278 sysfs_remove_group+0x72/0x80
...
Call Trace:
sysfs_remove_groups+0x29/0x40 fs/sysfs/group.c:312
__kobject_del+0x20/0x80 lib/kobject.c:611
kobject_cleanup+0xa4/0x140 lib/kobject.c:696
kobject_release lib/kobject.c:736 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x53/0x70 lib/kobject.c:753
blk_crypto_sysfs_unregister+0x10/0x20 block/blk-crypto-sysfs.c:159
blk_unregister_queue+0xb0/0x110 block/blk-sysfs.c:962
del_gendisk+0x117/0x250 block/genhd.c:610
Fix this by moving the kobject_del() and the corresponding
kobject_uevent() to the correct place.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2c2086afc2b8b974fac32cb028e73dc27bfae442 Version: 2c2086afc2b8b974fac32cb028e73dc27bfae442 Version: 2c2086afc2b8b974fac32cb028e73dc27bfae442 Version: 2c2086afc2b8b974fac32cb028e73dc27bfae442 Version: 2c2086afc2b8b974fac32cb028e73dc27bfae442 Version: 2c2086afc2b8b974fac32cb028e73dc27bfae442 Version: 2c2086afc2b8b974fac32cb028e73dc27bfae442 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b2001eb10f59363da930cdd6e086a2861986fa18",
"status": "affected",
"version": "2c2086afc2b8b974fac32cb028e73dc27bfae442",
"versionType": "git"
},
{
"lessThan": "84fe3ca6e7910beb47ec13509d484f84fa2a41ad",
"status": "affected",
"version": "2c2086afc2b8b974fac32cb028e73dc27bfae442",
"versionType": "git"
},
{
"lessThan": "0b5924a14d64487ebd51127b0358d06066ef5384",
"status": "affected",
"version": "2c2086afc2b8b974fac32cb028e73dc27bfae442",
"versionType": "git"
},
{
"lessThan": "efaa0e969261e97c1fdd8e0338e5dd3ba5b9219c",
"status": "affected",
"version": "2c2086afc2b8b974fac32cb028e73dc27bfae442",
"versionType": "git"
},
{
"lessThan": "cf0cb8686e55d9c022944bc6ba9e19e832889e83",
"status": "affected",
"version": "2c2086afc2b8b974fac32cb028e73dc27bfae442",
"versionType": "git"
},
{
"lessThan": "3d7e32c8da45957326f56937e0471c686d1a7711",
"status": "affected",
"version": "2c2086afc2b8b974fac32cb028e73dc27bfae442",
"versionType": "git"
},
{
"lessThan": "0f69288253e9fc7c495047720e523b9f1aba5712",
"status": "affected",
"version": "2c2086afc2b8b974fac32cb028e73dc27bfae442",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t delete queue kobject before its children\n\nkobjects aren\u0027t supposed to be deleted before their child kobjects are\ndeleted. Apparently this is usually benign; however, a WARN will be\ntriggered if one of the child kobjects has a named attribute group:\n\n sysfs group \u0027modes\u0027 not found for kobject \u0027crypto\u0027\n WARNING: CPU: 0 PID: 1 at fs/sysfs/group.c:278 sysfs_remove_group+0x72/0x80\n ...\n Call Trace:\n sysfs_remove_groups+0x29/0x40 fs/sysfs/group.c:312\n __kobject_del+0x20/0x80 lib/kobject.c:611\n kobject_cleanup+0xa4/0x140 lib/kobject.c:696\n kobject_release lib/kobject.c:736 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x53/0x70 lib/kobject.c:753\n blk_crypto_sysfs_unregister+0x10/0x20 block/blk-crypto-sysfs.c:159\n blk_unregister_queue+0xb0/0x110 block/blk-sysfs.c:962\n del_gendisk+0x117/0x250 block/genhd.c:610\n\nFix this by moving the kobject_del() and the corresponding\nkobject_uevent() to the correct place."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:33.875Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b2001eb10f59363da930cdd6e086a2861986fa18"
},
{
"url": "https://git.kernel.org/stable/c/84fe3ca6e7910beb47ec13509d484f84fa2a41ad"
},
{
"url": "https://git.kernel.org/stable/c/0b5924a14d64487ebd51127b0358d06066ef5384"
},
{
"url": "https://git.kernel.org/stable/c/efaa0e969261e97c1fdd8e0338e5dd3ba5b9219c"
},
{
"url": "https://git.kernel.org/stable/c/cf0cb8686e55d9c022944bc6ba9e19e832889e83"
},
{
"url": "https://git.kernel.org/stable/c/3d7e32c8da45957326f56937e0471c686d1a7711"
},
{
"url": "https://git.kernel.org/stable/c/0f69288253e9fc7c495047720e523b9f1aba5712"
}
],
"title": "block: don\u0027t delete queue kobject before its children",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49259",
"datePublished": "2025-02-26T01:56:12.046Z",
"dateReserved": "2025-02-26T01:49:39.296Z",
"dateUpdated": "2025-05-04T08:33:33.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49674 (GCVE-0-2022-49674)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm raid: fix accesses beyond end of raid member array
On dm-raid table load (using raid_ctr), dm-raid allocates an array
rs->devs[rs->raid_disks] for the raid device members. rs->raid_disks
is defined by the number of raid metadata and image tupples passed
into the target's constructor.
In the case of RAID layout changes being requested, that number can be
different from the current number of members for existing raid sets as
defined in their superblocks. Example RAID layout changes include:
- raid1 legs being added/removed
- raid4/5/6/10 number of stripes changed (stripe reshaping)
- takeover to higher raid level (e.g. raid5 -> raid6)
When accessing array members, rs->raid_disks must be used in control
loops instead of the potentially larger value in rs->md.raid_disks.
Otherwise it will cause memory access beyond the end of the rs->devs
array.
Fix this by changing code that is prone to out-of-bounds access.
Also fix validate_raid_redundancy() to validate all devices that are
added. Also, use braces to help clean up raid_iterate_devices().
The out-of-bounds memory accesses was discovered using KASAN.
This commit was verified to pass all LVM2 RAID tests (with KASAN
enabled).
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-raid.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5e161a8826b63c0b8b43e4a7fad1f956780f42ab",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "df1a5ab0dd0775f2ea101c71f2addbc4c0ea0f85",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "90de15357504c8097ab29769dc6852e16281e9e8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9bf2b0757b04c78dc5d6e3a198acca98457b32a1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6352b2f4d8e95ec0ae576d7705435d64cfa29503",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bcff98500ea3b4e7615ec31d2bdd326bc1ef5134",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "332bd0778775d0cf105c4b9e03e460b590749916",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-raid.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.251",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.204",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm raid: fix accesses beyond end of raid member array\n\nOn dm-raid table load (using raid_ctr), dm-raid allocates an array\nrs-\u003edevs[rs-\u003eraid_disks] for the raid device members. rs-\u003eraid_disks\nis defined by the number of raid metadata and image tupples passed\ninto the target\u0027s constructor.\n\nIn the case of RAID layout changes being requested, that number can be\ndifferent from the current number of members for existing raid sets as\ndefined in their superblocks. Example RAID layout changes include:\n- raid1 legs being added/removed\n- raid4/5/6/10 number of stripes changed (stripe reshaping)\n- takeover to higher raid level (e.g. raid5 -\u003e raid6)\n\nWhen accessing array members, rs-\u003eraid_disks must be used in control\nloops instead of the potentially larger value in rs-\u003emd.raid_disks.\nOtherwise it will cause memory access beyond the end of the rs-\u003edevs\narray.\n\nFix this by changing code that is prone to out-of-bounds access.\nAlso fix validate_raid_redundancy() to validate all devices that are\nadded. Also, use braces to help clean up raid_iterate_devices().\n\nThe out-of-bounds memory accesses was discovered using KASAN.\n\nThis commit was verified to pass all LVM2 RAID tests (with KASAN\nenabled)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:03.651Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5e161a8826b63c0b8b43e4a7fad1f956780f42ab"
},
{
"url": "https://git.kernel.org/stable/c/df1a5ab0dd0775f2ea101c71f2addbc4c0ea0f85"
},
{
"url": "https://git.kernel.org/stable/c/90de15357504c8097ab29769dc6852e16281e9e8"
},
{
"url": "https://git.kernel.org/stable/c/9bf2b0757b04c78dc5d6e3a198acca98457b32a1"
},
{
"url": "https://git.kernel.org/stable/c/6352b2f4d8e95ec0ae576d7705435d64cfa29503"
},
{
"url": "https://git.kernel.org/stable/c/bcff98500ea3b4e7615ec31d2bdd326bc1ef5134"
},
{
"url": "https://git.kernel.org/stable/c/332bd0778775d0cf105c4b9e03e460b590749916"
}
],
"title": "dm raid: fix accesses beyond end of raid member array",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49674",
"datePublished": "2025-02-26T02:24:06.636Z",
"dateReserved": "2025-02-26T02:21:30.438Z",
"dateUpdated": "2025-05-04T08:43:03.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49481 (GCVE-0-2022-49481)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
of_node_get() returns a node with refcount incremented.
Calling of_node_put() to drop the reference when not needed anymore.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3784b6d64dc52ed3fbebad61a85ab9b7a687a167 Version: 3784b6d64dc52ed3fbebad61a85ab9b7a687a167 Version: 3784b6d64dc52ed3fbebad61a85ab9b7a687a167 Version: 3784b6d64dc52ed3fbebad61a85ab9b7a687a167 Version: 3784b6d64dc52ed3fbebad61a85ab9b7a687a167 Version: 3784b6d64dc52ed3fbebad61a85ab9b7a687a167 Version: 3784b6d64dc52ed3fbebad61a85ab9b7a687a167 Version: 3784b6d64dc52ed3fbebad61a85ab9b7a687a167 Version: 3784b6d64dc52ed3fbebad61a85ab9b7a687a167 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:23.034632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:45.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/regulator/pfuze100-regulator.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b74c0dd9179d21b7260260e075d597b23970100c",
"status": "affected",
"version": "3784b6d64dc52ed3fbebad61a85ab9b7a687a167",
"versionType": "git"
},
{
"lessThan": "6ca675f4abbc74bc991d154a1ecc8b384dc2aae4",
"status": "affected",
"version": "3784b6d64dc52ed3fbebad61a85ab9b7a687a167",
"versionType": "git"
},
{
"lessThan": "984cfef0675ed7398814e14af2c5323911723e1c",
"status": "affected",
"version": "3784b6d64dc52ed3fbebad61a85ab9b7a687a167",
"versionType": "git"
},
{
"lessThan": "0be5d9da5743b9825a95baec85a67500b2c1d362",
"status": "affected",
"version": "3784b6d64dc52ed3fbebad61a85ab9b7a687a167",
"versionType": "git"
},
{
"lessThan": "9f564e29a51210a49df3d925117777c157a17d6d",
"status": "affected",
"version": "3784b6d64dc52ed3fbebad61a85ab9b7a687a167",
"versionType": "git"
},
{
"lessThan": "56ab0c01027492cd161c64148e1dc892c56887ad",
"status": "affected",
"version": "3784b6d64dc52ed3fbebad61a85ab9b7a687a167",
"versionType": "git"
},
{
"lessThan": "671be14fc31374b1a10a3abd93db6a8480838fc9",
"status": "affected",
"version": "3784b6d64dc52ed3fbebad61a85ab9b7a687a167",
"versionType": "git"
},
{
"lessThan": "49d785baeb91568332197be356d138e5e59c7ddb",
"status": "affected",
"version": "3784b6d64dc52ed3fbebad61a85ab9b7a687a167",
"versionType": "git"
},
{
"lessThan": "afaa7b933ef00a2d3262f4d1252087613fb5c06d",
"status": "affected",
"version": "3784b6d64dc52ed3fbebad61a85ab9b7a687a167",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/regulator/pfuze100-regulator.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt\n\nof_node_get() returns a node with refcount incremented.\nCalling of_node_put() to drop the reference when not needed anymore."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:44.611Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b74c0dd9179d21b7260260e075d597b23970100c"
},
{
"url": "https://git.kernel.org/stable/c/6ca675f4abbc74bc991d154a1ecc8b384dc2aae4"
},
{
"url": "https://git.kernel.org/stable/c/984cfef0675ed7398814e14af2c5323911723e1c"
},
{
"url": "https://git.kernel.org/stable/c/0be5d9da5743b9825a95baec85a67500b2c1d362"
},
{
"url": "https://git.kernel.org/stable/c/9f564e29a51210a49df3d925117777c157a17d6d"
},
{
"url": "https://git.kernel.org/stable/c/56ab0c01027492cd161c64148e1dc892c56887ad"
},
{
"url": "https://git.kernel.org/stable/c/671be14fc31374b1a10a3abd93db6a8480838fc9"
},
{
"url": "https://git.kernel.org/stable/c/49d785baeb91568332197be356d138e5e59c7ddb"
},
{
"url": "https://git.kernel.org/stable/c/afaa7b933ef00a2d3262f4d1252087613fb5c06d"
}
],
"title": "regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49481",
"datePublished": "2025-02-26T02:13:21.324Z",
"dateReserved": "2025-02-26T02:08:31.581Z",
"dateUpdated": "2025-10-01T19:46:45.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49128 (GCVE-0-2022-49128)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: Add missing pm_runtime_put_sync
pm_runtime_get_sync() will increase the rumtime PM counter
even when it returns an error. Thus a pairing decrement is needed
to prevent refcount leak. Fix this by replacing this API with
pm_runtime_resume_and_get(), which will not change the runtime
PM counter on error. Besides, a matching decrement is needed
on the error handling path to keep the counter balanced.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:48:24.636231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:03.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/bridge/nwl-dsi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ff13c90d7f7ab606b37be6d15140d19013d6736c",
"status": "affected",
"version": "44cfc6233447cb2cf47aeb99457de35826a363f6",
"versionType": "git"
},
{
"lessThan": "792533e54cd6e89191798ccd1abd590c62b9077e",
"status": "affected",
"version": "44cfc6233447cb2cf47aeb99457de35826a363f6",
"versionType": "git"
},
{
"lessThan": "9df80dc738926a2ea4bd1ce5993c3d0f4b0e855c",
"status": "affected",
"version": "44cfc6233447cb2cf47aeb99457de35826a363f6",
"versionType": "git"
},
{
"lessThan": "46f47807738441e354873546dde0b000106c068a",
"status": "affected",
"version": "44cfc6233447cb2cf47aeb99457de35826a363f6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/bridge/nwl-dsi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: Add missing pm_runtime_put_sync\n\npm_runtime_get_sync() will increase the rumtime PM counter\neven when it returns an error. Thus a pairing decrement is needed\nto prevent refcount leak. Fix this by replacing this API with\npm_runtime_resume_and_get(), which will not change the runtime\nPM counter on error. Besides, a matching decrement is needed\non the error handling path to keep the counter balanced."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:35.509Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ff13c90d7f7ab606b37be6d15140d19013d6736c"
},
{
"url": "https://git.kernel.org/stable/c/792533e54cd6e89191798ccd1abd590c62b9077e"
},
{
"url": "https://git.kernel.org/stable/c/9df80dc738926a2ea4bd1ce5993c3d0f4b0e855c"
},
{
"url": "https://git.kernel.org/stable/c/46f47807738441e354873546dde0b000106c068a"
}
],
"title": "drm/bridge: Add missing pm_runtime_put_sync",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49128",
"datePublished": "2025-02-26T01:55:05.126Z",
"dateReserved": "2025-02-26T01:49:39.266Z",
"dateUpdated": "2025-10-01T19:57:03.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49491 (GCVE-0-2022-49491)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
It will cause null-ptr-deref in resource_size(), if platform_get_resource()
returns NULL, move calling resource_size() after devm_ioremap_resource() that
will check 'res' to avoid null-ptr-deref.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2048e3286f347db5667708e47448176b5329e8d8 Version: 2048e3286f347db5667708e47448176b5329e8d8 Version: 2048e3286f347db5667708e47448176b5329e8d8 Version: 2048e3286f347db5667708e47448176b5329e8d8 Version: 2048e3286f347db5667708e47448176b5329e8d8 Version: 2048e3286f347db5667708e47448176b5329e8d8 Version: 2048e3286f347db5667708e47448176b5329e8d8 Version: 2048e3286f347db5667708e47448176b5329e8d8 Version: 2048e3286f347db5667708e47448176b5329e8d8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:38:59.630683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:44.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/rockchip/rockchip_drm_vop.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "452922955df215a417c80d09dab72bbc667a1861",
"status": "affected",
"version": "2048e3286f347db5667708e47448176b5329e8d8",
"versionType": "git"
},
{
"lessThan": "fcd6a886443730c39170b8383411e52118aec0a3",
"status": "affected",
"version": "2048e3286f347db5667708e47448176b5329e8d8",
"versionType": "git"
},
{
"lessThan": "6ff986e057bf28e2f7690dad410768b2270f9453",
"status": "affected",
"version": "2048e3286f347db5667708e47448176b5329e8d8",
"versionType": "git"
},
{
"lessThan": "a9b4599665e437de8a1152799c34841b799a2e1c",
"status": "affected",
"version": "2048e3286f347db5667708e47448176b5329e8d8",
"versionType": "git"
},
{
"lessThan": "3451852312303d54a003c73bd0ae39cebb960bd5",
"status": "affected",
"version": "2048e3286f347db5667708e47448176b5329e8d8",
"versionType": "git"
},
{
"lessThan": "b54926bd558d97c888c3d2d87886f3c159d3254a",
"status": "affected",
"version": "2048e3286f347db5667708e47448176b5329e8d8",
"versionType": "git"
},
{
"lessThan": "769c53bb6116d0eaec0f1fe4ec4b27a74465cad1",
"status": "affected",
"version": "2048e3286f347db5667708e47448176b5329e8d8",
"versionType": "git"
},
{
"lessThan": "ecfa52654d0c9c333c1fe1611f47105f6bce9591",
"status": "affected",
"version": "2048e3286f347db5667708e47448176b5329e8d8",
"versionType": "git"
},
{
"lessThan": "f8c242908ad15bbd604d3bcb54961b7d454c43f8",
"status": "affected",
"version": "2048e3286f347db5667708e47448176b5329e8d8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/rockchip/rockchip_drm_vop.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/rockchip: vop: fix possible null-ptr-deref in vop_bind()\n\nIt will cause null-ptr-deref in resource_size(), if platform_get_resource()\nreturns NULL, move calling resource_size() after devm_ioremap_resource() that\nwill check \u0027res\u0027 to avoid null-ptr-deref."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:03.751Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/452922955df215a417c80d09dab72bbc667a1861"
},
{
"url": "https://git.kernel.org/stable/c/fcd6a886443730c39170b8383411e52118aec0a3"
},
{
"url": "https://git.kernel.org/stable/c/6ff986e057bf28e2f7690dad410768b2270f9453"
},
{
"url": "https://git.kernel.org/stable/c/a9b4599665e437de8a1152799c34841b799a2e1c"
},
{
"url": "https://git.kernel.org/stable/c/3451852312303d54a003c73bd0ae39cebb960bd5"
},
{
"url": "https://git.kernel.org/stable/c/b54926bd558d97c888c3d2d87886f3c159d3254a"
},
{
"url": "https://git.kernel.org/stable/c/769c53bb6116d0eaec0f1fe4ec4b27a74465cad1"
},
{
"url": "https://git.kernel.org/stable/c/ecfa52654d0c9c333c1fe1611f47105f6bce9591"
},
{
"url": "https://git.kernel.org/stable/c/f8c242908ad15bbd604d3bcb54961b7d454c43f8"
}
],
"title": "drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49491",
"datePublished": "2025-02-26T02:13:28.158Z",
"dateReserved": "2025-02-26T02:08:31.585Z",
"dateUpdated": "2025-10-01T19:46:44.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42229 (GCVE-0-2024-42229)
Vulnerability from cvelistv5
Published
2024-07-30 07:47
Modified
2025-11-03 22:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: aead,cipher - zeroize key buffer after use
I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding
cryptographic information should be zeroized once they are no longer
needed. Accomplish this by using kfree_sensitive for buffers that
previously held the private key.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:02:33.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:14:28.221263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:32.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"crypto/aead.c",
"crypto/cipher.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "89b9b6fa4463daf820e6a5ef65c3b0c2db239513",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b716e9c3603ee95ed45e938fe47227d22cf3ec35",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9db8c299a521813630fcb4154298cb60c37f3133",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "71dd428615375e36523f4d4f7685ddd54113646d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "28c8d274848feba552e95c5c2a7e3cfe8f15c534",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f58679996a831754a356974376f248aa0af2eb8e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "23e4099bdc3c8381992f9eb975c79196d6755210",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"crypto/aead.c",
"crypto/cipher.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.98",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.39",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead,cipher - zeroize key buffer after use\n\nI.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding\ncryptographic information should be zeroized once they are no longer\nneeded. Accomplish this by using kfree_sensitive for buffers that\npreviously held the private key."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:36.883Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/89b9b6fa4463daf820e6a5ef65c3b0c2db239513"
},
{
"url": "https://git.kernel.org/stable/c/b716e9c3603ee95ed45e938fe47227d22cf3ec35"
},
{
"url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133"
},
{
"url": "https://git.kernel.org/stable/c/71dd428615375e36523f4d4f7685ddd54113646d"
},
{
"url": "https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534"
},
{
"url": "https://git.kernel.org/stable/c/b502d4a08875ea2b4ea5d5b28dc7c991c8b90cfb"
},
{
"url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e"
},
{
"url": "https://git.kernel.org/stable/c/23e4099bdc3c8381992f9eb975c79196d6755210"
}
],
"title": "crypto: aead,cipher - zeroize key buffer after use",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42229",
"datePublished": "2024-07-30T07:47:09.817Z",
"dateReserved": "2024-07-30T07:40:12.250Z",
"dateUpdated": "2025-11-03T22:02:33.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49098 (GCVE-0-2022-49098)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Fix potential crash on module unload
The vmbus driver relies on the panic notifier infrastructure to perform
some operations when a panic event is detected. Since vmbus can be built
as module, it is required that the driver handles both registering and
unregistering such panic notifier callback.
After commit 74347a99e73a ("x86/Hyper-V: Unload vmbus channel in hv panic callback")
though, the panic notifier registration is done unconditionally in the module
initialization routine whereas the unregistering procedure is conditionally
guarded and executes only if HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE capability
is set.
This patch fixes that by unconditionally unregistering the panic notifier
in the module's exit routine as well.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5e059fc0f054309036d3f612bc8b0a502ca58545 Version: 9f38f7b46de0747c1909e8c557aa21715dce20c5 Version: 74347a99e73ae00b8385f1209aaea193c670f901 Version: 74347a99e73ae00b8385f1209aaea193c670f901 Version: 74347a99e73ae00b8385f1209aaea193c670f901 Version: 74347a99e73ae00b8385f1209aaea193c670f901 Version: 74347a99e73ae00b8385f1209aaea193c670f901 Version: caeeb3787167c884b955404a7e669fd77f267e44 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hv/vmbus_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6b4c0149a56147b29169e07000d566162892722a",
"status": "affected",
"version": "5e059fc0f054309036d3f612bc8b0a502ca58545",
"versionType": "git"
},
{
"lessThan": "2133c422a103cf7c7768c37b9ac382e73b691892",
"status": "affected",
"version": "9f38f7b46de0747c1909e8c557aa21715dce20c5",
"versionType": "git"
},
{
"lessThan": "cf580d2e3884dbafd6b90269b03a24d661578624",
"status": "affected",
"version": "74347a99e73ae00b8385f1209aaea193c670f901",
"versionType": "git"
},
{
"lessThan": "dcd6b1a624c0ffa21034d8b1e02e9d068458f596",
"status": "affected",
"version": "74347a99e73ae00b8385f1209aaea193c670f901",
"versionType": "git"
},
{
"lessThan": "5ea98d0f5f035c1bcf1517ccec0e024ae35a48b2",
"status": "affected",
"version": "74347a99e73ae00b8385f1209aaea193c670f901",
"versionType": "git"
},
{
"lessThan": "3d0078f8bddd58d9bb1ad40bbe929f8633abb276",
"status": "affected",
"version": "74347a99e73ae00b8385f1209aaea193c670f901",
"versionType": "git"
},
{
"lessThan": "792f232d57ff28bbd5f9c4abe0466b23d5879dc8",
"status": "affected",
"version": "74347a99e73ae00b8385f1209aaea193c670f901",
"versionType": "git"
},
{
"status": "affected",
"version": "caeeb3787167c884b955404a7e669fd77f267e44",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hv/vmbus_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.19.118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "5.4.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Fix potential crash on module unload\n\nThe vmbus driver relies on the panic notifier infrastructure to perform\nsome operations when a panic event is detected. Since vmbus can be built\nas module, it is required that the driver handles both registering and\nunregistering such panic notifier callback.\n\nAfter commit 74347a99e73a (\"x86/Hyper-V: Unload vmbus channel in hv panic callback\")\nthough, the panic notifier registration is done unconditionally in the module\ninitialization routine whereas the unregistering procedure is conditionally\nguarded and executes only if HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE capability\nis set.\n\nThis patch fixes that by unconditionally unregistering the panic notifier\nin the module\u0027s exit routine as well."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:17.900Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6b4c0149a56147b29169e07000d566162892722a"
},
{
"url": "https://git.kernel.org/stable/c/2133c422a103cf7c7768c37b9ac382e73b691892"
},
{
"url": "https://git.kernel.org/stable/c/cf580d2e3884dbafd6b90269b03a24d661578624"
},
{
"url": "https://git.kernel.org/stable/c/dcd6b1a624c0ffa21034d8b1e02e9d068458f596"
},
{
"url": "https://git.kernel.org/stable/c/5ea98d0f5f035c1bcf1517ccec0e024ae35a48b2"
},
{
"url": "https://git.kernel.org/stable/c/3d0078f8bddd58d9bb1ad40bbe929f8633abb276"
},
{
"url": "https://git.kernel.org/stable/c/792f232d57ff28bbd5f9c4abe0466b23d5879dc8"
}
],
"title": "Drivers: hv: vmbus: Fix potential crash on module unload",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49098",
"datePublished": "2025-02-26T01:54:50.073Z",
"dateReserved": "2025-02-26T01:49:39.250Z",
"dateUpdated": "2025-05-04T12:44:17.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49299 (GCVE-0-2022-49299)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-06-19T13:03:26.154Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49299",
"datePublished": "2025-02-26T02:10:34.977Z",
"dateRejected": "2025-06-19T13:03:26.154Z",
"dateReserved": "2025-02-26T02:08:31.534Z",
"dateUpdated": "2025-06-19T13:03:26.154Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49700 (GCVE-0-2022-49700)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/slub: add missing TID updates on slab deactivation
The fastpath in slab_alloc_node() assumes that c->slab is stable as long as
the TID stays the same. However, two places in __slab_alloc() currently
don't update the TID when deactivating the CPU slab.
If multiple operations race the right way, this could lead to an object
getting lost; or, in an even more unlikely situation, it could even lead to
an object being freed onto the wrong slab's freelist, messing up the
`inuse` counter and eventually causing a page to be freed to the page
allocator while it still contains slab objects.
(I haven't actually tested these cases though, this is just based on
looking at the code. Writing testcases for this stuff seems like it'd be
a pain...)
The race leading to state inconsistency is (all operations on the same CPU
and kmem_cache):
- task A: begin do_slab_free():
- read TID
- read pcpu freelist (==NULL)
- check `slab == c->slab` (true)
- [PREEMPT A->B]
- task B: begin slab_alloc_node():
- fastpath fails (`c->freelist` is NULL)
- enter __slab_alloc()
- slub_get_cpu_ptr() (disables preemption)
- enter ___slab_alloc()
- take local_lock_irqsave()
- read c->freelist as NULL
- get_freelist() returns NULL
- write `c->slab = NULL`
- drop local_unlock_irqrestore()
- goto new_slab
- slub_percpu_partial() is NULL
- get_partial() returns NULL
- slub_put_cpu_ptr() (enables preemption)
- [PREEMPT B->A]
- task A: finish do_slab_free():
- this_cpu_cmpxchg_double() succeeds()
- [CORRUPT STATE: c->slab==NULL, c->freelist!=NULL]
From there, the object on c->freelist will get lost if task B is allowed to
continue from here: It will proceed to the retry_load_slab label,
set c->slab, then jump to load_freelist, which clobbers c->freelist.
But if we instead continue as follows, we get worse corruption:
- task A: run __slab_free() on object from other struct slab:
- CPU_PARTIAL_FREE case (slab was on no list, is now on pcpu partial)
- task A: run slab_alloc_node() with NUMA node constraint:
- fastpath fails (c->slab is NULL)
- call __slab_alloc()
- slub_get_cpu_ptr() (disables preemption)
- enter ___slab_alloc()
- c->slab is NULL: goto new_slab
- slub_percpu_partial() is non-NULL
- set c->slab to slub_percpu_partial(c)
- [CORRUPT STATE: c->slab points to slab-1, c->freelist has objects
from slab-2]
- goto redo
- node_match() fails
- goto deactivate_slab
- existing c->freelist is passed into deactivate_slab()
- inuse count of slab-1 is decremented to account for object from
slab-2
At this point, the inuse count of slab-1 is 1 lower than it should be.
This means that if we free all allocated objects in slab-1 except for one,
SLUB will think that slab-1 is completely unused, and may free its page,
leading to use-after-free.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 03e404af26dc2ea0d278d7a342de0aab394793ce Version: 03e404af26dc2ea0d278d7a342de0aab394793ce Version: 03e404af26dc2ea0d278d7a342de0aab394793ce Version: 03e404af26dc2ea0d278d7a342de0aab394793ce Version: 03e404af26dc2ea0d278d7a342de0aab394793ce Version: 03e404af26dc2ea0d278d7a342de0aab394793ce Version: 03e404af26dc2ea0d278d7a342de0aab394793ce Version: 03e404af26dc2ea0d278d7a342de0aab394793ce |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:14:57.244122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:30.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/slub.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "308c6d0e1f200fd26c71270c6e6bfcf0fc6ff082",
"status": "affected",
"version": "03e404af26dc2ea0d278d7a342de0aab394793ce",
"versionType": "git"
},
{
"lessThan": "d6a597450e686d4c6388bd3cdcb17224b4dae7f0",
"status": "affected",
"version": "03e404af26dc2ea0d278d7a342de0aab394793ce",
"versionType": "git"
},
{
"lessThan": "e2b2f0e2e34d71ae6c2a1114fd3c525930e84bc7",
"status": "affected",
"version": "03e404af26dc2ea0d278d7a342de0aab394793ce",
"versionType": "git"
},
{
"lessThan": "e7e3e90d671078455a3a08189f89d85b3da2de9e",
"status": "affected",
"version": "03e404af26dc2ea0d278d7a342de0aab394793ce",
"versionType": "git"
},
{
"lessThan": "6c32496964da0dc230cea763a0e934b2e02dabd5",
"status": "affected",
"version": "03e404af26dc2ea0d278d7a342de0aab394793ce",
"versionType": "git"
},
{
"lessThan": "0515cc9b6b24877f59b222ade704bfaa42caa2a6",
"status": "affected",
"version": "03e404af26dc2ea0d278d7a342de0aab394793ce",
"versionType": "git"
},
{
"lessThan": "197e257da473c725dfe47759c3ee02f2398d8ea5",
"status": "affected",
"version": "03e404af26dc2ea0d278d7a342de0aab394793ce",
"versionType": "git"
},
{
"lessThan": "eeaa345e128515135ccb864c04482180c08e3259",
"status": "affected",
"version": "03e404af26dc2ea0d278d7a342de0aab394793ce",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/slub.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"lessThan": "3.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.288",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.252",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.205",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.323",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.288",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.252",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.205",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.130",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: add missing TID updates on slab deactivation\n\nThe fastpath in slab_alloc_node() assumes that c-\u003eslab is stable as long as\nthe TID stays the same. However, two places in __slab_alloc() currently\ndon\u0027t update the TID when deactivating the CPU slab.\n\nIf multiple operations race the right way, this could lead to an object\ngetting lost; or, in an even more unlikely situation, it could even lead to\nan object being freed onto the wrong slab\u0027s freelist, messing up the\n`inuse` counter and eventually causing a page to be freed to the page\nallocator while it still contains slab objects.\n\n(I haven\u0027t actually tested these cases though, this is just based on\nlooking at the code. Writing testcases for this stuff seems like it\u0027d be\na pain...)\n\nThe race leading to state inconsistency is (all operations on the same CPU\nand kmem_cache):\n\n - task A: begin do_slab_free():\n - read TID\n - read pcpu freelist (==NULL)\n - check `slab == c-\u003eslab` (true)\n - [PREEMPT A-\u003eB]\n - task B: begin slab_alloc_node():\n - fastpath fails (`c-\u003efreelist` is NULL)\n - enter __slab_alloc()\n - slub_get_cpu_ptr() (disables preemption)\n - enter ___slab_alloc()\n - take local_lock_irqsave()\n - read c-\u003efreelist as NULL\n - get_freelist() returns NULL\n - write `c-\u003eslab = NULL`\n - drop local_unlock_irqrestore()\n - goto new_slab\n - slub_percpu_partial() is NULL\n - get_partial() returns NULL\n - slub_put_cpu_ptr() (enables preemption)\n - [PREEMPT B-\u003eA]\n - task A: finish do_slab_free():\n - this_cpu_cmpxchg_double() succeeds()\n - [CORRUPT STATE: c-\u003eslab==NULL, c-\u003efreelist!=NULL]\n\nFrom there, the object on c-\u003efreelist will get lost if task B is allowed to\ncontinue from here: It will proceed to the retry_load_slab label,\nset c-\u003eslab, then jump to load_freelist, which clobbers c-\u003efreelist.\n\nBut if we instead continue as follows, we get worse corruption:\n\n - task A: run __slab_free() on object from other struct slab:\n - CPU_PARTIAL_FREE case (slab was on no list, is now on pcpu partial)\n - task A: run slab_alloc_node() with NUMA node constraint:\n - fastpath fails (c-\u003eslab is NULL)\n - call __slab_alloc()\n - slub_get_cpu_ptr() (disables preemption)\n - enter ___slab_alloc()\n - c-\u003eslab is NULL: goto new_slab\n - slub_percpu_partial() is non-NULL\n - set c-\u003eslab to slub_percpu_partial(c)\n - [CORRUPT STATE: c-\u003eslab points to slab-1, c-\u003efreelist has objects\n from slab-2]\n - goto redo\n - node_match() fails\n - goto deactivate_slab\n - existing c-\u003efreelist is passed into deactivate_slab()\n - inuse count of slab-1 is decremented to account for object from\n slab-2\n\nAt this point, the inuse count of slab-1 is 1 lower than it should be.\nThis means that if we free all allocated objects in slab-1 except for one,\nSLUB will think that slab-1 is completely unused, and may free its page,\nleading to use-after-free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:32.933Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/308c6d0e1f200fd26c71270c6e6bfcf0fc6ff082"
},
{
"url": "https://git.kernel.org/stable/c/d6a597450e686d4c6388bd3cdcb17224b4dae7f0"
},
{
"url": "https://git.kernel.org/stable/c/e2b2f0e2e34d71ae6c2a1114fd3c525930e84bc7"
},
{
"url": "https://git.kernel.org/stable/c/e7e3e90d671078455a3a08189f89d85b3da2de9e"
},
{
"url": "https://git.kernel.org/stable/c/6c32496964da0dc230cea763a0e934b2e02dabd5"
},
{
"url": "https://git.kernel.org/stable/c/0515cc9b6b24877f59b222ade704bfaa42caa2a6"
},
{
"url": "https://git.kernel.org/stable/c/197e257da473c725dfe47759c3ee02f2398d8ea5"
},
{
"url": "https://git.kernel.org/stable/c/eeaa345e128515135ccb864c04482180c08e3259"
}
],
"title": "mm/slub: add missing TID updates on slab deactivation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49700",
"datePublished": "2025-02-26T02:24:20.878Z",
"dateReserved": "2025-02-26T02:21:30.443Z",
"dateUpdated": "2025-05-04T08:43:32.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47638 (GCVE-0-2021-47638)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ubifs: rename_whiteout: Fix double free for whiteout_ui->data
'whiteout_ui->data' will be freed twice if space budget fail for
rename whiteout operation as following process:
rename_whiteout
dev = kmalloc
whiteout_ui->data = dev
kfree(whiteout_ui->data) // Free first time
iput(whiteout)
ubifs_free_inode
kfree(ui->data) // Double free!
KASAN reports:
==================================================================
BUG: KASAN: double-free or invalid-free in ubifs_free_inode+0x4f/0x70
Call Trace:
kfree+0x117/0x490
ubifs_free_inode+0x4f/0x70 [ubifs]
i_callback+0x30/0x60
rcu_do_batch+0x366/0xac0
__do_softirq+0x133/0x57f
Allocated by task 1506:
kmem_cache_alloc_trace+0x3c2/0x7a0
do_rename+0x9b7/0x1150 [ubifs]
ubifs_rename+0x106/0x1f0 [ubifs]
do_syscall_64+0x35/0x80
Freed by task 1506:
kfree+0x117/0x490
do_rename.cold+0x53/0x8a [ubifs]
ubifs_rename+0x106/0x1f0 [ubifs]
do_syscall_64+0x35/0x80
The buggy address belongs to the object at ffff88810238bed8 which
belongs to the cache kmalloc-8 of size 8
==================================================================
Let ubifs_free_inode() free 'whiteout_ui->data'. BTW, delete unused
assignment 'whiteout_ui->data_len = 0', process 'ubifs_evict_inode()
-> ubifs_jnl_delete_inode() -> ubifs_jnl_write_inode()' doesn't need it
(because 'inc_nlink(whiteout)' won't be excuted by 'goto out_release',
and the nlink of whiteout inode is 0).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:47.905064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:08.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ubifs/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8b3c7be16f3f4dfd6e15ac651484e59d3fa36274",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "2b3236ecf96db7af5836e1366ce39ace8ce832fa",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "14276d38c89a170363e90b6ac0a53c3cf61b87fc",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "a90e2dbe66d2647ff95a0442ad2e86482d977fd8",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "2ad07009c459e56ebdcc089d850d664660fdb742",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "b9a937f096e608b3368c1abc920d4d640ba2c94f",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "6d7a158a7363c1f6604aa47ae1a280a5c65123dd",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "40a8f0d5e7b3999f096570edab71c345da812e3e",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ubifs/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: rename_whiteout: Fix double free for whiteout_ui-\u003edata\n\n\u0027whiteout_ui-\u003edata\u0027 will be freed twice if space budget fail for\nrename whiteout operation as following process:\n\nrename_whiteout\n dev = kmalloc\n whiteout_ui-\u003edata = dev\n kfree(whiteout_ui-\u003edata) // Free first time\n iput(whiteout)\n ubifs_free_inode\n kfree(ui-\u003edata)\t // Double free!\n\nKASAN reports:\n==================================================================\nBUG: KASAN: double-free or invalid-free in ubifs_free_inode+0x4f/0x70\nCall Trace:\n kfree+0x117/0x490\n ubifs_free_inode+0x4f/0x70 [ubifs]\n i_callback+0x30/0x60\n rcu_do_batch+0x366/0xac0\n __do_softirq+0x133/0x57f\n\nAllocated by task 1506:\n kmem_cache_alloc_trace+0x3c2/0x7a0\n do_rename+0x9b7/0x1150 [ubifs]\n ubifs_rename+0x106/0x1f0 [ubifs]\n do_syscall_64+0x35/0x80\n\nFreed by task 1506:\n kfree+0x117/0x490\n do_rename.cold+0x53/0x8a [ubifs]\n ubifs_rename+0x106/0x1f0 [ubifs]\n do_syscall_64+0x35/0x80\n\nThe buggy address belongs to the object at ffff88810238bed8 which\nbelongs to the cache kmalloc-8 of size 8\n==================================================================\n\nLet ubifs_free_inode() free \u0027whiteout_ui-\u003edata\u0027. BTW, delete unused\nassignment \u0027whiteout_ui-\u003edata_len = 0\u0027, process \u0027ubifs_evict_inode()\n-\u003e ubifs_jnl_delete_inode() -\u003e ubifs_jnl_write_inode()\u0027 doesn\u0027t need it\n(because \u0027inc_nlink(whiteout)\u0027 won\u0027t be excuted by \u0027goto out_release\u0027,\n and the nlink of whiteout inode is 0)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:17.543Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8b3c7be16f3f4dfd6e15ac651484e59d3fa36274"
},
{
"url": "https://git.kernel.org/stable/c/2b3236ecf96db7af5836e1366ce39ace8ce832fa"
},
{
"url": "https://git.kernel.org/stable/c/14276d38c89a170363e90b6ac0a53c3cf61b87fc"
},
{
"url": "https://git.kernel.org/stable/c/a90e2dbe66d2647ff95a0442ad2e86482d977fd8"
},
{
"url": "https://git.kernel.org/stable/c/2ad07009c459e56ebdcc089d850d664660fdb742"
},
{
"url": "https://git.kernel.org/stable/c/b9a937f096e608b3368c1abc920d4d640ba2c94f"
},
{
"url": "https://git.kernel.org/stable/c/6d7a158a7363c1f6604aa47ae1a280a5c65123dd"
},
{
"url": "https://git.kernel.org/stable/c/40a8f0d5e7b3999f096570edab71c345da812e3e"
}
],
"title": "ubifs: rename_whiteout: Fix double free for whiteout_ui-\u003edata",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47638",
"datePublished": "2025-02-26T01:54:11.178Z",
"dateReserved": "2025-02-26T01:48:21.519Z",
"dateUpdated": "2025-10-01T19:57:08.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49519 (GCVE-0-2022-49519)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-09-15 12:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ath10k: skip ath10k_halt during suspend for driver state RESTARTING
Double free crash is observed when FW recovery(caused by wmi
timeout/crash) is followed by immediate suspend event. The FW recovery
is triggered by ath10k_core_restart() which calls driver clean up via
ath10k_halt(). When the suspend event occurs between the FW recovery,
the restart worker thread is put into frozen state until suspend completes.
The suspend event triggers ath10k_stop() which again triggers ath10k_halt()
The double invocation of ath10k_halt() causes ath10k_htt_rx_free() to be
called twice(Note: ath10k_htt_rx_alloc was not called by restart worker
thread because of its frozen state), causing the crash.
To fix this, during the suspend flow, skip call to ath10k_halt() in
ath10k_stop() when the current driver state is ATH10K_STATE_RESTARTING.
Also, for driver state ATH10K_STATE_RESTARTING, call
ath10k_wait_for_suspend() in ath10k_stop(). This is because call to
ath10k_wait_for_suspend() is skipped later in
[ath10k_halt() > ath10k_core_stop()] for the driver state
ATH10K_STATE_RESTARTING.
The frozen restart worker thread will be cancelled during resume when the
device comes out of suspend.
Below is the crash stack for reference:
[ 428.469167] ------------[ cut here ]------------
[ 428.469180] kernel BUG at mm/slub.c:4150!
[ 428.469193] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 428.469219] Workqueue: events_unbound async_run_entry_fn
[ 428.469230] RIP: 0010:kfree+0x319/0x31b
[ 428.469241] RSP: 0018:ffffa1fac015fc30 EFLAGS: 00010246
[ 428.469247] RAX: ffffedb10419d108 RBX: ffff8c05262b0000
[ 428.469252] RDX: ffff8c04a8c07000 RSI: 0000000000000000
[ 428.469256] RBP: ffffa1fac015fc78 R08: 0000000000000000
[ 428.469276] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 428.469285] Call Trace:
[ 428.469295] ? dma_free_attrs+0x5f/0x7d
[ 428.469320] ath10k_core_stop+0x5b/0x6f
[ 428.469336] ath10k_halt+0x126/0x177
[ 428.469352] ath10k_stop+0x41/0x7e
[ 428.469387] drv_stop+0x88/0x10e
[ 428.469410] __ieee80211_suspend+0x297/0x411
[ 428.469441] rdev_suspend+0x6e/0xd0
[ 428.469462] wiphy_suspend+0xb1/0x105
[ 428.469483] ? name_show+0x2d/0x2d
[ 428.469490] dpm_run_callback+0x8c/0x126
[ 428.469511] ? name_show+0x2d/0x2d
[ 428.469517] __device_suspend+0x2e7/0x41b
[ 428.469523] async_suspend+0x1f/0x93
[ 428.469529] async_run_entry_fn+0x3d/0xd1
[ 428.469535] process_one_work+0x1b1/0x329
[ 428.469541] worker_thread+0x213/0x372
[ 428.469547] kthread+0x150/0x15f
[ 428.469552] ? pr_cont_work+0x58/0x58
[ 428.469558] ? kthread_blkcg+0x31/0x31
Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00288-QCARMSWPZ-1
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath10k/mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8aa3750986ffcf73e0692db3b40dd3a8e8c0c575",
"status": "affected",
"version": "5e3dd157d7e70f0e3cea3f2573ed69fb156a19d5",
"versionType": "git"
},
{
"lessThan": "c2272428090d0d215a3f017cbbbad731c07eee53",
"status": "affected",
"version": "5e3dd157d7e70f0e3cea3f2573ed69fb156a19d5",
"versionType": "git"
},
{
"lessThan": "7eb14cb604f49e58b7cf6faa87961a865a3c8649",
"status": "affected",
"version": "5e3dd157d7e70f0e3cea3f2573ed69fb156a19d5",
"versionType": "git"
},
{
"lessThan": "5321e5211b5dc873e2e3d0deb749e69ecf4dbfe5",
"status": "affected",
"version": "5e3dd157d7e70f0e3cea3f2573ed69fb156a19d5",
"versionType": "git"
},
{
"lessThan": "b72a4aff947ba807177bdabb43debaf2c66bee05",
"status": "affected",
"version": "5e3dd157d7e70f0e3cea3f2573ed69fb156a19d5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath10k/mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.11"
},
{
"lessThan": "3.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath10k: skip ath10k_halt during suspend for driver state RESTARTING\n\nDouble free crash is observed when FW recovery(caused by wmi\ntimeout/crash) is followed by immediate suspend event. The FW recovery\nis triggered by ath10k_core_restart() which calls driver clean up via\nath10k_halt(). When the suspend event occurs between the FW recovery,\nthe restart worker thread is put into frozen state until suspend completes.\nThe suspend event triggers ath10k_stop() which again triggers ath10k_halt()\nThe double invocation of ath10k_halt() causes ath10k_htt_rx_free() to be\ncalled twice(Note: ath10k_htt_rx_alloc was not called by restart worker\nthread because of its frozen state), causing the crash.\n\nTo fix this, during the suspend flow, skip call to ath10k_halt() in\nath10k_stop() when the current driver state is ATH10K_STATE_RESTARTING.\nAlso, for driver state ATH10K_STATE_RESTARTING, call\nath10k_wait_for_suspend() in ath10k_stop(). This is because call to\nath10k_wait_for_suspend() is skipped later in\n[ath10k_halt() \u003e ath10k_core_stop()] for the driver state\nATH10K_STATE_RESTARTING.\n\nThe frozen restart worker thread will be cancelled during resume when the\ndevice comes out of suspend.\n\nBelow is the crash stack for reference:\n\n[ 428.469167] ------------[ cut here ]------------\n[ 428.469180] kernel BUG at mm/slub.c:4150!\n[ 428.469193] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 428.469219] Workqueue: events_unbound async_run_entry_fn\n[ 428.469230] RIP: 0010:kfree+0x319/0x31b\n[ 428.469241] RSP: 0018:ffffa1fac015fc30 EFLAGS: 00010246\n[ 428.469247] RAX: ffffedb10419d108 RBX: ffff8c05262b0000\n[ 428.469252] RDX: ffff8c04a8c07000 RSI: 0000000000000000\n[ 428.469256] RBP: ffffa1fac015fc78 R08: 0000000000000000\n[ 428.469276] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 428.469285] Call Trace:\n[ 428.469295] ? dma_free_attrs+0x5f/0x7d\n[ 428.469320] ath10k_core_stop+0x5b/0x6f\n[ 428.469336] ath10k_halt+0x126/0x177\n[ 428.469352] ath10k_stop+0x41/0x7e\n[ 428.469387] drv_stop+0x88/0x10e\n[ 428.469410] __ieee80211_suspend+0x297/0x411\n[ 428.469441] rdev_suspend+0x6e/0xd0\n[ 428.469462] wiphy_suspend+0xb1/0x105\n[ 428.469483] ? name_show+0x2d/0x2d\n[ 428.469490] dpm_run_callback+0x8c/0x126\n[ 428.469511] ? name_show+0x2d/0x2d\n[ 428.469517] __device_suspend+0x2e7/0x41b\n[ 428.469523] async_suspend+0x1f/0x93\n[ 428.469529] async_run_entry_fn+0x3d/0xd1\n[ 428.469535] process_one_work+0x1b1/0x329\n[ 428.469541] worker_thread+0x213/0x372\n[ 428.469547] kthread+0x150/0x15f\n[ 428.469552] ? pr_cont_work+0x58/0x58\n[ 428.469558] ? kthread_blkcg+0x31/0x31\n\nTested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00288-QCARMSWPZ-1"
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T12:14:07.773Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8aa3750986ffcf73e0692db3b40dd3a8e8c0c575"
},
{
"url": "https://git.kernel.org/stable/c/c2272428090d0d215a3f017cbbbad731c07eee53"
},
{
"url": "https://git.kernel.org/stable/c/7eb14cb604f49e58b7cf6faa87961a865a3c8649"
},
{
"url": "https://git.kernel.org/stable/c/5321e5211b5dc873e2e3d0deb749e69ecf4dbfe5"
},
{
"url": "https://git.kernel.org/stable/c/b72a4aff947ba807177bdabb43debaf2c66bee05"
}
],
"title": "ath10k: skip ath10k_halt during suspend for driver state RESTARTING",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49519",
"datePublished": "2025-02-26T02:13:45.857Z",
"dateReserved": "2025-02-26T02:08:31.588Z",
"dateUpdated": "2025-09-15T12:14:07.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49618 (GCVE-0-2022-49618)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()
pdesc could be null but still dereference pdesc->name and it will lead to
a null pointer access. So we move a null check before dereference.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:34:48.286581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:51.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/aspeed/pinctrl-aspeed.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ef1e38532f4b2f0f3b460e938a2e7076c3bed5ee",
"status": "affected",
"version": "4d3d0e4272d8d660f5f14f5abcf96fb4df1aa94b",
"versionType": "git"
},
{
"lessThan": "3cb392b64304a05bf647e2e44efacd9a1f3c3c6a",
"status": "affected",
"version": "4d3d0e4272d8d660f5f14f5abcf96fb4df1aa94b",
"versionType": "git"
},
{
"lessThan": "e162a24f1dd06c0dcae71f2565c9f3da2827b98e",
"status": "affected",
"version": "4d3d0e4272d8d660f5f14f5abcf96fb4df1aa94b",
"versionType": "git"
},
{
"lessThan": "84a85d3fef2e75b1fe9fc2af6f5267122555a1ed",
"status": "affected",
"version": "4d3d0e4272d8d660f5f14f5abcf96fb4df1aa94b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/aspeed/pinctrl-aspeed.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()\n\npdesc could be null but still dereference pdesc-\u003ename and it will lead to\na null pointer access. So we move a null check before dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:54.194Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ef1e38532f4b2f0f3b460e938a2e7076c3bed5ee"
},
{
"url": "https://git.kernel.org/stable/c/3cb392b64304a05bf647e2e44efacd9a1f3c3c6a"
},
{
"url": "https://git.kernel.org/stable/c/e162a24f1dd06c0dcae71f2565c9f3da2827b98e"
},
{
"url": "https://git.kernel.org/stable/c/84a85d3fef2e75b1fe9fc2af6f5267122555a1ed"
}
],
"title": "pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49618",
"datePublished": "2025-02-26T02:23:37.185Z",
"dateReserved": "2025-02-26T02:21:30.419Z",
"dateUpdated": "2025-10-01T19:36:51.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49248 (GCVE-0-2022-49248)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
AV/C deferred transaction was supported at a commit 00a7bb81c20f ("ALSA:
firewire-lib: Add support for deferred transaction") while 'deferrable'
flag can be uninitialized for non-control/notify AV/C transactions.
UBSAN reports it:
kernel: ================================================================================
kernel: UBSAN: invalid-load in /build/linux-aa0B4d/linux-5.15.0/sound/firewire/fcp.c:363:9
kernel: load of value 158 is not a valid value for type '_Bool'
kernel: CPU: 3 PID: 182227 Comm: irq/35-firewire Tainted: P OE 5.15.0-18-generic #18-Ubuntu
kernel: Hardware name: Gigabyte Technology Co., Ltd. AX370-Gaming 5/AX370-Gaming 5, BIOS F42b 08/01/2019
kernel: Call Trace:
kernel: <IRQ>
kernel: show_stack+0x52/0x58
kernel: dump_stack_lvl+0x4a/0x5f
kernel: dump_stack+0x10/0x12
kernel: ubsan_epilogue+0x9/0x45
kernel: __ubsan_handle_load_invalid_value.cold+0x44/0x49
kernel: fcp_response.part.0.cold+0x1a/0x2b [snd_firewire_lib]
kernel: fcp_response+0x28/0x30 [snd_firewire_lib]
kernel: fw_core_handle_request+0x230/0x3d0 [firewire_core]
kernel: handle_ar_packet+0x1d9/0x200 [firewire_ohci]
kernel: ? handle_ar_packet+0x1d9/0x200 [firewire_ohci]
kernel: ? transmit_complete_callback+0x9f/0x120 [firewire_core]
kernel: ar_context_tasklet+0xa8/0x2e0 [firewire_ohci]
kernel: tasklet_action_common.constprop.0+0xea/0xf0
kernel: tasklet_action+0x22/0x30
kernel: __do_softirq+0xd9/0x2e3
kernel: ? irq_finalize_oneshot.part.0+0xf0/0xf0
kernel: do_softirq+0x75/0xa0
kernel: </IRQ>
kernel: <TASK>
kernel: __local_bh_enable_ip+0x50/0x60
kernel: irq_forced_thread_fn+0x7e/0x90
kernel: irq_thread+0xba/0x190
kernel: ? irq_thread_fn+0x60/0x60
kernel: kthread+0x11e/0x140
kernel: ? irq_thread_check_affinity+0xf0/0xf0
kernel: ? set_kthread_struct+0x50/0x50
kernel: ret_from_fork+0x22/0x30
kernel: </TASK>
kernel: ================================================================================
This commit fixes the bug. The bug has no disadvantage for the non-
control/notify AV/C transactions since the flag has an effect for AV/C
response with INTERIM (0x0f) status which is not used for the transactions
in AV/C general specification.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 00a7bb81c20f3e81711e28e0f6c08cee8fd18514 Version: 00a7bb81c20f3e81711e28e0f6c08cee8fd18514 Version: 00a7bb81c20f3e81711e28e0f6c08cee8fd18514 Version: 00a7bb81c20f3e81711e28e0f6c08cee8fd18514 Version: 00a7bb81c20f3e81711e28e0f6c08cee8fd18514 Version: 00a7bb81c20f3e81711e28e0f6c08cee8fd18514 Version: 00a7bb81c20f3e81711e28e0f6c08cee8fd18514 Version: 00a7bb81c20f3e81711e28e0f6c08cee8fd18514 Version: 00a7bb81c20f3e81711e28e0f6c08cee8fd18514 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/firewire/fcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "99582e4b19f367fa95bdd150b3034d7ce8113342",
"status": "affected",
"version": "00a7bb81c20f3e81711e28e0f6c08cee8fd18514",
"versionType": "git"
},
{
"lessThan": "b2b65c9013dc28836d82e25d0f0c94d794a14aba",
"status": "affected",
"version": "00a7bb81c20f3e81711e28e0f6c08cee8fd18514",
"versionType": "git"
},
{
"lessThan": "60e5d391805d70458a01998de00d0c28cba40bf3",
"status": "affected",
"version": "00a7bb81c20f3e81711e28e0f6c08cee8fd18514",
"versionType": "git"
},
{
"lessThan": "7025f40690a235a118c87674cfb93072694aa66d",
"status": "affected",
"version": "00a7bb81c20f3e81711e28e0f6c08cee8fd18514",
"versionType": "git"
},
{
"lessThan": "7e6f5786621df060f8296f074efd275eaf20361a",
"status": "affected",
"version": "00a7bb81c20f3e81711e28e0f6c08cee8fd18514",
"versionType": "git"
},
{
"lessThan": "eab74c41612083bd627b60da650e19234e4f1051",
"status": "affected",
"version": "00a7bb81c20f3e81711e28e0f6c08cee8fd18514",
"versionType": "git"
},
{
"lessThan": "d07e4bbaff6fbba6f70c04b092ea7d9afcdf392e",
"status": "affected",
"version": "00a7bb81c20f3e81711e28e0f6c08cee8fd18514",
"versionType": "git"
},
{
"lessThan": "39d2c4a33dc1b4402cec68a3c8f82c6588b6edce",
"status": "affected",
"version": "00a7bb81c20f3e81711e28e0f6c08cee8fd18514",
"versionType": "git"
},
{
"lessThan": "bf0cd60b7e33cf221fbe1114e4acb2c828b0af0d",
"status": "affected",
"version": "00a7bb81c20f3e81711e28e0f6c08cee8fd18514",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/firewire/fcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction\n\nAV/C deferred transaction was supported at a commit 00a7bb81c20f (\"ALSA:\nfirewire-lib: Add support for deferred transaction\") while \u0027deferrable\u0027\nflag can be uninitialized for non-control/notify AV/C transactions.\nUBSAN reports it:\n\nkernel: ================================================================================\nkernel: UBSAN: invalid-load in /build/linux-aa0B4d/linux-5.15.0/sound/firewire/fcp.c:363:9\nkernel: load of value 158 is not a valid value for type \u0027_Bool\u0027\nkernel: CPU: 3 PID: 182227 Comm: irq/35-firewire Tainted: P OE 5.15.0-18-generic #18-Ubuntu\nkernel: Hardware name: Gigabyte Technology Co., Ltd. AX370-Gaming 5/AX370-Gaming 5, BIOS F42b 08/01/2019\nkernel: Call Trace:\nkernel: \u003cIRQ\u003e\nkernel: show_stack+0x52/0x58\nkernel: dump_stack_lvl+0x4a/0x5f\nkernel: dump_stack+0x10/0x12\nkernel: ubsan_epilogue+0x9/0x45\nkernel: __ubsan_handle_load_invalid_value.cold+0x44/0x49\nkernel: fcp_response.part.0.cold+0x1a/0x2b [snd_firewire_lib]\nkernel: fcp_response+0x28/0x30 [snd_firewire_lib]\nkernel: fw_core_handle_request+0x230/0x3d0 [firewire_core]\nkernel: handle_ar_packet+0x1d9/0x200 [firewire_ohci]\nkernel: ? handle_ar_packet+0x1d9/0x200 [firewire_ohci]\nkernel: ? transmit_complete_callback+0x9f/0x120 [firewire_core]\nkernel: ar_context_tasklet+0xa8/0x2e0 [firewire_ohci]\nkernel: tasklet_action_common.constprop.0+0xea/0xf0\nkernel: tasklet_action+0x22/0x30\nkernel: __do_softirq+0xd9/0x2e3\nkernel: ? irq_finalize_oneshot.part.0+0xf0/0xf0\nkernel: do_softirq+0x75/0xa0\nkernel: \u003c/IRQ\u003e\nkernel: \u003cTASK\u003e\nkernel: __local_bh_enable_ip+0x50/0x60\nkernel: irq_forced_thread_fn+0x7e/0x90\nkernel: irq_thread+0xba/0x190\nkernel: ? irq_thread_fn+0x60/0x60\nkernel: kthread+0x11e/0x140\nkernel: ? irq_thread_check_affinity+0xf0/0xf0\nkernel: ? set_kthread_struct+0x50/0x50\nkernel: ret_from_fork+0x22/0x30\nkernel: \u003c/TASK\u003e\nkernel: ================================================================================\n\nThis commit fixes the bug. The bug has no disadvantage for the non-\ncontrol/notify AV/C transactions since the flag has an effect for AV/C\nresponse with INTERIM (0x0f) status which is not used for the transactions\nin AV/C general specification."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:19.120Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/99582e4b19f367fa95bdd150b3034d7ce8113342"
},
{
"url": "https://git.kernel.org/stable/c/b2b65c9013dc28836d82e25d0f0c94d794a14aba"
},
{
"url": "https://git.kernel.org/stable/c/60e5d391805d70458a01998de00d0c28cba40bf3"
},
{
"url": "https://git.kernel.org/stable/c/7025f40690a235a118c87674cfb93072694aa66d"
},
{
"url": "https://git.kernel.org/stable/c/7e6f5786621df060f8296f074efd275eaf20361a"
},
{
"url": "https://git.kernel.org/stable/c/eab74c41612083bd627b60da650e19234e4f1051"
},
{
"url": "https://git.kernel.org/stable/c/d07e4bbaff6fbba6f70c04b092ea7d9afcdf392e"
},
{
"url": "https://git.kernel.org/stable/c/39d2c4a33dc1b4402cec68a3c8f82c6588b6edce"
},
{
"url": "https://git.kernel.org/stable/c/bf0cd60b7e33cf221fbe1114e4acb2c828b0af0d"
}
],
"title": "ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49248",
"datePublished": "2025-02-26T01:56:06.709Z",
"dateReserved": "2025-02-26T01:49:39.295Z",
"dateUpdated": "2025-05-04T08:33:19.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49307 (GCVE-0-2022-49307)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
When the driver fails at alloc_hdlcdev(), and then we remove the driver
module, we will get the following splat:
[ 25.065966] general protection fault, probably for non-canonical address 0xdffffc0000000182: 0000 [#1] PREEMPT SMP KASAN PTI
[ 25.066914] KASAN: null-ptr-deref in range [0x0000000000000c10-0x0000000000000c17]
[ 25.069262] RIP: 0010:detach_hdlc_protocol+0x2a/0x3e0
[ 25.077709] Call Trace:
[ 25.077924] <TASK>
[ 25.078108] unregister_hdlc_device+0x16/0x30
[ 25.078481] slgt_cleanup+0x157/0x9f0 [synclink_gt]
Fix this by checking whether the 'info->netdev' is a null pointer first.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:25.712102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:58.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/synclink_gt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "50c341f9a2adc4c32a8ad5a39eb99d9c4a419e0d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "078212ad15dbd88840c82c97f12c93d83703c8fd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ba08cbc5b53e151d0acf1930fb526fc65b7f3e65",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f6e07eb7ebec53ffe81fc2489589320fbe4a6b75",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d68d5e68b7f64de7170f8e04dd9b995c36b2c71c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8a95696bdc0e13f8980f05b54a3b9081963d1256",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ddd67751ab86c6a65f95c35293c42f85a42ac05d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1ceb4ca9543a8a788febf6bc8dad2e605e172d5e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "689ca31c542687709ba21ec2195c1fbce34fd029",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/synclink_gt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: synclink_gt: Fix null-pointer-dereference in slgt_clean()\n\nWhen the driver fails at alloc_hdlcdev(), and then we remove the driver\nmodule, we will get the following splat:\n\n[ 25.065966] general protection fault, probably for non-canonical address 0xdffffc0000000182: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 25.066914] KASAN: null-ptr-deref in range [0x0000000000000c10-0x0000000000000c17]\n[ 25.069262] RIP: 0010:detach_hdlc_protocol+0x2a/0x3e0\n[ 25.077709] Call Trace:\n[ 25.077924] \u003cTASK\u003e\n[ 25.078108] unregister_hdlc_device+0x16/0x30\n[ 25.078481] slgt_cleanup+0x157/0x9f0 [synclink_gt]\n\nFix this by checking whether the \u0027info-\u003enetdev\u0027 is a null pointer first."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:46.705Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/50c341f9a2adc4c32a8ad5a39eb99d9c4a419e0d"
},
{
"url": "https://git.kernel.org/stable/c/078212ad15dbd88840c82c97f12c93d83703c8fd"
},
{
"url": "https://git.kernel.org/stable/c/ba08cbc5b53e151d0acf1930fb526fc65b7f3e65"
},
{
"url": "https://git.kernel.org/stable/c/f6e07eb7ebec53ffe81fc2489589320fbe4a6b75"
},
{
"url": "https://git.kernel.org/stable/c/d68d5e68b7f64de7170f8e04dd9b995c36b2c71c"
},
{
"url": "https://git.kernel.org/stable/c/8a95696bdc0e13f8980f05b54a3b9081963d1256"
},
{
"url": "https://git.kernel.org/stable/c/ddd67751ab86c6a65f95c35293c42f85a42ac05d"
},
{
"url": "https://git.kernel.org/stable/c/1ceb4ca9543a8a788febf6bc8dad2e605e172d5e"
},
{
"url": "https://git.kernel.org/stable/c/689ca31c542687709ba21ec2195c1fbce34fd029"
}
],
"title": "tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49307",
"datePublished": "2025-02-26T02:10:39.151Z",
"dateReserved": "2025-02-26T02:08:31.535Z",
"dateUpdated": "2025-10-01T19:46:58.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49341 (GCVE-0-2022-49341)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Clear prog->jited_len along prog->jited
syzbot reported an illegal copy_to_user() attempt
from bpf_prog_get_info_by_fd() [1]
There was no repro yet on this bug, but I think
that commit 0aef499f3172 ("mm/usercopy: Detect vmalloc overruns")
is exposing a prior bug in bpf arm64.
bpf_prog_get_info_by_fd() looks at prog->jited_len
to determine if the JIT image can be copied out to user space.
My theory is that syzbot managed to get a prog where prog->jited_len
has been set to 43, while prog->bpf_func has ben cleared.
It is not clear why copy_to_user(uinsns, NULL, ulen) is triggering
this particular warning.
I thought find_vma_area(NULL) would not find a vm_struct.
As we do not hold vmap_area_lock spinlock, it might be possible
that the found vm_struct was garbage.
[1]
usercopy: Kernel memory exposure attempt detected from vmalloc (offset 792633534417210172, size 43)!
kernel BUG at mm/usercopy.c:101!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 25002 Comm: syz-executor.1 Not tainted 5.18.0-syzkaller-10139-g8291eaafed36 #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usercopy_abort+0x90/0x94 mm/usercopy.c:101
lr : usercopy_abort+0x90/0x94 mm/usercopy.c:89
sp : ffff80000b773a20
x29: ffff80000b773a30 x28: faff80000b745000 x27: ffff80000b773b48
x26: 0000000000000000 x25: 000000000000002b x24: 0000000000000000
x23: 00000000000000e0 x22: ffff80000b75db67 x21: 0000000000000001
x20: 000000000000002b x19: ffff80000b75db3c x18: 00000000fffffffd
x17: 2820636f6c6c616d x16: 76206d6f72662064 x15: 6574636574656420
x14: 74706d6574746120 x13: 2129333420657a69 x12: 73202c3237313031
x11: 3237313434333533 x10: 3336323937207465 x9 : 657275736f707865
x8 : ffff80000a30c550 x7 : ffff80000b773830 x6 : ffff80000b773830
x5 : 0000000000000000 x4 : ffff00007fbbaa10 x3 : 0000000000000000
x2 : 0000000000000000 x1 : f7ff000028fc0000 x0 : 0000000000000064
Call trace:
usercopy_abort+0x90/0x94 mm/usercopy.c:89
check_heap_object mm/usercopy.c:186 [inline]
__check_object_size mm/usercopy.c:252 [inline]
__check_object_size+0x198/0x36c mm/usercopy.c:214
check_object_size include/linux/thread_info.h:199 [inline]
check_copy_size include/linux/thread_info.h:235 [inline]
copy_to_user include/linux/uaccess.h:159 [inline]
bpf_prog_get_info_by_fd.isra.0+0xf14/0xfdc kernel/bpf/syscall.c:3993
bpf_obj_get_info_by_fd+0x12c/0x510 kernel/bpf/syscall.c:4253
__sys_bpf+0x900/0x2150 kernel/bpf/syscall.c:4956
__do_sys_bpf kernel/bpf/syscall.c:5021 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5019 [inline]
__arm64_sys_bpf+0x28/0x40 kernel/bpf/syscall.c:5019
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142
do_el0_svc+0xa0/0xc0 arch/arm64/kernel/syscall.c:206
el0_svc+0x44/0xb0 arch/arm64/kernel/entry-common.c:624
el0t_64_sync_handler+0x1ac/0x1b0 arch/arm64/kernel/entry-common.c:642
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:581
Code: aa0003e3 d00038c0 91248000 97fff65f (d4210000)
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: db496944fdaaf2a67d2f60529f5dc23abf809506 Version: db496944fdaaf2a67d2f60529f5dc23abf809506 Version: db496944fdaaf2a67d2f60529f5dc23abf809506 Version: db496944fdaaf2a67d2f60529f5dc23abf809506 Version: db496944fdaaf2a67d2f60529f5dc23abf809506 Version: db496944fdaaf2a67d2f60529f5dc23abf809506 Version: db496944fdaaf2a67d2f60529f5dc23abf809506 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/net/bpf_jit_comp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "aaf61a312af63e1cfe2264c4c5b8cd4ea3626025",
"status": "affected",
"version": "db496944fdaaf2a67d2f60529f5dc23abf809506",
"versionType": "git"
},
{
"lessThan": "e412b3d178ea4bf746f6b8ee086761613704c6be",
"status": "affected",
"version": "db496944fdaaf2a67d2f60529f5dc23abf809506",
"versionType": "git"
},
{
"lessThan": "0cf7aaff290cdc4d7cee683d4a18138b0dacac48",
"status": "affected",
"version": "db496944fdaaf2a67d2f60529f5dc23abf809506",
"versionType": "git"
},
{
"lessThan": "3f4d5e727aeaa610688d46c9f101f78b7f712583",
"status": "affected",
"version": "db496944fdaaf2a67d2f60529f5dc23abf809506",
"versionType": "git"
},
{
"lessThan": "5c25a3040bc0486c41a7b63a1fb0de7cdb846ad7",
"status": "affected",
"version": "db496944fdaaf2a67d2f60529f5dc23abf809506",
"versionType": "git"
},
{
"lessThan": "41f7c4f85d402043687e863627a1a84fa867c62d",
"status": "affected",
"version": "db496944fdaaf2a67d2f60529f5dc23abf809506",
"versionType": "git"
},
{
"lessThan": "10f3b29c65bb2fe0d47c2945cd0b4087be1c5218",
"status": "affected",
"version": "db496944fdaaf2a67d2f60529f5dc23abf809506",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/net/bpf_jit_comp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Clear prog-\u003ejited_len along prog-\u003ejited\n\nsyzbot reported an illegal copy_to_user() attempt\nfrom bpf_prog_get_info_by_fd() [1]\n\nThere was no repro yet on this bug, but I think\nthat commit 0aef499f3172 (\"mm/usercopy: Detect vmalloc overruns\")\nis exposing a prior bug in bpf arm64.\n\nbpf_prog_get_info_by_fd() looks at prog-\u003ejited_len\nto determine if the JIT image can be copied out to user space.\n\nMy theory is that syzbot managed to get a prog where prog-\u003ejited_len\nhas been set to 43, while prog-\u003ebpf_func has ben cleared.\n\nIt is not clear why copy_to_user(uinsns, NULL, ulen) is triggering\nthis particular warning.\n\nI thought find_vma_area(NULL) would not find a vm_struct.\nAs we do not hold vmap_area_lock spinlock, it might be possible\nthat the found vm_struct was garbage.\n\n[1]\nusercopy: Kernel memory exposure attempt detected from vmalloc (offset 792633534417210172, size 43)!\nkernel BUG at mm/usercopy.c:101!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 25002 Comm: syz-executor.1 Not tainted 5.18.0-syzkaller-10139-g8291eaafed36 #0\nHardware name: linux,dummy-virt (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : usercopy_abort+0x90/0x94 mm/usercopy.c:101\nlr : usercopy_abort+0x90/0x94 mm/usercopy.c:89\nsp : ffff80000b773a20\nx29: ffff80000b773a30 x28: faff80000b745000 x27: ffff80000b773b48\nx26: 0000000000000000 x25: 000000000000002b x24: 0000000000000000\nx23: 00000000000000e0 x22: ffff80000b75db67 x21: 0000000000000001\nx20: 000000000000002b x19: ffff80000b75db3c x18: 00000000fffffffd\nx17: 2820636f6c6c616d x16: 76206d6f72662064 x15: 6574636574656420\nx14: 74706d6574746120 x13: 2129333420657a69 x12: 73202c3237313031\nx11: 3237313434333533 x10: 3336323937207465 x9 : 657275736f707865\nx8 : ffff80000a30c550 x7 : ffff80000b773830 x6 : ffff80000b773830\nx5 : 0000000000000000 x4 : ffff00007fbbaa10 x3 : 0000000000000000\nx2 : 0000000000000000 x1 : f7ff000028fc0000 x0 : 0000000000000064\nCall trace:\n usercopy_abort+0x90/0x94 mm/usercopy.c:89\n check_heap_object mm/usercopy.c:186 [inline]\n __check_object_size mm/usercopy.c:252 [inline]\n __check_object_size+0x198/0x36c mm/usercopy.c:214\n check_object_size include/linux/thread_info.h:199 [inline]\n check_copy_size include/linux/thread_info.h:235 [inline]\n copy_to_user include/linux/uaccess.h:159 [inline]\n bpf_prog_get_info_by_fd.isra.0+0xf14/0xfdc kernel/bpf/syscall.c:3993\n bpf_obj_get_info_by_fd+0x12c/0x510 kernel/bpf/syscall.c:4253\n __sys_bpf+0x900/0x2150 kernel/bpf/syscall.c:4956\n __do_sys_bpf kernel/bpf/syscall.c:5021 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5019 [inline]\n __arm64_sys_bpf+0x28/0x40 kernel/bpf/syscall.c:5019\n __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]\n invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52\n el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142\n do_el0_svc+0xa0/0xc0 arch/arm64/kernel/syscall.c:206\n el0_svc+0x44/0xb0 arch/arm64/kernel/entry-common.c:624\n el0t_64_sync_handler+0x1ac/0x1b0 arch/arm64/kernel/entry-common.c:642\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:581\nCode: aa0003e3 d00038c0 91248000 97fff65f (d4210000)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:40.168Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/aaf61a312af63e1cfe2264c4c5b8cd4ea3626025"
},
{
"url": "https://git.kernel.org/stable/c/e412b3d178ea4bf746f6b8ee086761613704c6be"
},
{
"url": "https://git.kernel.org/stable/c/0cf7aaff290cdc4d7cee683d4a18138b0dacac48"
},
{
"url": "https://git.kernel.org/stable/c/3f4d5e727aeaa610688d46c9f101f78b7f712583"
},
{
"url": "https://git.kernel.org/stable/c/5c25a3040bc0486c41a7b63a1fb0de7cdb846ad7"
},
{
"url": "https://git.kernel.org/stable/c/41f7c4f85d402043687e863627a1a84fa867c62d"
},
{
"url": "https://git.kernel.org/stable/c/10f3b29c65bb2fe0d47c2945cd0b4087be1c5218"
}
],
"title": "bpf, arm64: Clear prog-\u003ejited_len along prog-\u003ejited",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49341",
"datePublished": "2025-02-26T02:10:58.118Z",
"dateReserved": "2025-02-26T02:08:31.541Z",
"dateUpdated": "2025-05-04T08:35:40.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49621 (GCVE-0-2022-49621)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: pmac32-cpufreq: Fix refcount leak bug
In pmac_cpufreq_init_MacRISC3(), we need to add corresponding
of_node_put() for the three node pointers whose refcount have
been incremented by of_find_node_by_name().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:34:37.989846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:50.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/cpufreq/pmac32-cpufreq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4f242486bf46d314b2e3838cc64b56f008a3c4d7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "37c16fc2cb13a13f3c0193bfc6f2edef7d7df7d7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4585890ab2dbf455d80e254d3d859d4c1e357920",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8dda30f81c751b01cd71f2cfaeef26ad4393b1d1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3ea9dbf7c2f436952bca331c6f5d72f75aca224e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "57289b6601fe78c09921599b042a0b430fb420ec",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4513018d0bd739097570d26a7760551cba3deb56",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ccd7567d4b6cf187fdfa55f003a9e461ee629e36",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/cpufreq/pmac32-cpufreq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.289",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: pmac32-cpufreq: Fix refcount leak bug\n\nIn pmac_cpufreq_init_MacRISC3(), we need to add corresponding\nof_node_put() for the three node pointers whose refcount have\nbeen incremented by of_find_node_by_name()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:57.804Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4f242486bf46d314b2e3838cc64b56f008a3c4d7"
},
{
"url": "https://git.kernel.org/stable/c/37c16fc2cb13a13f3c0193bfc6f2edef7d7df7d7"
},
{
"url": "https://git.kernel.org/stable/c/4585890ab2dbf455d80e254d3d859d4c1e357920"
},
{
"url": "https://git.kernel.org/stable/c/8dda30f81c751b01cd71f2cfaeef26ad4393b1d1"
},
{
"url": "https://git.kernel.org/stable/c/3ea9dbf7c2f436952bca331c6f5d72f75aca224e"
},
{
"url": "https://git.kernel.org/stable/c/57289b6601fe78c09921599b042a0b430fb420ec"
},
{
"url": "https://git.kernel.org/stable/c/4513018d0bd739097570d26a7760551cba3deb56"
},
{
"url": "https://git.kernel.org/stable/c/ccd7567d4b6cf187fdfa55f003a9e461ee629e36"
}
],
"title": "cpufreq: pmac32-cpufreq: Fix refcount leak bug",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49621",
"datePublished": "2025-02-26T02:23:38.850Z",
"dateReserved": "2025-02-26T02:21:30.420Z",
"dateUpdated": "2025-10-01T19:36:50.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49058 (GCVE-0-2022-49058)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cifs: potential buffer overflow in handling symlinks
Smatch printed a warning:
arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error:
__memcpy() 'dctx->buf' too small (16 vs u32max)
It's caused because Smatch marks 'link_len' as untrusted since it comes
from sscanf(). Add a check to ensure that 'link_len' is not larger than
the size of the 'link_str' buffer.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131 Version: c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131 Version: c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131 Version: c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131 Version: c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131 Version: c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131 Version: c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131 Version: c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:01.997451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:06.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/cifs/link.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3e582749e742e662a8e9bb37cffac62dccaaa1e2",
"status": "affected",
"version": "c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131",
"versionType": "git"
},
{
"lessThan": "1316c28569a80ab3596eeab05bf5e01991e7e739",
"status": "affected",
"version": "c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131",
"versionType": "git"
},
{
"lessThan": "eb5f51756944735ac70cd8bb38637cc202e29c91",
"status": "affected",
"version": "c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131",
"versionType": "git"
},
{
"lessThan": "22d658c6c5affed10c8907e67160cef0b6c92186",
"status": "affected",
"version": "c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131",
"versionType": "git"
},
{
"lessThan": "4e166a41180be2f1e66bbb6d46448e80a9a5ec05",
"status": "affected",
"version": "c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131",
"versionType": "git"
},
{
"lessThan": "9901b07ba42b39266b34a888e48d7306fd707bee",
"status": "affected",
"version": "c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131",
"versionType": "git"
},
{
"lessThan": "515e7ba11ef043d6febe69389949c8ef5f25e9d0",
"status": "affected",
"version": "c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131",
"versionType": "git"
},
{
"lessThan": "64c4a37ac04eeb43c42d272f6e6c8c12bfcf4304",
"status": "affected",
"version": "c69c1b6eaea1b3e1eecf7ad2fba0208ac4a11131",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/cifs/link.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.37"
},
{
"lessThan": "2.6.37",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.239",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.239",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.190",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.112",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.35",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"versionStartIncluding": "2.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: potential buffer overflow in handling symlinks\n\nSmatch printed a warning:\n\tarch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error:\n\t__memcpy() \u0027dctx-\u003ebuf\u0027 too small (16 vs u32max)\n\nIt\u0027s caused because Smatch marks \u0027link_len\u0027 as untrusted since it comes\nfrom sscanf(). Add a check to ensure that \u0027link_len\u0027 is not larger than\nthe size of the \u0027link_str\u0027 buffer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:50.644Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3e582749e742e662a8e9bb37cffac62dccaaa1e2"
},
{
"url": "https://git.kernel.org/stable/c/1316c28569a80ab3596eeab05bf5e01991e7e739"
},
{
"url": "https://git.kernel.org/stable/c/eb5f51756944735ac70cd8bb38637cc202e29c91"
},
{
"url": "https://git.kernel.org/stable/c/22d658c6c5affed10c8907e67160cef0b6c92186"
},
{
"url": "https://git.kernel.org/stable/c/4e166a41180be2f1e66bbb6d46448e80a9a5ec05"
},
{
"url": "https://git.kernel.org/stable/c/9901b07ba42b39266b34a888e48d7306fd707bee"
},
{
"url": "https://git.kernel.org/stable/c/515e7ba11ef043d6febe69389949c8ef5f25e9d0"
},
{
"url": "https://git.kernel.org/stable/c/64c4a37ac04eeb43c42d272f6e6c8c12bfcf4304"
}
],
"title": "cifs: potential buffer overflow in handling symlinks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49058",
"datePublished": "2025-02-26T01:54:29.195Z",
"dateReserved": "2025-02-26T01:49:39.243Z",
"dateUpdated": "2025-10-01T19:57:06.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49517 (GCVE-0-2022-49517)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
This node pointer is returned by of_parse_phandle() with
refcount incremented in this function.
Calling of_node_put() to avoid the refcount leak.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8625c1dbd87631572f8e2c05bc67736b73d6f02f Version: 8625c1dbd87631572f8e2c05bc67736b73d6f02f Version: 8625c1dbd87631572f8e2c05bc67736b73d6f02f Version: 8625c1dbd87631572f8e2c05bc67736b73d6f02f Version: 8625c1dbd87631572f8e2c05bc67736b73d6f02f Version: 8625c1dbd87631572f8e2c05bc67736b73d6f02f Version: 8625c1dbd87631572f8e2c05bc67736b73d6f02f Version: 8625c1dbd87631572f8e2c05bc67736b73d6f02f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:38:12.821382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:41.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/mediatek/mt2701/mt2701-wm8960.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bc2afecaabd2a2c9f17e43b4793a30e3461bfb29",
"status": "affected",
"version": "8625c1dbd87631572f8e2c05bc67736b73d6f02f",
"versionType": "git"
},
{
"lessThan": "9345122f5fb9f97a206f440f38bb656e53f46912",
"status": "affected",
"version": "8625c1dbd87631572f8e2c05bc67736b73d6f02f",
"versionType": "git"
},
{
"lessThan": "c71494f5f2b444adfd992a7359a0d2a791642b39",
"status": "affected",
"version": "8625c1dbd87631572f8e2c05bc67736b73d6f02f",
"versionType": "git"
},
{
"lessThan": "f279c49f17ce10866087ea6c0c57382158974b63",
"status": "affected",
"version": "8625c1dbd87631572f8e2c05bc67736b73d6f02f",
"versionType": "git"
},
{
"lessThan": "61a85a20e8df5e0a92cfe169c92425c7bae0753b",
"status": "affected",
"version": "8625c1dbd87631572f8e2c05bc67736b73d6f02f",
"versionType": "git"
},
{
"lessThan": "318afb1442eeef089fe7f8a8297d97c0302ff6f6",
"status": "affected",
"version": "8625c1dbd87631572f8e2c05bc67736b73d6f02f",
"versionType": "git"
},
{
"lessThan": "94587aa17abf8b26f543d2b29c44abc21bc36836",
"status": "affected",
"version": "8625c1dbd87631572f8e2c05bc67736b73d6f02f",
"versionType": "git"
},
{
"lessThan": "05654431a18fe24e5e46a375d98904134628a102",
"status": "affected",
"version": "8625c1dbd87631572f8e2c05bc67736b73d6f02f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/mediatek/mt2701/mt2701-wm8960.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe\n\nThis node pointer is returned by of_parse_phandle() with\nrefcount incremented in this function.\nCalling of_node_put() to avoid the refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:38.205Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bc2afecaabd2a2c9f17e43b4793a30e3461bfb29"
},
{
"url": "https://git.kernel.org/stable/c/9345122f5fb9f97a206f440f38bb656e53f46912"
},
{
"url": "https://git.kernel.org/stable/c/c71494f5f2b444adfd992a7359a0d2a791642b39"
},
{
"url": "https://git.kernel.org/stable/c/f279c49f17ce10866087ea6c0c57382158974b63"
},
{
"url": "https://git.kernel.org/stable/c/61a85a20e8df5e0a92cfe169c92425c7bae0753b"
},
{
"url": "https://git.kernel.org/stable/c/318afb1442eeef089fe7f8a8297d97c0302ff6f6"
},
{
"url": "https://git.kernel.org/stable/c/94587aa17abf8b26f543d2b29c44abc21bc36836"
},
{
"url": "https://git.kernel.org/stable/c/05654431a18fe24e5e46a375d98904134628a102"
}
],
"title": "ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49517",
"datePublished": "2025-02-26T02:13:44.853Z",
"dateReserved": "2025-02-26T02:08:31.587Z",
"dateUpdated": "2025-10-01T19:46:41.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49569 (GCVE-0-2022-49569)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers
In case a IRQ based transfer times out the bcm2835_spi_handle_err()
function is called. Since commit 1513ceee70f2 ("spi: bcm2835: Drop
dma_pending flag") the TX and RX DMA transfers are unconditionally
canceled, leading to NULL pointer derefs if ctlr->dma_tx or
ctlr->dma_rx are not set.
Fix the NULL pointer deref by checking that ctlr->dma_tx and
ctlr->dma_rx are valid pointers before accessing them.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:36:53.132974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:37.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-bcm2835.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "76668d2a2f367d25ff448e6d7087406af7d7bb2b",
"status": "affected",
"version": "1513ceee70f2bd523e025efe0c715328e1a43ffd",
"versionType": "git"
},
{
"lessThan": "684896e675edd8b669fd3e9f547c5038222d85bc",
"status": "affected",
"version": "1513ceee70f2bd523e025efe0c715328e1a43ffd",
"versionType": "git"
},
{
"lessThan": "58466e05390043d2805685c70f55f3f59711bdf2",
"status": "affected",
"version": "1513ceee70f2bd523e025efe0c715328e1a43ffd",
"versionType": "git"
},
{
"lessThan": "49ffa473218012e765682343de2052eb4c1f06a7",
"status": "affected",
"version": "1513ceee70f2bd523e025efe0c715328e1a43ffd",
"versionType": "git"
},
{
"lessThan": "4ceaa684459d414992acbefb4e4c31f2dfc50641",
"status": "affected",
"version": "1513ceee70f2bd523e025efe0c715328e1a43ffd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi-bcm2835.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.208",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.208",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.134",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers\n\nIn case a IRQ based transfer times out the bcm2835_spi_handle_err()\nfunction is called. Since commit 1513ceee70f2 (\"spi: bcm2835: Drop\ndma_pending flag\") the TX and RX DMA transfers are unconditionally\ncanceled, leading to NULL pointer derefs if ctlr-\u003edma_tx or\nctlr-\u003edma_rx are not set.\n\nFix the NULL pointer deref by checking that ctlr-\u003edma_tx and\nctlr-\u003edma_rx are valid pointers before accessing them."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:50.800Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/76668d2a2f367d25ff448e6d7087406af7d7bb2b"
},
{
"url": "https://git.kernel.org/stable/c/684896e675edd8b669fd3e9f547c5038222d85bc"
},
{
"url": "https://git.kernel.org/stable/c/58466e05390043d2805685c70f55f3f59711bdf2"
},
{
"url": "https://git.kernel.org/stable/c/49ffa473218012e765682343de2052eb4c1f06a7"
},
{
"url": "https://git.kernel.org/stable/c/4ceaa684459d414992acbefb4e4c31f2dfc50641"
}
],
"title": "spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49569",
"datePublished": "2025-02-26T02:23:13.209Z",
"dateReserved": "2025-02-26T02:21:30.410Z",
"dateUpdated": "2025-10-01T19:46:37.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49367 (GCVE-0-2022-49367)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
mv88e6xxx_mdio_register() pass the device node to of_mdiobus_register().
We don't need the device node after it.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a3c53be55c955b7150cda17874c3fcb4eeb97a89 Version: a3c53be55c955b7150cda17874c3fcb4eeb97a89 Version: a3c53be55c955b7150cda17874c3fcb4eeb97a89 Version: a3c53be55c955b7150cda17874c3fcb4eeb97a89 Version: a3c53be55c955b7150cda17874c3fcb4eeb97a89 Version: a3c53be55c955b7150cda17874c3fcb4eeb97a89 Version: a3c53be55c955b7150cda17874c3fcb4eeb97a89 Version: a3c53be55c955b7150cda17874c3fcb4eeb97a89 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:31.530867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:53.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/mv88e6xxx/chip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dc1cf8c6f9793546696fded437a5b4c84944c48b",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "86c3c5f8e4bd1325e24f6fba9017cade29933377",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "a101793994c0a14c70bb4e44c7fda597eeebba0a",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "42658e47f1abbbe592007d3ba303de466114d0bb",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "c1df9cb756e5a9ba1841648c44ee5d92306b9c65",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "e0d763d0c7665c7897e4f5a0847ab0c82543345f",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "8a1a1255152da4fb934290e7ababc66f24985520",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
},
{
"lessThan": "02ded5a173619b11728b8bf75a3fd995a2c1ff28",
"status": "affected",
"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/mv88e6xxx/chip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\n\nmv88e6xxx_mdio_register() pass the device node to of_mdiobus_register().\nWe don\u0027t need the device node after it.\n\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:11.318Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dc1cf8c6f9793546696fded437a5b4c84944c48b"
},
{
"url": "https://git.kernel.org/stable/c/86c3c5f8e4bd1325e24f6fba9017cade29933377"
},
{
"url": "https://git.kernel.org/stable/c/a101793994c0a14c70bb4e44c7fda597eeebba0a"
},
{
"url": "https://git.kernel.org/stable/c/42658e47f1abbbe592007d3ba303de466114d0bb"
},
{
"url": "https://git.kernel.org/stable/c/c1df9cb756e5a9ba1841648c44ee5d92306b9c65"
},
{
"url": "https://git.kernel.org/stable/c/e0d763d0c7665c7897e4f5a0847ab0c82543345f"
},
{
"url": "https://git.kernel.org/stable/c/8a1a1255152da4fb934290e7ababc66f24985520"
},
{
"url": "https://git.kernel.org/stable/c/02ded5a173619b11728b8bf75a3fd995a2c1ff28"
}
],
"title": "net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49367",
"datePublished": "2025-02-26T02:11:11.729Z",
"dateReserved": "2025-02-26T02:08:31.555Z",
"dateUpdated": "2025-10-01T19:46:53.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49194 (GCVE-0-2022-49194)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: bcmgenet: Use stronger register read/writes to assure ordering
GCC12 appears to be much smarter about its dependency tracking and is
aware that the relaxed variants are just normal loads and stores and
this is causing problems like:
[ 210.074549] ------------[ cut here ]------------
[ 210.079223] NETDEV WATCHDOG: enabcm6e4ei0 (bcmgenet): transmit queue 1 timed out
[ 210.086717] WARNING: CPU: 1 PID: 0 at net/sched/sch_generic.c:529 dev_watchdog+0x234/0x240
[ 210.095044] Modules linked in: genet(E) nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat]
[ 210.146561] ACPI CPPC: PCC check channel failed for ss: 0. ret=-110
[ 210.146927] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G E 5.17.0-rc7G12+ #58
[ 210.153226] CPPC Cpufreq:cppc_scale_freq_workfn: failed to read perf counters
[ 210.161349] Hardware name: Raspberry Pi Foundation Raspberry Pi 4 Model B/Raspberry Pi 4 Model B, BIOS EDK2-DEV 02/08/2022
[ 210.161353] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 210.161358] pc : dev_watchdog+0x234/0x240
[ 210.161364] lr : dev_watchdog+0x234/0x240
[ 210.161368] sp : ffff8000080a3a40
[ 210.161370] x29: ffff8000080a3a40 x28: ffffcd425af87000 x27: ffff8000080a3b20
[ 210.205150] x26: ffffcd425aa00000 x25: 0000000000000001 x24: ffffcd425af8ec08
[ 210.212321] x23: 0000000000000100 x22: ffffcd425af87000 x21: ffff55b142688000
[ 210.219491] x20: 0000000000000001 x19: ffff55b1426884c8 x18: ffffffffffffffff
[ 210.226661] x17: 64656d6974203120 x16: 0000000000000001 x15: 6d736e617274203a
[ 210.233831] x14: 2974656e65676d63 x13: ffffcd4259c300d8 x12: ffffcd425b07d5f0
[ 210.241001] x11: 00000000ffffffff x10: ffffcd425b07d5f0 x9 : ffffcd4258bdad9c
[ 210.248171] x8 : 00000000ffffdfff x7 : 000000000000003f x6 : 0000000000000000
[ 210.255341] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000001000
[ 210.262511] x2 : 0000000000001000 x1 : 0000000000000005 x0 : 0000000000000044
[ 210.269682] Call trace:
[ 210.272133] dev_watchdog+0x234/0x240
[ 210.275811] call_timer_fn+0x3c/0x15c
[ 210.279489] __run_timers.part.0+0x288/0x310
[ 210.283777] run_timer_softirq+0x48/0x80
[ 210.287716] __do_softirq+0x128/0x360
[ 210.291392] __irq_exit_rcu+0x138/0x140
[ 210.295243] irq_exit_rcu+0x1c/0x30
[ 210.298745] el1_interrupt+0x38/0x54
[ 210.302334] el1h_64_irq_handler+0x18/0x24
[ 210.306445] el1h_64_irq+0x7c/0x80
[ 210.309857] arch_cpu_idle+0x18/0x2c
[ 210.313445] default_idle_call+0x4c/0x140
[ 210.317470] cpuidle_idle_call+0x14c/0x1a0
[ 210.321584] do_idle+0xb0/0x100
[ 210.324737] cpu_startup_entry+0x30/0x8c
[ 210.328675] secondary_start_kernel+0xe4/0x110
[ 210.333138] __secondary_switched+0x94/0x98
The assumption when these were relaxed seems to be that device memory
would be mapped non reordering, and that other constructs
(spinlocks/etc) would provide the barriers to assure that packet data
and in memory rings/queues were ordered with respect to device
register reads/writes. This itself seems a bit sketchy, but the real
problem with GCC12 is that it is moving the actual reads/writes around
at will as though they were independent operations when in truth they
are not, but the compiler can't know that. When looking at the
assembly dumps for many of these routines its possible to see very
clean, but not strictly in program order operations occurring as the
compiler would be free to do if these weren't actually register
reads/write operations.
Its possible to suppress the timeout with a liberal bit of dma_mb()'s
sprinkled around but the device still seems unable to reliably
send/receive data. A better plan is to use the safer readl/writel
everywhere.
Since this partially reverts an older commit, which notes the use of
the relaxed variants for performance reasons. I would suggest that
any performance problems
---truncated---
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/genet/bcmgenet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b26091a02093104259ca64aeca73601e56160d62",
"status": "affected",
"version": "69d2ea9c798983c4a7157278ec84ff969d1cd8e8",
"versionType": "git"
},
{
"lessThan": "06d836801cd82ded282aaf9e888ff9e7e4a88b91",
"status": "affected",
"version": "69d2ea9c798983c4a7157278ec84ff969d1cd8e8",
"versionType": "git"
},
{
"lessThan": "1d717816189fd68f9e089cf89ed1f7327d2c2e71",
"status": "affected",
"version": "69d2ea9c798983c4a7157278ec84ff969d1cd8e8",
"versionType": "git"
},
{
"lessThan": "f49769b462f282477ca801cf648f875b1c5b59db",
"status": "affected",
"version": "69d2ea9c798983c4a7157278ec84ff969d1cd8e8",
"versionType": "git"
},
{
"lessThan": "8d3ea3d402db94b61075617e71b67459a714a502",
"status": "affected",
"version": "69d2ea9c798983c4a7157278ec84ff969d1cd8e8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/genet/bcmgenet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmgenet: Use stronger register read/writes to assure ordering\n\nGCC12 appears to be much smarter about its dependency tracking and is\naware that the relaxed variants are just normal loads and stores and\nthis is causing problems like:\n\n[ 210.074549] ------------[ cut here ]------------\n[ 210.079223] NETDEV WATCHDOG: enabcm6e4ei0 (bcmgenet): transmit queue 1 timed out\n[ 210.086717] WARNING: CPU: 1 PID: 0 at net/sched/sch_generic.c:529 dev_watchdog+0x234/0x240\n[ 210.095044] Modules linked in: genet(E) nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat]\n[ 210.146561] ACPI CPPC: PCC check channel failed for ss: 0. ret=-110\n[ 210.146927] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G E 5.17.0-rc7G12+ #58\n[ 210.153226] CPPC Cpufreq:cppc_scale_freq_workfn: failed to read perf counters\n[ 210.161349] Hardware name: Raspberry Pi Foundation Raspberry Pi 4 Model B/Raspberry Pi 4 Model B, BIOS EDK2-DEV 02/08/2022\n[ 210.161353] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 210.161358] pc : dev_watchdog+0x234/0x240\n[ 210.161364] lr : dev_watchdog+0x234/0x240\n[ 210.161368] sp : ffff8000080a3a40\n[ 210.161370] x29: ffff8000080a3a40 x28: ffffcd425af87000 x27: ffff8000080a3b20\n[ 210.205150] x26: ffffcd425aa00000 x25: 0000000000000001 x24: ffffcd425af8ec08\n[ 210.212321] x23: 0000000000000100 x22: ffffcd425af87000 x21: ffff55b142688000\n[ 210.219491] x20: 0000000000000001 x19: ffff55b1426884c8 x18: ffffffffffffffff\n[ 210.226661] x17: 64656d6974203120 x16: 0000000000000001 x15: 6d736e617274203a\n[ 210.233831] x14: 2974656e65676d63 x13: ffffcd4259c300d8 x12: ffffcd425b07d5f0\n[ 210.241001] x11: 00000000ffffffff x10: ffffcd425b07d5f0 x9 : ffffcd4258bdad9c\n[ 210.248171] x8 : 00000000ffffdfff x7 : 000000000000003f x6 : 0000000000000000\n[ 210.255341] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000001000\n[ 210.262511] x2 : 0000000000001000 x1 : 0000000000000005 x0 : 0000000000000044\n[ 210.269682] Call trace:\n[ 210.272133] dev_watchdog+0x234/0x240\n[ 210.275811] call_timer_fn+0x3c/0x15c\n[ 210.279489] __run_timers.part.0+0x288/0x310\n[ 210.283777] run_timer_softirq+0x48/0x80\n[ 210.287716] __do_softirq+0x128/0x360\n[ 210.291392] __irq_exit_rcu+0x138/0x140\n[ 210.295243] irq_exit_rcu+0x1c/0x30\n[ 210.298745] el1_interrupt+0x38/0x54\n[ 210.302334] el1h_64_irq_handler+0x18/0x24\n[ 210.306445] el1h_64_irq+0x7c/0x80\n[ 210.309857] arch_cpu_idle+0x18/0x2c\n[ 210.313445] default_idle_call+0x4c/0x140\n[ 210.317470] cpuidle_idle_call+0x14c/0x1a0\n[ 210.321584] do_idle+0xb0/0x100\n[ 210.324737] cpu_startup_entry+0x30/0x8c\n[ 210.328675] secondary_start_kernel+0xe4/0x110\n[ 210.333138] __secondary_switched+0x94/0x98\n\nThe assumption when these were relaxed seems to be that device memory\nwould be mapped non reordering, and that other constructs\n(spinlocks/etc) would provide the barriers to assure that packet data\nand in memory rings/queues were ordered with respect to device\nregister reads/writes. This itself seems a bit sketchy, but the real\nproblem with GCC12 is that it is moving the actual reads/writes around\nat will as though they were independent operations when in truth they\nare not, but the compiler can\u0027t know that. When looking at the\nassembly dumps for many of these routines its possible to see very\nclean, but not strictly in program order operations occurring as the\ncompiler would be free to do if these weren\u0027t actually register\nreads/write operations.\n\nIts possible to suppress the timeout with a liberal bit of dma_mb()\u0027s\nsprinkled around but the device still seems unable to reliably\nsend/receive data. A better plan is to use the safer readl/writel\neverywhere.\n\nSince this partially reverts an older commit, which notes the use of\nthe relaxed variants for performance reasons. I would suggest that\nany performance problems \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:06.187Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b26091a02093104259ca64aeca73601e56160d62"
},
{
"url": "https://git.kernel.org/stable/c/06d836801cd82ded282aaf9e888ff9e7e4a88b91"
},
{
"url": "https://git.kernel.org/stable/c/1d717816189fd68f9e089cf89ed1f7327d2c2e71"
},
{
"url": "https://git.kernel.org/stable/c/f49769b462f282477ca801cf648f875b1c5b59db"
},
{
"url": "https://git.kernel.org/stable/c/8d3ea3d402db94b61075617e71b67459a714a502"
}
],
"title": "net: bcmgenet: Use stronger register read/writes to assure ordering",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49194",
"datePublished": "2025-02-26T01:55:39.581Z",
"dateReserved": "2025-02-26T01:49:39.287Z",
"dateUpdated": "2025-05-04T08:32:06.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49154 (GCVE-0-2022-49154)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-06-19 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: fix panic on out-of-bounds guest IRQ
As guest_irq is coming from KVM_IRQFD API call, it may trigger
crash in svm_update_pi_irte() due to out-of-bounds:
crash> bt
PID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: "vcpu8"
#0 [ffffb1ba6707fa40] machine_kexec at ffffffff8565b397
#1 [ffffb1ba6707fa90] __crash_kexec at ffffffff85788a6d
#2 [ffffb1ba6707fb58] crash_kexec at ffffffff8578995d
#3 [ffffb1ba6707fb70] oops_end at ffffffff85623c0d
#4 [ffffb1ba6707fb90] no_context at ffffffff856692c9
#5 [ffffb1ba6707fbf8] exc_page_fault at ffffffff85f95b51
#6 [ffffb1ba6707fc50] asm_exc_page_fault at ffffffff86000ace
[exception RIP: svm_update_pi_irte+227]
RIP: ffffffffc0761b53 RSP: ffffb1ba6707fd08 RFLAGS: 00010086
RAX: ffffb1ba6707fd78 RBX: ffffb1ba66d91000 RCX: 0000000000000001
RDX: 00003c803f63f1c0 RSI: 000000000000019a RDI: ffffb1ba66db2ab8
RBP: 000000000000019a R8: 0000000000000040 R9: ffff94ca41b82200
R10: ffffffffffffffcf R11: 0000000000000001 R12: 0000000000000001
R13: 0000000000000001 R14: ffffffffffffffcf R15: 000000000000005f
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#7 [ffffb1ba6707fdb8] kvm_irq_routing_update at ffffffffc09f19a1 [kvm]
#8 [ffffb1ba6707fde0] kvm_set_irq_routing at ffffffffc09f2133 [kvm]
#9 [ffffb1ba6707fe18] kvm_vm_ioctl at ffffffffc09ef544 [kvm]
RIP: 00007f143c36488b RSP: 00007f143a4e04b8 RFLAGS: 00000246
RAX: ffffffffffffffda RBX: 00007f05780041d0 RCX: 00007f143c36488b
RDX: 00007f05780041d0 RSI: 000000004008ae6a RDI: 0000000000000020
RBP: 00000000000004e8 R8: 0000000000000008 R9: 00007f05780041e0
R10: 00007f0578004560 R11: 0000000000000246 R12: 00000000000004e0
R13: 000000000000001a R14: 00007f1424001c60 R15: 00007f0578003bc0
ORIG_RAX: 0000000000000010 CS: 0033 SS: 002b
Vmx have been fix this in commit 3a8b0677fc61 (KVM: VMX: Do not BUG() on
out-of-bounds guest IRQ), so we can just copy source from that to fix
this.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/svm/avic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0fb470eb48892e131d10aa3be6915239e65758f3",
"status": "affected",
"version": "411b44ba80ab0023383fe3f377e903cb0cb7d8bb",
"versionType": "git"
},
{
"lessThan": "3fa2d747960521a646fc1aad7aea82e95e139a68",
"status": "affected",
"version": "411b44ba80ab0023383fe3f377e903cb0cb7d8bb",
"versionType": "git"
},
{
"lessThan": "e4d153d53d9648513481eb4ef8c212e7f1f8173d",
"status": "affected",
"version": "411b44ba80ab0023383fe3f377e903cb0cb7d8bb",
"versionType": "git"
},
{
"lessThan": "a6ffdebfb6a9c2ffeed902b544b96fe67498210e",
"status": "affected",
"version": "411b44ba80ab0023383fe3f377e903cb0cb7d8bb",
"versionType": "git"
},
{
"lessThan": "a80ced6ea514000d34bf1239d47553de0d1ee89e",
"status": "affected",
"version": "411b44ba80ab0023383fe3f377e903cb0cb7d8bb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/svm/avic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: fix panic on out-of-bounds guest IRQ\n\nAs guest_irq is coming from KVM_IRQFD API call, it may trigger\ncrash in svm_update_pi_irte() due to out-of-bounds:\n\ncrash\u003e bt\nPID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: \"vcpu8\"\n #0 [ffffb1ba6707fa40] machine_kexec at ffffffff8565b397\n #1 [ffffb1ba6707fa90] __crash_kexec at ffffffff85788a6d\n #2 [ffffb1ba6707fb58] crash_kexec at ffffffff8578995d\n #3 [ffffb1ba6707fb70] oops_end at ffffffff85623c0d\n #4 [ffffb1ba6707fb90] no_context at ffffffff856692c9\n #5 [ffffb1ba6707fbf8] exc_page_fault at ffffffff85f95b51\n #6 [ffffb1ba6707fc50] asm_exc_page_fault at ffffffff86000ace\n [exception RIP: svm_update_pi_irte+227]\n RIP: ffffffffc0761b53 RSP: ffffb1ba6707fd08 RFLAGS: 00010086\n RAX: ffffb1ba6707fd78 RBX: ffffb1ba66d91000 RCX: 0000000000000001\n RDX: 00003c803f63f1c0 RSI: 000000000000019a RDI: ffffb1ba66db2ab8\n RBP: 000000000000019a R8: 0000000000000040 R9: ffff94ca41b82200\n R10: ffffffffffffffcf R11: 0000000000000001 R12: 0000000000000001\n R13: 0000000000000001 R14: ffffffffffffffcf R15: 000000000000005f\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n #7 [ffffb1ba6707fdb8] kvm_irq_routing_update at ffffffffc09f19a1 [kvm]\n #8 [ffffb1ba6707fde0] kvm_set_irq_routing at ffffffffc09f2133 [kvm]\n #9 [ffffb1ba6707fe18] kvm_vm_ioctl at ffffffffc09ef544 [kvm]\n RIP: 00007f143c36488b RSP: 00007f143a4e04b8 RFLAGS: 00000246\n RAX: ffffffffffffffda RBX: 00007f05780041d0 RCX: 00007f143c36488b\n RDX: 00007f05780041d0 RSI: 000000004008ae6a RDI: 0000000000000020\n RBP: 00000000000004e8 R8: 0000000000000008 R9: 00007f05780041e0\n R10: 00007f0578004560 R11: 0000000000000246 R12: 00000000000004e0\n R13: 000000000000001a R14: 00007f1424001c60 R15: 00007f0578003bc0\n ORIG_RAX: 0000000000000010 CS: 0033 SS: 002b\n\nVmx have been fix this in commit 3a8b0677fc61 (KVM: VMX: Do not BUG() on\nout-of-bounds guest IRQ), so we can just copy source from that to fix\nthis."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:56:15.928Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0fb470eb48892e131d10aa3be6915239e65758f3"
},
{
"url": "https://git.kernel.org/stable/c/3fa2d747960521a646fc1aad7aea82e95e139a68"
},
{
"url": "https://git.kernel.org/stable/c/e4d153d53d9648513481eb4ef8c212e7f1f8173d"
},
{
"url": "https://git.kernel.org/stable/c/a6ffdebfb6a9c2ffeed902b544b96fe67498210e"
},
{
"url": "https://git.kernel.org/stable/c/a80ced6ea514000d34bf1239d47553de0d1ee89e"
}
],
"title": "KVM: SVM: fix panic on out-of-bounds guest IRQ",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49154",
"datePublished": "2025-02-26T01:55:19.245Z",
"dateReserved": "2025-02-26T01:49:39.275Z",
"dateUpdated": "2025-06-19T12:56:15.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49448 (GCVE-0-2022-49448)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: bcm: Check for NULL return of devm_kzalloc()
As the potential failure of allocation, devm_kzalloc() may return NULL. Then
the 'pd->pmb' and the follow lines of code may bring null pointer dereference.
Therefore, it is better to check the return value of devm_kzalloc() to avoid
this confusion.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:40:39.579676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:48.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/bcm/bcm63xx/bcm-pmb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5650e103bfc70156001615861fb8aafb3947da6e",
"status": "affected",
"version": "8bcac4011ebe0dbdd46fd55b036ee855c95702d3",
"versionType": "git"
},
{
"lessThan": "36339ea7bae4943be01c8e9545e46e334591fecd",
"status": "affected",
"version": "8bcac4011ebe0dbdd46fd55b036ee855c95702d3",
"versionType": "git"
},
{
"lessThan": "b48b98743b568bb219152ba2e15af6ef0d3d8a9b",
"status": "affected",
"version": "8bcac4011ebe0dbdd46fd55b036ee855c95702d3",
"versionType": "git"
},
{
"lessThan": "b4bd2aafacce48db26b0a213d849818d940556dd",
"status": "affected",
"version": "8bcac4011ebe0dbdd46fd55b036ee855c95702d3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/bcm/bcm63xx/bcm-pmb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: bcm: Check for NULL return of devm_kzalloc()\n\nAs the potential failure of allocation, devm_kzalloc() may return NULL. Then\nthe \u0027pd-\u003epmb\u0027 and the follow lines of code may bring null pointer dereference.\n\nTherefore, it is better to check the return value of devm_kzalloc() to avoid\nthis confusion."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:57.894Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5650e103bfc70156001615861fb8aafb3947da6e"
},
{
"url": "https://git.kernel.org/stable/c/36339ea7bae4943be01c8e9545e46e334591fecd"
},
{
"url": "https://git.kernel.org/stable/c/b48b98743b568bb219152ba2e15af6ef0d3d8a9b"
},
{
"url": "https://git.kernel.org/stable/c/b4bd2aafacce48db26b0a213d849818d940556dd"
}
],
"title": "soc: bcm: Check for NULL return of devm_kzalloc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49448",
"datePublished": "2025-02-26T02:12:59.203Z",
"dateReserved": "2025-02-26T02:08:31.572Z",
"dateUpdated": "2025-10-01T19:46:48.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49222 (GCVE-0-2022-49222)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: anx7625: Fix overflow issue on reading EDID
The length of EDID block can be longer than 256 bytes, so we should use
`int` instead of `u8` for the `edid_pos` variable.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/bridge/analogix/anx7625.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "64c06df2428bb7bb3d8cf5691416001af42d94dd",
"status": "affected",
"version": "8bdfc5dae4e3ba4d99dfb430ef43249e5f1b7730",
"versionType": "git"
},
{
"lessThan": "f0d5d938d51af4eb08d9d8684fd9903425a0a87d",
"status": "affected",
"version": "8bdfc5dae4e3ba4d99dfb430ef43249e5f1b7730",
"versionType": "git"
},
{
"lessThan": "db1c47d299298a7c52ccb201905d6be979fd7507",
"status": "affected",
"version": "8bdfc5dae4e3ba4d99dfb430ef43249e5f1b7730",
"versionType": "git"
},
{
"lessThan": "d5c6f647aec9ed524aedd04a3aec5ebc21d39007",
"status": "affected",
"version": "8bdfc5dae4e3ba4d99dfb430ef43249e5f1b7730",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/bridge/analogix/anx7625.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: anx7625: Fix overflow issue on reading EDID\n\nThe length of EDID block can be longer than 256 bytes, so we should use\n`int` instead of `u8` for the `edid_pos` variable."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:46.609Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/64c06df2428bb7bb3d8cf5691416001af42d94dd"
},
{
"url": "https://git.kernel.org/stable/c/f0d5d938d51af4eb08d9d8684fd9903425a0a87d"
},
{
"url": "https://git.kernel.org/stable/c/db1c47d299298a7c52ccb201905d6be979fd7507"
},
{
"url": "https://git.kernel.org/stable/c/d5c6f647aec9ed524aedd04a3aec5ebc21d39007"
}
],
"title": "drm/bridge: anx7625: Fix overflow issue on reading EDID",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49222",
"datePublished": "2025-02-26T01:55:53.799Z",
"dateReserved": "2025-02-26T01:49:39.292Z",
"dateUpdated": "2025-05-04T08:32:46.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49613 (GCVE-0-2022-49613)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250: Fix PM usage_count for console handover
When console is enabled, univ8250_console_setup() calls
serial8250_console_setup() before .dev is set to uart_port. Therefore,
it will not call pm_runtime_get_sync(). Later, when the actual driver
is going to take over univ8250_console_exit() is called. As .dev is
already set, serial8250_console_exit() makes pm_runtime_put_sync() call
with usage count being zero triggering PM usage count warning
(extra debug for univ8250_console_setup(), univ8250_console_exit(), and
serial8250_register_ports()):
[ 0.068987] univ8250_console_setup ttyS0 nodev
[ 0.499670] printk: console [ttyS0] enabled
[ 0.717955] printk: console [ttyS0] printing thread started
[ 1.960163] serial8250_register_ports assigned dev for ttyS0
[ 1.976830] printk: console [ttyS0] disabled
[ 1.976888] printk: console [ttyS0] printing thread stopped
[ 1.977073] univ8250_console_exit ttyS0 usage:0
[ 1.977075] serial8250 serial8250: Runtime PM usage count underflow!
[ 1.977429] dw-apb-uart.6: ttyS0 at MMIO 0x4010006000 (irq = 33, base_baud = 115200) is a 16550A
[ 1.977812] univ8250_console_setup ttyS0 usage:2
[ 1.978167] printk: console [ttyS0] printing thread started
[ 1.978203] printk: console [ttyS0] enabled
To fix the issue, call pm_runtime_get_sync() in
serial8250_register_ports() as soon as .dev is set for an uart_port
if it has console enabled.
This problem became apparent only recently because 82586a721595 ("PM:
runtime: Avoid device usage count underflows") added the warning
printout. I confirmed this problem also occurs with v5.18 (w/o the
warning printout, obviously).
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/8250/8250_core.c",
"drivers/tty/serial/serial_core.c",
"include/linux/serial_core.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d9cb6fabc90102f9e61fe35bd0160db88f4f53b4",
"status": "affected",
"version": "bedb404e91bb2908d9921fc736a518a9d89525fc",
"versionType": "git"
},
{
"lessThan": "190ce5cdc55d1b66ea582ac2be6fd5a72e3cc486",
"status": "affected",
"version": "bedb404e91bb2908d9921fc736a518a9d89525fc",
"versionType": "git"
},
{
"lessThan": "5df66302f03f87ae8953785a882d78e911f00c55",
"status": "affected",
"version": "bedb404e91bb2908d9921fc736a518a9d89525fc",
"versionType": "git"
},
{
"lessThan": "f9b11229b79c0fb2100b5bb4628a101b1d37fbf6",
"status": "affected",
"version": "bedb404e91bb2908d9921fc736a518a9d89525fc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/8250/8250_core.c",
"drivers/tty/serial/serial_core.c",
"include/linux/serial_core.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: Fix PM usage_count for console handover\n\nWhen console is enabled, univ8250_console_setup() calls\nserial8250_console_setup() before .dev is set to uart_port. Therefore,\nit will not call pm_runtime_get_sync(). Later, when the actual driver\nis going to take over univ8250_console_exit() is called. As .dev is\nalready set, serial8250_console_exit() makes pm_runtime_put_sync() call\nwith usage count being zero triggering PM usage count warning\n(extra debug for univ8250_console_setup(), univ8250_console_exit(), and\nserial8250_register_ports()):\n\n[ 0.068987] univ8250_console_setup ttyS0 nodev\n[ 0.499670] printk: console [ttyS0] enabled\n[ 0.717955] printk: console [ttyS0] printing thread started\n[ 1.960163] serial8250_register_ports assigned dev for ttyS0\n[ 1.976830] printk: console [ttyS0] disabled\n[ 1.976888] printk: console [ttyS0] printing thread stopped\n[ 1.977073] univ8250_console_exit ttyS0 usage:0\n[ 1.977075] serial8250 serial8250: Runtime PM usage count underflow!\n[ 1.977429] dw-apb-uart.6: ttyS0 at MMIO 0x4010006000 (irq = 33, base_baud = 115200) is a 16550A\n[ 1.977812] univ8250_console_setup ttyS0 usage:2\n[ 1.978167] printk: console [ttyS0] printing thread started\n[ 1.978203] printk: console [ttyS0] enabled\n\nTo fix the issue, call pm_runtime_get_sync() in\nserial8250_register_ports() as soon as .dev is set for an uart_port\nif it has console enabled.\n\nThis problem became apparent only recently because 82586a721595 (\"PM:\nruntime: Avoid device usage count underflows\") added the warning\nprintout. I confirmed this problem also occurs with v5.18 (w/o the\nwarning printout, obviously)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:48.842Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d9cb6fabc90102f9e61fe35bd0160db88f4f53b4"
},
{
"url": "https://git.kernel.org/stable/c/190ce5cdc55d1b66ea582ac2be6fd5a72e3cc486"
},
{
"url": "https://git.kernel.org/stable/c/5df66302f03f87ae8953785a882d78e911f00c55"
},
{
"url": "https://git.kernel.org/stable/c/f9b11229b79c0fb2100b5bb4628a101b1d37fbf6"
}
],
"title": "serial: 8250: Fix PM usage_count for console handover",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49613",
"datePublished": "2025-02-26T02:23:34.739Z",
"dateReserved": "2025-02-26T02:21:30.418Z",
"dateUpdated": "2025-05-04T08:41:48.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49615 (GCVE-0-2022-49615)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error
The initial settings will be written before the codec probe function.
But, the rt711->component doesn't be assigned yet.
If IO error happened during initial settings operations, it will cause the kernel panic.
This patch changed component->dev to slave->dev to fix this issue.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:34:51.365221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:51.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/rt711-sdca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "269be8b2907378adf72d7347cfa43ef230351a06",
"status": "affected",
"version": "7ad4d237e7c4a5dcc71cf438f646744b4484f1da",
"versionType": "git"
},
{
"lessThan": "7bb71133cae88d3003a3490b97864af76533072b",
"status": "affected",
"version": "7ad4d237e7c4a5dcc71cf438f646744b4484f1da",
"versionType": "git"
},
{
"lessThan": "1df793d479bef546569fc2e409ff8bb3f0fb8e99",
"status": "affected",
"version": "7ad4d237e7c4a5dcc71cf438f646744b4484f1da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/rt711-sdca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error\n\nThe initial settings will be written before the codec probe function.\nBut, the rt711-\u003ecomponent doesn\u0027t be assigned yet.\nIf IO error happened during initial settings operations, it will cause the kernel panic.\nThis patch changed component-\u003edev to slave-\u003edev to fix this issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:50.465Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/269be8b2907378adf72d7347cfa43ef230351a06"
},
{
"url": "https://git.kernel.org/stable/c/7bb71133cae88d3003a3490b97864af76533072b"
},
{
"url": "https://git.kernel.org/stable/c/1df793d479bef546569fc2e409ff8bb3f0fb8e99"
}
],
"title": "ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49615",
"datePublished": "2025-02-26T02:23:35.696Z",
"dateReserved": "2025-02-26T02:21:30.419Z",
"dateUpdated": "2025-10-01T19:36:51.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49663 (GCVE-0-2022-49663)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
Recently added debug in commit f9aefd6b2aa3 ("net: warn if mac header
was not set") caught a bug in skb_tunnel_check_pmtu(), as shown
in this syzbot report [1].
In ndo_start_xmit() paths, there is really no need to use skb->mac_header,
because skb->data is supposed to point at it.
[1] WARNING: CPU: 1 PID: 8604 at include/linux/skbuff.h:2784 skb_mac_header_len include/linux/skbuff.h:2784 [inline]
WARNING: CPU: 1 PID: 8604 at include/linux/skbuff.h:2784 skb_tunnel_check_pmtu+0x5de/0x2f90 net/ipv4/ip_tunnel_core.c:413
Modules linked in:
CPU: 1 PID: 8604 Comm: syz-executor.3 Not tainted 5.19.0-rc2-syzkaller-00443-g8720bd951b8e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:skb_mac_header_len include/linux/skbuff.h:2784 [inline]
RIP: 0010:skb_tunnel_check_pmtu+0x5de/0x2f90 net/ipv4/ip_tunnel_core.c:413
Code: 00 00 00 00 fc ff df 4c 89 fa 48 c1 ea 03 80 3c 02 00 0f 84 b9 fe ff ff 4c 89 ff e8 7c 0f d7 f9 e9 ac fe ff ff e8 c2 13 8a f9 <0f> 0b e9 28 fc ff ff e8 b6 13 8a f9 48 8b 54 24 70 48 b8 00 00 00
RSP: 0018:ffffc90002e4f520 EFLAGS: 00010212
RAX: 0000000000000324 RBX: ffff88804d5fd500 RCX: ffffc90005b52000
RDX: 0000000000040000 RSI: ffffffff87f05e3e RDI: 0000000000000003
RBP: ffffc90002e4f650 R08: 0000000000000003 R09: 000000000000ffff
R10: 000000000000ffff R11: 0000000000000000 R12: 000000000000ffff
R13: 0000000000000000 R14: 000000000000ffcd R15: 000000000000001f
FS: 00007f3babba9700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000080 CR3: 0000000075319000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
geneve_xmit_skb drivers/net/geneve.c:927 [inline]
geneve_xmit+0xcf8/0x35d0 drivers/net/geneve.c:1107
__netdev_start_xmit include/linux/netdevice.h:4805 [inline]
netdev_start_xmit include/linux/netdevice.h:4819 [inline]
__dev_direct_xmit+0x500/0x730 net/core/dev.c:4309
dev_direct_xmit include/linux/netdevice.h:3007 [inline]
packet_direct_xmit+0x1b8/0x2c0 net/packet/af_packet.c:282
packet_snd net/packet/af_packet.c:3073 [inline]
packet_sendmsg+0x21f4/0x55d0 net/packet/af_packet.c:3104
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:734
____sys_sendmsg+0x6eb/0x810 net/socket.c:2489
___sys_sendmsg+0xf3/0x170 net/socket.c:2543
__sys_sendmsg net/socket.c:2572 [inline]
__do_sys_sendmsg net/socket.c:2581 [inline]
__se_sys_sendmsg net/socket.c:2579 [inline]
__x64_sys_sendmsg+0x132/0x220 net/socket.c:2579
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f3baaa89109
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3babba9168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f3baab9bf60 RCX: 00007f3baaa89109
RDX: 0000000000000000 RSI: 0000000020000a00 RDI: 0000000000000003
RBP: 00007f3baaae305d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe74f2543f R14: 00007f3babba9300 R15: 0000000000022000
</TASK>
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "59c51c3b545128a92ebfb6dbae990d3abee110e7",
"status": "affected",
"version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
"versionType": "git"
},
{
"lessThan": "674a641e5b67e16ba3112eacd680ff87b38539de",
"status": "affected",
"version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
"versionType": "git"
},
{
"lessThan": "32dcf62efa0003f92a976aea0c57f118e689de8b",
"status": "affected",
"version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
"versionType": "git"
},
{
"lessThan": "853a7614880231747040cada91d2b8d2e995c51a",
"status": "affected",
"version": "4cb47a8644cc9eb8ec81190a50e79e6530d0297f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.129",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.53",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.10",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: do not assume mac header is set in skb_tunnel_check_pmtu()\n\nRecently added debug in commit f9aefd6b2aa3 (\"net: warn if mac header\nwas not set\") caught a bug in skb_tunnel_check_pmtu(), as shown\nin this syzbot report [1].\n\nIn ndo_start_xmit() paths, there is really no need to use skb-\u003emac_header,\nbecause skb-\u003edata is supposed to point at it.\n\n[1] WARNING: CPU: 1 PID: 8604 at include/linux/skbuff.h:2784 skb_mac_header_len include/linux/skbuff.h:2784 [inline]\nWARNING: CPU: 1 PID: 8604 at include/linux/skbuff.h:2784 skb_tunnel_check_pmtu+0x5de/0x2f90 net/ipv4/ip_tunnel_core.c:413\nModules linked in:\nCPU: 1 PID: 8604 Comm: syz-executor.3 Not tainted 5.19.0-rc2-syzkaller-00443-g8720bd951b8e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:skb_mac_header_len include/linux/skbuff.h:2784 [inline]\nRIP: 0010:skb_tunnel_check_pmtu+0x5de/0x2f90 net/ipv4/ip_tunnel_core.c:413\nCode: 00 00 00 00 fc ff df 4c 89 fa 48 c1 ea 03 80 3c 02 00 0f 84 b9 fe ff ff 4c 89 ff e8 7c 0f d7 f9 e9 ac fe ff ff e8 c2 13 8a f9 \u003c0f\u003e 0b e9 28 fc ff ff e8 b6 13 8a f9 48 8b 54 24 70 48 b8 00 00 00\nRSP: 0018:ffffc90002e4f520 EFLAGS: 00010212\nRAX: 0000000000000324 RBX: ffff88804d5fd500 RCX: ffffc90005b52000\nRDX: 0000000000040000 RSI: ffffffff87f05e3e RDI: 0000000000000003\nRBP: ffffc90002e4f650 R08: 0000000000000003 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000000 R12: 000000000000ffff\nR13: 0000000000000000 R14: 000000000000ffcd R15: 000000000000001f\nFS: 00007f3babba9700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000080 CR3: 0000000075319000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\ngeneve_xmit_skb drivers/net/geneve.c:927 [inline]\ngeneve_xmit+0xcf8/0x35d0 drivers/net/geneve.c:1107\n__netdev_start_xmit include/linux/netdevice.h:4805 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4819 [inline]\n__dev_direct_xmit+0x500/0x730 net/core/dev.c:4309\ndev_direct_xmit include/linux/netdevice.h:3007 [inline]\npacket_direct_xmit+0x1b8/0x2c0 net/packet/af_packet.c:282\npacket_snd net/packet/af_packet.c:3073 [inline]\npacket_sendmsg+0x21f4/0x55d0 net/packet/af_packet.c:3104\nsock_sendmsg_nosec net/socket.c:714 [inline]\nsock_sendmsg+0xcf/0x120 net/socket.c:734\n____sys_sendmsg+0x6eb/0x810 net/socket.c:2489\n___sys_sendmsg+0xf3/0x170 net/socket.c:2543\n__sys_sendmsg net/socket.c:2572 [inline]\n__do_sys_sendmsg net/socket.c:2581 [inline]\n__se_sys_sendmsg net/socket.c:2579 [inline]\n__x64_sys_sendmsg+0x132/0x220 net/socket.c:2579\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f3baaa89109\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3babba9168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3baab9bf60 RCX: 00007f3baaa89109\nRDX: 0000000000000000 RSI: 0000000020000a00 RDI: 0000000000000003\nRBP: 00007f3baaae305d R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007ffe74f2543f R14: 00007f3babba9300 R15: 0000000000022000\n\u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:50.048Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/59c51c3b545128a92ebfb6dbae990d3abee110e7"
},
{
"url": "https://git.kernel.org/stable/c/674a641e5b67e16ba3112eacd680ff87b38539de"
},
{
"url": "https://git.kernel.org/stable/c/32dcf62efa0003f92a976aea0c57f118e689de8b"
},
{
"url": "https://git.kernel.org/stable/c/853a7614880231747040cada91d2b8d2e995c51a"
}
],
"title": "tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49663",
"datePublished": "2025-02-26T02:23:59.311Z",
"dateReserved": "2025-02-26T02:21:30.435Z",
"dateUpdated": "2025-05-04T08:42:50.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49640 (GCVE-0-2022-49640)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sysctl: Fix data races in proc_douintvec_minmax().
A sysctl variable is accessed concurrently, and there is always a chance
of data-race. So, all readers and writers need some basic protection to
avoid load/store-tearing.
This patch changes proc_douintvec_minmax() to use READ_ONCE() and
WRITE_ONCE() internally to fix data-races on the sysctl side. For now,
proc_douintvec_minmax() itself is tolerant to a data-race, but we still
need to add annotations on the other subsystem's side.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:34:02.164289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:49.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/sysctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e3a2144b3b6bf9ecafd91087c8b8b48171ec19df",
"status": "affected",
"version": "61d9b56a89208d8cccd0b4cfec7e6959717e16e3",
"versionType": "git"
},
{
"lessThan": "40e0477a7371d101c55b69d9c32a7a1ed82ab5ea",
"status": "affected",
"version": "61d9b56a89208d8cccd0b4cfec7e6959717e16e3",
"versionType": "git"
},
{
"lessThan": "b60eddf98b9716651069dfda296c91311a7a6293",
"status": "affected",
"version": "61d9b56a89208d8cccd0b4cfec7e6959717e16e3",
"versionType": "git"
},
{
"lessThan": "2d3b559df3ed39258737789aae2ae7973d205bc1",
"status": "affected",
"version": "61d9b56a89208d8cccd0b4cfec7e6959717e16e3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/sysctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: Fix data races in proc_douintvec_minmax().\n\nA sysctl variable is accessed concurrently, and there is always a chance\nof data-race. So, all readers and writers need some basic protection to\navoid load/store-tearing.\n\nThis patch changes proc_douintvec_minmax() to use READ_ONCE() and\nWRITE_ONCE() internally to fix data-races on the sysctl side. For now,\nproc_douintvec_minmax() itself is tolerant to a data-race, but we still\nneed to add annotations on the other subsystem\u0027s side."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:22.851Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e3a2144b3b6bf9ecafd91087c8b8b48171ec19df"
},
{
"url": "https://git.kernel.org/stable/c/40e0477a7371d101c55b69d9c32a7a1ed82ab5ea"
},
{
"url": "https://git.kernel.org/stable/c/b60eddf98b9716651069dfda296c91311a7a6293"
},
{
"url": "https://git.kernel.org/stable/c/2d3b559df3ed39258737789aae2ae7973d205bc1"
}
],
"title": "sysctl: Fix data races in proc_douintvec_minmax().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49640",
"datePublished": "2025-02-26T02:23:48.206Z",
"dateReserved": "2025-02-26T02:21:30.430Z",
"dateUpdated": "2025-10-01T19:36:49.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49114 (GCVE-0-2022-49114)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-21 08:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: libfc: Fix use after free in fc_exch_abts_resp()
fc_exch_release(ep) will decrease the ep's reference count. When the
reference count reaches zero, it is freed. But ep is still used in the
following code, which will lead to a use after free.
Return after the fc_exch_release() call to avoid use after free.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a Version: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a Version: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a Version: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a Version: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a Version: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a Version: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a Version: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a Version: 42e9a92fe6a9095bd68a379aaec7ad2be0337f7a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T18:03:27.178498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T18:07:17.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/libfc/fc_exch.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4a131d4ea8b581ac9b01d3a72754db4848be3232",
"status": "affected",
"version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
"versionType": "git"
},
{
"lessThan": "499d198494e77b6533251b9b909baf5c101129cb",
"status": "affected",
"version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
"versionType": "git"
},
{
"lessThan": "6044ad64f41c87382cfeeca281573d1886d80cbe",
"status": "affected",
"version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
"versionType": "git"
},
{
"lessThan": "5cf2ce8967b0d98c8cfa4dc42ef4fcf080f5c836",
"status": "affected",
"version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
"versionType": "git"
},
{
"lessThan": "1d7effe5fff9d28e45e18ac3a564067c7ddfe898",
"status": "affected",
"version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
"versionType": "git"
},
{
"lessThan": "f581df412bc45c95176e3c808ee2839c05b2ab0c",
"status": "affected",
"version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
"versionType": "git"
},
{
"lessThan": "87909291762d08fdb60d19069d7a89b5b308d0ef",
"status": "affected",
"version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
"versionType": "git"
},
{
"lessThan": "412dd8299b02e4410fe77b8396953c1a8dde183a",
"status": "affected",
"version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
"versionType": "git"
},
{
"lessThan": "271add11994ba1a334859069367e04d2be2ebdd4",
"status": "affected",
"version": "42e9a92fe6a9095bd68a379aaec7ad2be0337f7a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/libfc/fc_exch.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libfc: Fix use after free in fc_exch_abts_resp()\n\nfc_exch_release(ep) will decrease the ep\u0027s reference count. When the\nreference count reaches zero, it is freed. But ep is still used in the\nfollowing code, which will lead to a use after free.\n\nReturn after the fc_exch_release() call to avoid use after free."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:44:06.430Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4a131d4ea8b581ac9b01d3a72754db4848be3232"
},
{
"url": "https://git.kernel.org/stable/c/499d198494e77b6533251b9b909baf5c101129cb"
},
{
"url": "https://git.kernel.org/stable/c/6044ad64f41c87382cfeeca281573d1886d80cbe"
},
{
"url": "https://git.kernel.org/stable/c/5cf2ce8967b0d98c8cfa4dc42ef4fcf080f5c836"
},
{
"url": "https://git.kernel.org/stable/c/1d7effe5fff9d28e45e18ac3a564067c7ddfe898"
},
{
"url": "https://git.kernel.org/stable/c/f581df412bc45c95176e3c808ee2839c05b2ab0c"
},
{
"url": "https://git.kernel.org/stable/c/87909291762d08fdb60d19069d7a89b5b308d0ef"
},
{
"url": "https://git.kernel.org/stable/c/412dd8299b02e4410fe77b8396953c1a8dde183a"
},
{
"url": "https://git.kernel.org/stable/c/271add11994ba1a334859069367e04d2be2ebdd4"
}
],
"title": "scsi: libfc: Fix use after free in fc_exch_abts_resp()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49114",
"datePublished": "2025-02-26T01:54:58.172Z",
"dateReserved": "2025-02-26T01:49:39.262Z",
"dateUpdated": "2025-05-21T08:44:06.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49274 (GCVE-0-2022-49274)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix crash when mount with quota enabled
There is a reported crash when mounting ocfs2 with quota enabled.
RIP: 0010:ocfs2_qinfo_lock_res_init+0x44/0x50 [ocfs2]
Call Trace:
ocfs2_local_read_info+0xb9/0x6f0 [ocfs2]
dquot_load_quota_sb+0x216/0x470
dquot_load_quota_inode+0x85/0x100
ocfs2_enable_quotas+0xa0/0x1c0 [ocfs2]
ocfs2_fill_super.cold+0xc8/0x1bf [ocfs2]
mount_bdev+0x185/0x1b0
legacy_get_tree+0x27/0x40
vfs_get_tree+0x25/0xb0
path_mount+0x465/0xac0
__x64_sys_mount+0x103/0x140
It is caused by when initializing dqi_gqlock, the corresponding dqi_type
and dqi_sb are not properly initialized.
This issue is introduced by commit 6c85c2c72819, which wants to avoid
accessing uninitialized variables in error cases. So make global quota
info properly initialized.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/quota_global.c",
"fs/ocfs2/quota_local.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7c5312fdb1dcfdc1951b018669af88d5d6420b31",
"status": "affected",
"version": "6c85c2c728193d19d6a908ae9fb312d0325e65ca",
"versionType": "git"
},
{
"lessThan": "01931e1c4e3de5d777253acae64c0e8fd071a1dd",
"status": "affected",
"version": "6c85c2c728193d19d6a908ae9fb312d0325e65ca",
"versionType": "git"
},
{
"lessThan": "eda31f77317647b9fbf889779ee1fb6907651865",
"status": "affected",
"version": "6c85c2c728193d19d6a908ae9fb312d0325e65ca",
"versionType": "git"
},
{
"lessThan": "de19433423c7bedabbd4f9a25f7dbc62c5e78921",
"status": "affected",
"version": "6c85c2c728193d19d6a908ae9fb312d0325e65ca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/quota_global.c",
"fs/ocfs2/quota_local.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix crash when mount with quota enabled\n\nThere is a reported crash when mounting ocfs2 with quota enabled.\n\n RIP: 0010:ocfs2_qinfo_lock_res_init+0x44/0x50 [ocfs2]\n Call Trace:\n ocfs2_local_read_info+0xb9/0x6f0 [ocfs2]\n dquot_load_quota_sb+0x216/0x470\n dquot_load_quota_inode+0x85/0x100\n ocfs2_enable_quotas+0xa0/0x1c0 [ocfs2]\n ocfs2_fill_super.cold+0xc8/0x1bf [ocfs2]\n mount_bdev+0x185/0x1b0\n legacy_get_tree+0x27/0x40\n vfs_get_tree+0x25/0xb0\n path_mount+0x465/0xac0\n __x64_sys_mount+0x103/0x140\n\nIt is caused by when initializing dqi_gqlock, the corresponding dqi_type\nand dqi_sb are not properly initialized.\n\nThis issue is introduced by commit 6c85c2c72819, which wants to avoid\naccessing uninitialized variables in error cases. So make global quota\ninfo properly initialized."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:57.145Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7c5312fdb1dcfdc1951b018669af88d5d6420b31"
},
{
"url": "https://git.kernel.org/stable/c/01931e1c4e3de5d777253acae64c0e8fd071a1dd"
},
{
"url": "https://git.kernel.org/stable/c/eda31f77317647b9fbf889779ee1fb6907651865"
},
{
"url": "https://git.kernel.org/stable/c/de19433423c7bedabbd4f9a25f7dbc62c5e78921"
}
],
"title": "ocfs2: fix crash when mount with quota enabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49274",
"datePublished": "2025-02-26T01:56:19.586Z",
"dateReserved": "2025-02-26T01:49:39.297Z",
"dateUpdated": "2025-05-04T08:33:57.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49670 (GCVE-0-2022-49670)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
linux/dim: Fix divide by 0 in RDMA DIM
Fix a divide 0 error in rdma_dim_stats_compare() when prev->cpe_ratio ==
0.
CallTrace:
Hardware name: H3C R4900 G3/RS33M2C9S, BIOS 2.00.37P21 03/12/2020
task: ffff880194b78000 task.stack: ffffc90006714000
RIP: 0010:backport_rdma_dim+0x10e/0x240 [mlx_compat]
RSP: 0018:ffff880c10e83ec0 EFLAGS: 00010202
RAX: 0000000000002710 RBX: ffff88096cd7f780 RCX: 0000000000000064
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 000000001d7c6c09
R13: ffff88096cd7f780 R14: ffff880b174fe800 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff880c10e80000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000a0965b00 CR3: 000000000200a003 CR4: 00000000007606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<IRQ>
ib_poll_handler+0x43/0x80 [ib_core]
irq_poll_softirq+0xae/0x110
__do_softirq+0xd1/0x28c
irq_exit+0xde/0xf0
do_IRQ+0x54/0xe0
common_interrupt+0x8f/0x8f
</IRQ>
? cpuidle_enter_state+0xd9/0x2a0
? cpuidle_enter_state+0xc7/0x2a0
? do_idle+0x170/0x1d0
? cpu_startup_entry+0x6f/0x80
? start_secondary+0x1b9/0x210
? secondary_startup_64+0xa5/0xb0
Code: 0f 87 e1 00 00 00 8b 4c 24 14 44 8b 43 14 89 c8 4d 63 c8 44 29 c0 99 31 d0 29 d0 31 d2 48 98 48 8d 04 80 48 8d 04 80 48 c1 e0 02 <49> f7 f1 48 83 f8 0a 0f 86 c1 00 00 00 44 39 c1 7f 10 48 89 df
RIP: backport_rdma_dim+0x10e/0x240 [mlx_compat] RSP: ffff880c10e83ec0
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:21.787883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:47.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/dim.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5af106f8e072aebd88b95e164a08fa320651a99a",
"status": "affected",
"version": "f4915455dcf07c4f237d6160a4b6adb0575d2909",
"versionType": "git"
},
{
"lessThan": "fae2a9fb1eaf348ad8732f90d42ebbb971bd7e95",
"status": "affected",
"version": "f4915455dcf07c4f237d6160a4b6adb0575d2909",
"versionType": "git"
},
{
"lessThan": "0b6e0eb5c45e79e9095de2498cc0ca5ec563fc5e",
"status": "affected",
"version": "f4915455dcf07c4f237d6160a4b6adb0575d2909",
"versionType": "git"
},
{
"lessThan": "7c1963391af51ee322378d1b2849c60e9037f069",
"status": "affected",
"version": "f4915455dcf07c4f237d6160a4b6adb0575d2909",
"versionType": "git"
},
{
"lessThan": "0fe3dbbefb74a8575f61d7801b08dbc50523d60d",
"status": "affected",
"version": "f4915455dcf07c4f237d6160a4b6adb0575d2909",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/dim.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.204",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.204",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.129",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.53",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.10",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlinux/dim: Fix divide by 0 in RDMA DIM\n\nFix a divide 0 error in rdma_dim_stats_compare() when prev-\u003ecpe_ratio ==\n0.\n\nCallTrace:\n Hardware name: H3C R4900 G3/RS33M2C9S, BIOS 2.00.37P21 03/12/2020\n task: ffff880194b78000 task.stack: ffffc90006714000\n RIP: 0010:backport_rdma_dim+0x10e/0x240 [mlx_compat]\n RSP: 0018:ffff880c10e83ec0 EFLAGS: 00010202\n RAX: 0000000000002710 RBX: ffff88096cd7f780 RCX: 0000000000000064\n RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001\n RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 000000001d7c6c09\n R13: ffff88096cd7f780 R14: ffff880b174fe800 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff880c10e80000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000a0965b00 CR3: 000000000200a003 CR4: 00000000007606e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ib_poll_handler+0x43/0x80 [ib_core]\n irq_poll_softirq+0xae/0x110\n __do_softirq+0xd1/0x28c\n irq_exit+0xde/0xf0\n do_IRQ+0x54/0xe0\n common_interrupt+0x8f/0x8f\n \u003c/IRQ\u003e\n ? cpuidle_enter_state+0xd9/0x2a0\n ? cpuidle_enter_state+0xc7/0x2a0\n ? do_idle+0x170/0x1d0\n ? cpu_startup_entry+0x6f/0x80\n ? start_secondary+0x1b9/0x210\n ? secondary_startup_64+0xa5/0xb0\n Code: 0f 87 e1 00 00 00 8b 4c 24 14 44 8b 43 14 89 c8 4d 63 c8 44 29 c0 99 31 d0 29 d0 31 d2 48 98 48 8d 04 80 48 8d 04 80 48 c1 e0 02 \u003c49\u003e f7 f1 48 83 f8 0a 0f 86 c1 00 00 00 44 39 c1 7f 10 48 89 df\n RIP: backport_rdma_dim+0x10e/0x240 [mlx_compat] RSP: ffff880c10e83ec0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:58.686Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5af106f8e072aebd88b95e164a08fa320651a99a"
},
{
"url": "https://git.kernel.org/stable/c/fae2a9fb1eaf348ad8732f90d42ebbb971bd7e95"
},
{
"url": "https://git.kernel.org/stable/c/0b6e0eb5c45e79e9095de2498cc0ca5ec563fc5e"
},
{
"url": "https://git.kernel.org/stable/c/7c1963391af51ee322378d1b2849c60e9037f069"
},
{
"url": "https://git.kernel.org/stable/c/0fe3dbbefb74a8575f61d7801b08dbc50523d60d"
}
],
"title": "linux/dim: Fix divide by 0 in RDMA DIM",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49670",
"datePublished": "2025-02-26T02:24:03.938Z",
"dateReserved": "2025-02-26T02:21:30.436Z",
"dateUpdated": "2025-10-01T19:36:47.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49723 (GCVE-0-2022-49723)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/reset: Fix error_state_read ptr + offset use
Fix our pointer offset usage in error_state_read
when there is no i915_gpu_coredump but buf offset
is non-zero.
This fixes a kernel page fault can happen when
multiple tests are running concurrently in a loop
and one is producing engine resets and consuming
the i915 error_state dump while the other is
forcing full GT resets. (takes a while to trigger).
The dmesg call trace:
[ 5590.803000] BUG: unable to handle page fault for address:
ffffffffa0b0e000
[ 5590.803009] #PF: supervisor read access in kernel mode
[ 5590.803013] #PF: error_code(0x0000) - not-present page
[ 5590.803016] PGD 5814067 P4D 5814067 PUD 5815063 PMD 109de4067
PTE 0
[ 5590.803022] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 5590.803026] CPU: 5 PID: 13656 Comm: i915_hangman Tainted: G U
5.17.0-rc5-ups69-guc-err-capt-rev6+ #136
[ 5590.803033] Hardware name: Intel Corporation Alder Lake Client
Platform/AlderLake-M LP4x RVP, BIOS ADLPFWI1.R00.
3031.A02.2201171222 01/17/2022
[ 5590.803039] RIP: 0010:memcpy_erms+0x6/0x10
[ 5590.803045] Code: fe ff ff cc eb 1e 0f 1f 00 48 89 f8 48 89 d1
48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3
66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4
c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20
72 7e 40 38 fe
[ 5590.803054] RSP: 0018:ffffc90003a8fdf0 EFLAGS: 00010282
[ 5590.803057] RAX: ffff888107ee9000 RBX: ffff888108cb1a00
RCX: 0000000000000f8f
[ 5590.803061] RDX: 0000000000001000 RSI: ffffffffa0b0e000
RDI: ffff888107ee9071
[ 5590.803065] RBP: 0000000000000000 R08: 0000000000000001
R09: 0000000000000001
[ 5590.803069] R10: 0000000000000001 R11: 0000000000000002
R12: 0000000000000019
[ 5590.803073] R13: 0000000000174fff R14: 0000000000001000
R15: ffff888107ee9000
[ 5590.803077] FS: 00007f62a99bee80(0000) GS:ffff88849f880000(0000)
knlGS:0000000000000000
[ 5590.803082] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5590.803085] CR2: ffffffffa0b0e000 CR3: 000000010a1a8004
CR4: 0000000000770ee0
[ 5590.803089] PKRU: 55555554
[ 5590.803091] Call Trace:
[ 5590.803093] <TASK>
[ 5590.803096] error_state_read+0xa1/0xd0 [i915]
[ 5590.803175] kernfs_fop_read_iter+0xb2/0x1b0
[ 5590.803180] new_sync_read+0x116/0x1a0
[ 5590.803185] vfs_read+0x114/0x1b0
[ 5590.803189] ksys_read+0x63/0xe0
[ 5590.803193] do_syscall_64+0x38/0xc0
[ 5590.803197] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 5590.803201] RIP: 0033:0x7f62aaea5912
[ 5590.803204] Code: c0 e9 b2 fe ff ff 50 48 8d 3d 5a b9 0c 00 e8 05
19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25
18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff
ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24
[ 5590.803213] RSP: 002b:00007fff5b659ae8 EFLAGS: 00000246
ORIG_RAX: 0000000000000000
[ 5590.803218] RAX: ffffffffffffffda RBX: 0000000000100000
RCX: 00007f62aaea5912
[ 5590.803221] RDX: 000000000008b000 RSI: 00007f62a8c4000f
RDI: 0000000000000006
[ 5590.803225] RBP: 00007f62a8bcb00f R08: 0000000000200010
R09: 0000000000101000
[ 5590.803229] R10: 0000000000000001 R11: 0000000000000246
R12: 0000000000000006
[ 5590.803233] R13: 0000000000075000 R14: 00007f62a8acb010
R15: 0000000000200000
[ 5590.803238] </TASK>
[ 5590.803240] Modules linked in: i915 ttm drm_buddy drm_dp_helper
drm_kms_helper syscopyarea sysfillrect sysimgblt
fb_sys_fops prime_numbers nfnetlink br_netfilter
overlay mei_pxp mei_hdcp x86_pkg_temp_thermal
coretemp kvm_intel snd_hda_codec_hdmi snd_hda_intel
---truncated---
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/i915_sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "63b26fe0252f923e6aca373e3ad4b31202dcd331",
"status": "affected",
"version": "0e39037b3165567660b0e03f67534da5269a0465",
"versionType": "git"
},
{
"lessThan": "f4c5eba87675a07a6c28cdaca7366aeb4258ec78",
"status": "affected",
"version": "0e39037b3165567660b0e03f67534da5269a0465",
"versionType": "git"
},
{
"lessThan": "606e5d565605e26bf61a0933a6d56940f339c080",
"status": "affected",
"version": "0e39037b3165567660b0e03f67534da5269a0465",
"versionType": "git"
},
{
"lessThan": "c9b576d0c7bf55aeae1a736da7974fa202c4394d",
"status": "affected",
"version": "0e39037b3165567660b0e03f67534da5269a0465",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/i915_sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/reset: Fix error_state_read ptr + offset use\n\nFix our pointer offset usage in error_state_read\nwhen there is no i915_gpu_coredump but buf offset\nis non-zero.\n\nThis fixes a kernel page fault can happen when\nmultiple tests are running concurrently in a loop\nand one is producing engine resets and consuming\nthe i915 error_state dump while the other is\nforcing full GT resets. (takes a while to trigger).\n\nThe dmesg call trace:\n\n[ 5590.803000] BUG: unable to handle page fault for address:\n ffffffffa0b0e000\n[ 5590.803009] #PF: supervisor read access in kernel mode\n[ 5590.803013] #PF: error_code(0x0000) - not-present page\n[ 5590.803016] PGD 5814067 P4D 5814067 PUD 5815063 PMD 109de4067\n PTE 0\n[ 5590.803022] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 5590.803026] CPU: 5 PID: 13656 Comm: i915_hangman Tainted: G U\n 5.17.0-rc5-ups69-guc-err-capt-rev6+ #136\n[ 5590.803033] Hardware name: Intel Corporation Alder Lake Client\n Platform/AlderLake-M LP4x RVP, BIOS ADLPFWI1.R00.\n 3031.A02.2201171222\t01/17/2022\n[ 5590.803039] RIP: 0010:memcpy_erms+0x6/0x10\n[ 5590.803045] Code: fe ff ff cc eb 1e 0f 1f 00 48 89 f8 48 89 d1\n 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3\n 66 0f 1f 44 00 00 48 89 f8 48 89 d1 \u003cf3\u003e a4\n c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20\n 72 7e 40 38 fe\n[ 5590.803054] RSP: 0018:ffffc90003a8fdf0 EFLAGS: 00010282\n[ 5590.803057] RAX: ffff888107ee9000 RBX: ffff888108cb1a00\n RCX: 0000000000000f8f\n[ 5590.803061] RDX: 0000000000001000 RSI: ffffffffa0b0e000\n RDI: ffff888107ee9071\n[ 5590.803065] RBP: 0000000000000000 R08: 0000000000000001\n R09: 0000000000000001\n[ 5590.803069] R10: 0000000000000001 R11: 0000000000000002\n R12: 0000000000000019\n[ 5590.803073] R13: 0000000000174fff R14: 0000000000001000\n R15: ffff888107ee9000\n[ 5590.803077] FS: 00007f62a99bee80(0000) GS:ffff88849f880000(0000)\n knlGS:0000000000000000\n[ 5590.803082] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 5590.803085] CR2: ffffffffa0b0e000 CR3: 000000010a1a8004\n CR4: 0000000000770ee0\n[ 5590.803089] PKRU: 55555554\n[ 5590.803091] Call Trace:\n[ 5590.803093] \u003cTASK\u003e\n[ 5590.803096] error_state_read+0xa1/0xd0 [i915]\n[ 5590.803175] kernfs_fop_read_iter+0xb2/0x1b0\n[ 5590.803180] new_sync_read+0x116/0x1a0\n[ 5590.803185] vfs_read+0x114/0x1b0\n[ 5590.803189] ksys_read+0x63/0xe0\n[ 5590.803193] do_syscall_64+0x38/0xc0\n[ 5590.803197] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 5590.803201] RIP: 0033:0x7f62aaea5912\n[ 5590.803204] Code: c0 e9 b2 fe ff ff 50 48 8d 3d 5a b9 0c 00 e8 05\n 19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25\n 18 00 00 00 85 c0 75 10 0f 05 \u003c48\u003e 3d 00 f0 ff\n ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24\n[ 5590.803213] RSP: 002b:00007fff5b659ae8 EFLAGS: 00000246\n ORIG_RAX: 0000000000000000\n[ 5590.803218] RAX: ffffffffffffffda RBX: 0000000000100000\n RCX: 00007f62aaea5912\n[ 5590.803221] RDX: 000000000008b000 RSI: 00007f62a8c4000f\n RDI: 0000000000000006\n[ 5590.803225] RBP: 00007f62a8bcb00f R08: 0000000000200010\n R09: 0000000000101000\n[ 5590.803229] R10: 0000000000000001 R11: 0000000000000246\n R12: 0000000000000006\n[ 5590.803233] R13: 0000000000075000 R14: 00007f62a8acb010\n R15: 0000000000200000\n[ 5590.803238] \u003c/TASK\u003e\n[ 5590.803240] Modules linked in: i915 ttm drm_buddy drm_dp_helper\n drm_kms_helper syscopyarea sysfillrect sysimgblt\n fb_sys_fops prime_numbers nfnetlink br_netfilter\n overlay mei_pxp mei_hdcp x86_pkg_temp_thermal\n coretemp kvm_intel snd_hda_codec_hdmi snd_hda_intel\n \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:44:06.699Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/63b26fe0252f923e6aca373e3ad4b31202dcd331"
},
{
"url": "https://git.kernel.org/stable/c/f4c5eba87675a07a6c28cdaca7366aeb4258ec78"
},
{
"url": "https://git.kernel.org/stable/c/606e5d565605e26bf61a0933a6d56940f339c080"
},
{
"url": "https://git.kernel.org/stable/c/c9b576d0c7bf55aeae1a736da7974fa202c4394d"
}
],
"title": "drm/i915/reset: Fix error_state_read ptr + offset use",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49723",
"datePublished": "2025-02-26T02:24:36.049Z",
"dateReserved": "2025-02-26T02:21:30.447Z",
"dateUpdated": "2025-05-04T08:44:06.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47654 (GCVE-0-2021-47654)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
samples/landlock: Fix path_list memory leak
Clang static analysis reports this error
sandboxer.c:134:8: warning: Potential leak of memory
pointed to by 'path_list'
ret = 0;
^
path_list is allocated in parse_path() but never freed.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:18.388284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:07.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"samples/landlock/sandboxer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "20fbf100f84b9aeb9c91421abe1927bc152bc32b",
"status": "affected",
"version": "ba84b0bf5a164f0f523656c1e37568c30f3f3303",
"versionType": "git"
},
{
"lessThan": "49b0d8bf05809df5f87e5c03e26d74bdfdab4571",
"status": "affected",
"version": "ba84b0bf5a164f0f523656c1e37568c30f3f3303",
"versionType": "git"
},
{
"lessThan": "017196730299ccd6eed24bbfabed8af4ffd81530",
"status": "affected",
"version": "ba84b0bf5a164f0f523656c1e37568c30f3f3303",
"versionType": "git"
},
{
"lessThan": "66b513b7c64a7290c1fbb88e657f7cece992e131",
"status": "affected",
"version": "ba84b0bf5a164f0f523656c1e37568c30f3f3303",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"samples/landlock/sandboxer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsamples/landlock: Fix path_list memory leak\n\nClang static analysis reports this error\n\nsandboxer.c:134:8: warning: Potential leak of memory\n pointed to by \u0027path_list\u0027\n ret = 0;\n ^\npath_list is allocated in parse_path() but never freed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:40.959Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/20fbf100f84b9aeb9c91421abe1927bc152bc32b"
},
{
"url": "https://git.kernel.org/stable/c/49b0d8bf05809df5f87e5c03e26d74bdfdab4571"
},
{
"url": "https://git.kernel.org/stable/c/017196730299ccd6eed24bbfabed8af4ffd81530"
},
{
"url": "https://git.kernel.org/stable/c/66b513b7c64a7290c1fbb88e657f7cece992e131"
}
],
"title": "samples/landlock: Fix path_list memory leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47654",
"datePublished": "2025-02-26T01:54:19.083Z",
"dateReserved": "2025-02-26T01:48:21.520Z",
"dateUpdated": "2025-10-01T19:57:07.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49158 (GCVE-0-2022-49158)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix warning message due to adisc being flushed
Fix warning message due to adisc being flushed. Linux kernel triggered a
warning message where a different error code type is not matching up with
the expected type. Add additional translation of one error code type to
another.
WARNING: CPU: 2 PID: 1131623 at drivers/scsi/qla2xxx/qla_init.c:498
qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx]
CPU: 2 PID: 1131623 Comm: drmgr Not tainted 5.13.0-rc1-autotest #1
..
GPR28: c000000aaa9c8890 c0080000079ab678 c00000140a104800 c00000002bd19000
NIP [c00800000790857c] qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx]
LR [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx]
Call Trace:
[c00000001cdc3620] [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx] (unreliable)
[c00000001cdc3710] [c0080000078f3080] __qla2x00_abort_all_cmds+0x1b8/0x580 [qla2xxx]
[c00000001cdc3840] [c0080000078f589c] qla2x00_abort_all_cmds+0x34/0xd0 [qla2xxx]
[c00000001cdc3880] [c0080000079153d8] qla2x00_abort_isp_cleanup+0x3f0/0x570 [qla2xxx]
[c00000001cdc3920] [c0080000078fb7e8] qla2x00_remove_one+0x3d0/0x480 [qla2xxx]
[c00000001cdc39b0] [c00000000071c274] pci_device_remove+0x64/0x120
[c00000001cdc39f0] [c0000000007fb818] device_release_driver_internal+0x168/0x2a0
[c00000001cdc3a30] [c00000000070e304] pci_stop_bus_device+0xb4/0x100
[c00000001cdc3a70] [c00000000070e4f0] pci_stop_and_remove_bus_device+0x20/0x40
[c00000001cdc3aa0] [c000000000073940] pci_hp_remove_devices+0x90/0x130
[c00000001cdc3b30] [c0080000070704d0] disable_slot+0x38/0x90 [rpaphp] [
c00000001cdc3b60] [c00000000073eb4c] power_write_file+0xcc/0x180
[c00000001cdc3be0] [c0000000007354bc] pci_slot_attr_store+0x3c/0x60
[c00000001cdc3c00] [c00000000055f820] sysfs_kf_write+0x60/0x80 [c00000001cdc3c20]
[c00000000055df10] kernfs_fop_write_iter+0x1a0/0x290
[c00000001cdc3c70] [c000000000447c4c] new_sync_write+0x14c/0x1d0
[c00000001cdc3d10] [c00000000044b134] vfs_write+0x224/0x330
[c00000001cdc3d60] [c00000000044b3f4] ksys_write+0x74/0x130
[c00000001cdc3db0] [c00000000002df70] system_call_exception+0x150/0x2d0
[c00000001cdc3e10] [c00000000000d45c] system_call_common+0xec/0x278
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7a3457777c4f700c64836e78dc71e6ce459f62b8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b13baf97ddbc1a7e7536168383bc0d84c2204b03",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d8fb8da69e194e0249b3cdb746ef09ce823ae26b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "64f24af75b79cba3b86b0760e27e0fa904db570f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix warning message due to adisc being flushed\n\nFix warning message due to adisc being flushed. Linux kernel triggered a\nwarning message where a different error code type is not matching up with\nthe expected type. Add additional translation of one error code type to\nanother.\n\nWARNING: CPU: 2 PID: 1131623 at drivers/scsi/qla2xxx/qla_init.c:498\nqla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx]\nCPU: 2 PID: 1131623 Comm: drmgr Not tainted 5.13.0-rc1-autotest #1\n..\nGPR28: c000000aaa9c8890 c0080000079ab678 c00000140a104800 c00000002bd19000\nNIP [c00800000790857c] qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx]\nLR [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx]\nCall Trace:\n[c00000001cdc3620] [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx] (unreliable)\n[c00000001cdc3710] [c0080000078f3080] __qla2x00_abort_all_cmds+0x1b8/0x580 [qla2xxx]\n[c00000001cdc3840] [c0080000078f589c] qla2x00_abort_all_cmds+0x34/0xd0 [qla2xxx]\n[c00000001cdc3880] [c0080000079153d8] qla2x00_abort_isp_cleanup+0x3f0/0x570 [qla2xxx]\n[c00000001cdc3920] [c0080000078fb7e8] qla2x00_remove_one+0x3d0/0x480 [qla2xxx]\n[c00000001cdc39b0] [c00000000071c274] pci_device_remove+0x64/0x120\n[c00000001cdc39f0] [c0000000007fb818] device_release_driver_internal+0x168/0x2a0\n[c00000001cdc3a30] [c00000000070e304] pci_stop_bus_device+0xb4/0x100\n[c00000001cdc3a70] [c00000000070e4f0] pci_stop_and_remove_bus_device+0x20/0x40\n[c00000001cdc3aa0] [c000000000073940] pci_hp_remove_devices+0x90/0x130\n[c00000001cdc3b30] [c0080000070704d0] disable_slot+0x38/0x90 [rpaphp] [\nc00000001cdc3b60] [c00000000073eb4c] power_write_file+0xcc/0x180\n[c00000001cdc3be0] [c0000000007354bc] pci_slot_attr_store+0x3c/0x60\n[c00000001cdc3c00] [c00000000055f820] sysfs_kf_write+0x60/0x80 [c00000001cdc3c20]\n[c00000000055df10] kernfs_fop_write_iter+0x1a0/0x290\n[c00000001cdc3c70] [c000000000447c4c] new_sync_write+0x14c/0x1d0\n[c00000001cdc3d10] [c00000000044b134] vfs_write+0x224/0x330\n[c00000001cdc3d60] [c00000000044b3f4] ksys_write+0x74/0x130\n[c00000001cdc3db0] [c00000000002df70] system_call_exception+0x150/0x2d0\n[c00000001cdc3e10] [c00000000000d45c] system_call_common+0xec/0x278"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:14.183Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7a3457777c4f700c64836e78dc71e6ce459f62b8"
},
{
"url": "https://git.kernel.org/stable/c/b13baf97ddbc1a7e7536168383bc0d84c2204b03"
},
{
"url": "https://git.kernel.org/stable/c/d8fb8da69e194e0249b3cdb746ef09ce823ae26b"
},
{
"url": "https://git.kernel.org/stable/c/64f24af75b79cba3b86b0760e27e0fa904db570f"
}
],
"title": "scsi: qla2xxx: Fix warning message due to adisc being flushed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49158",
"datePublished": "2025-02-26T01:55:21.304Z",
"dateReserved": "2025-02-26T01:49:39.276Z",
"dateUpdated": "2025-05-04T08:31:14.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49523 (GCVE-0-2022-49523)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ath11k: disable spectral scan during spectral deinit
When ath11k modules are removed using rmmod with spectral scan enabled,
crash is observed. Different crash trace is observed for each crash.
Send spectral scan disable WMI command to firmware before cleaning
the spectral dbring in the spectral_deinit API to avoid this crash.
call trace from one of the crash observed:
[ 1252.880802] Unable to handle kernel NULL pointer dereference at virtual address 00000008
[ 1252.882722] pgd = 0f42e886
[ 1252.890955] [00000008] *pgd=00000000
[ 1252.893478] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 1253.093035] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.4.89 #0
[ 1253.115261] Hardware name: Generic DT based system
[ 1253.121149] PC is at ath11k_spectral_process_data+0x434/0x574 [ath11k]
[ 1253.125940] LR is at 0x88e31017
[ 1253.132448] pc : [<7f9387b8>] lr : [<88e31017>] psr: a0000193
[ 1253.135488] sp : 80d01bc8 ip : 00000001 fp : 970e0000
[ 1253.141737] r10: 88e31000 r9 : 970ec000 r8 : 00000080
[ 1253.146946] r7 : 94734040 r6 : a0000113 r5 : 00000057 r4 : 00000000
[ 1253.152159] r3 : e18cb694 r2 : 00000217 r1 : 1df1f000 r0 : 00000001
[ 1253.158755] Flags: NzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 1253.165266] Control: 10c0383d Table: 5e71006a DAC: 00000055
[ 1253.172472] Process swapper/0 (pid: 0, stack limit = 0x60870141)
[ 1253.458055] [<7f9387b8>] (ath11k_spectral_process_data [ath11k]) from [<7f917fdc>] (ath11k_dbring_buffer_release_event+0x214/0x2e4 [ath11k])
[ 1253.466139] [<7f917fdc>] (ath11k_dbring_buffer_release_event [ath11k]) from [<7f8ea3c4>] (ath11k_wmi_tlv_op_rx+0x1840/0x29cc [ath11k])
[ 1253.478807] [<7f8ea3c4>] (ath11k_wmi_tlv_op_rx [ath11k]) from [<7f8fe868>] (ath11k_htc_rx_completion_handler+0x180/0x4e0 [ath11k])
[ 1253.490699] [<7f8fe868>] (ath11k_htc_rx_completion_handler [ath11k]) from [<7f91308c>] (ath11k_ce_per_engine_service+0x2c4/0x3b4 [ath11k])
[ 1253.502386] [<7f91308c>] (ath11k_ce_per_engine_service [ath11k]) from [<7f9a4198>] (ath11k_pci_ce_tasklet+0x28/0x80 [ath11k_pci])
[ 1253.514811] [<7f9a4198>] (ath11k_pci_ce_tasklet [ath11k_pci]) from [<8032227c>] (tasklet_action_common.constprop.2+0x64/0xe8)
[ 1253.526476] [<8032227c>] (tasklet_action_common.constprop.2) from [<803021e8>] (__do_softirq+0x130/0x2d0)
[ 1253.537756] [<803021e8>] (__do_softirq) from [<80322610>] (irq_exit+0xcc/0xe8)
[ 1253.547304] [<80322610>] (irq_exit) from [<8036a4a4>] (__handle_domain_irq+0x60/0xb4)
[ 1253.554428] [<8036a4a4>] (__handle_domain_irq) from [<805eb348>] (gic_handle_irq+0x4c/0x90)
[ 1253.562321] [<805eb348>] (gic_handle_irq) from [<80301a78>] (__irq_svc+0x58/0x8c)
Tested-on: QCN6122 hw1.0 AHB WLAN.HK.2.6.0.1-00851-QCAHKSWPL_SILICONZ-1
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:38:09.164993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:41.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/spectral.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "60afa4f4e1350c876d8a061182a70c224de275dd",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "451b9076903a057b7b8d5b24dc84b3e436a1c743",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "4b9c54caef58d2b55074710952cda70540722c01",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "8f15e67af9bec5a69e815e0230a70cffddae371a",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "161c64de239c7018e0295e7e0520a19f00aa32dc",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/spectral.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: disable spectral scan during spectral deinit\n\nWhen ath11k modules are removed using rmmod with spectral scan enabled,\ncrash is observed. Different crash trace is observed for each crash.\n\nSend spectral scan disable WMI command to firmware before cleaning\nthe spectral dbring in the spectral_deinit API to avoid this crash.\n\ncall trace from one of the crash observed:\n[ 1252.880802] Unable to handle kernel NULL pointer dereference at virtual address 00000008\n[ 1252.882722] pgd = 0f42e886\n[ 1252.890955] [00000008] *pgd=00000000\n[ 1252.893478] Internal error: Oops: 5 [#1] PREEMPT SMP ARM\n[ 1253.093035] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.4.89 #0\n[ 1253.115261] Hardware name: Generic DT based system\n[ 1253.121149] PC is at ath11k_spectral_process_data+0x434/0x574 [ath11k]\n[ 1253.125940] LR is at 0x88e31017\n[ 1253.132448] pc : [\u003c7f9387b8\u003e] lr : [\u003c88e31017\u003e] psr: a0000193\n[ 1253.135488] sp : 80d01bc8 ip : 00000001 fp : 970e0000\n[ 1253.141737] r10: 88e31000 r9 : 970ec000 r8 : 00000080\n[ 1253.146946] r7 : 94734040 r6 : a0000113 r5 : 00000057 r4 : 00000000\n[ 1253.152159] r3 : e18cb694 r2 : 00000217 r1 : 1df1f000 r0 : 00000001\n[ 1253.158755] Flags: NzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user\n[ 1253.165266] Control: 10c0383d Table: 5e71006a DAC: 00000055\n[ 1253.172472] Process swapper/0 (pid: 0, stack limit = 0x60870141)\n[ 1253.458055] [\u003c7f9387b8\u003e] (ath11k_spectral_process_data [ath11k]) from [\u003c7f917fdc\u003e] (ath11k_dbring_buffer_release_event+0x214/0x2e4 [ath11k])\n[ 1253.466139] [\u003c7f917fdc\u003e] (ath11k_dbring_buffer_release_event [ath11k]) from [\u003c7f8ea3c4\u003e] (ath11k_wmi_tlv_op_rx+0x1840/0x29cc [ath11k])\n[ 1253.478807] [\u003c7f8ea3c4\u003e] (ath11k_wmi_tlv_op_rx [ath11k]) from [\u003c7f8fe868\u003e] (ath11k_htc_rx_completion_handler+0x180/0x4e0 [ath11k])\n[ 1253.490699] [\u003c7f8fe868\u003e] (ath11k_htc_rx_completion_handler [ath11k]) from [\u003c7f91308c\u003e] (ath11k_ce_per_engine_service+0x2c4/0x3b4 [ath11k])\n[ 1253.502386] [\u003c7f91308c\u003e] (ath11k_ce_per_engine_service [ath11k]) from [\u003c7f9a4198\u003e] (ath11k_pci_ce_tasklet+0x28/0x80 [ath11k_pci])\n[ 1253.514811] [\u003c7f9a4198\u003e] (ath11k_pci_ce_tasklet [ath11k_pci]) from [\u003c8032227c\u003e] (tasklet_action_common.constprop.2+0x64/0xe8)\n[ 1253.526476] [\u003c8032227c\u003e] (tasklet_action_common.constprop.2) from [\u003c803021e8\u003e] (__do_softirq+0x130/0x2d0)\n[ 1253.537756] [\u003c803021e8\u003e] (__do_softirq) from [\u003c80322610\u003e] (irq_exit+0xcc/0xe8)\n[ 1253.547304] [\u003c80322610\u003e] (irq_exit) from [\u003c8036a4a4\u003e] (__handle_domain_irq+0x60/0xb4)\n[ 1253.554428] [\u003c8036a4a4\u003e] (__handle_domain_irq) from [\u003c805eb348\u003e] (gic_handle_irq+0x4c/0x90)\n[ 1253.562321] [\u003c805eb348\u003e] (gic_handle_irq) from [\u003c80301a78\u003e] (__irq_svc+0x58/0x8c)\n\nTested-on: QCN6122 hw1.0 AHB WLAN.HK.2.6.0.1-00851-QCAHKSWPL_SILICONZ-1"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:45.263Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/60afa4f4e1350c876d8a061182a70c224de275dd"
},
{
"url": "https://git.kernel.org/stable/c/451b9076903a057b7b8d5b24dc84b3e436a1c743"
},
{
"url": "https://git.kernel.org/stable/c/4b9c54caef58d2b55074710952cda70540722c01"
},
{
"url": "https://git.kernel.org/stable/c/8f15e67af9bec5a69e815e0230a70cffddae371a"
},
{
"url": "https://git.kernel.org/stable/c/161c64de239c7018e0295e7e0520a19f00aa32dc"
}
],
"title": "ath11k: disable spectral scan during spectral deinit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49523",
"datePublished": "2025-02-26T02:13:47.757Z",
"dateReserved": "2025-02-26T02:08:31.588Z",
"dateUpdated": "2025-10-01T19:46:41.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49073 (GCVE-0-2022-49073)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ata: sata_dwc_460ex: Fix crash due to OOB write
the driver uses libata's "tag" values from in various arrays.
Since the mentioned patch bumped the ATA_TAG_INTERNAL to 32,
the value of the SATA_DWC_QCMD_MAX needs to account for that.
Otherwise ATA_TAG_INTERNAL usage cause similar crashes like
this as reported by Tice Rex on the OpenWrt Forum and
reproduced (with symbols) here:
| BUG: Kernel NULL pointer dereference at 0x00000000
| Faulting instruction address: 0xc03ed4b8
| Oops: Kernel access of bad area, sig: 11 [#1]
| BE PAGE_SIZE=4K PowerPC 44x Platform
| CPU: 0 PID: 362 Comm: scsi_eh_1 Not tainted 5.4.163 #0
| NIP: c03ed4b8 LR: c03d27e8 CTR: c03ed36c
| REGS: cfa59950 TRAP: 0300 Not tainted (5.4.163)
| MSR: 00021000 <CE,ME> CR: 42000222 XER: 00000000
| DEAR: 00000000 ESR: 00000000
| GPR00: c03d27e8 cfa59a08 cfa55fe0 00000000 0fa46bc0 [...]
| [..]
| NIP [c03ed4b8] sata_dwc_qc_issue+0x14c/0x254
| LR [c03d27e8] ata_qc_issue+0x1c8/0x2dc
| Call Trace:
| [cfa59a08] [c003f4e0] __cancel_work_timer+0x124/0x194 (unreliable)
| [cfa59a78] [c03d27e8] ata_qc_issue+0x1c8/0x2dc
| [cfa59a98] [c03d2b3c] ata_exec_internal_sg+0x240/0x524
| [cfa59b08] [c03d2e98] ata_exec_internal+0x78/0xe0
| [cfa59b58] [c03d30fc] ata_read_log_page.part.38+0x1dc/0x204
| [cfa59bc8] [c03d324c] ata_identify_page_supported+0x68/0x130
| [...]
This is because sata_dwc_dma_xfer_complete() NULLs the
dma_pending's next neighbour "chan" (a *dma_chan struct) in
this '32' case right here (line ~735):
> hsdevp->dma_pending[tag] = SATA_DWC_DMA_PENDING_NONE;
Then the next time, a dma gets issued; dma_dwc_xfer_setup() passes
the NULL'd hsdevp->chan to the dmaengine_slave_config() which then
causes the crash.
With this patch, SATA_DWC_QCMD_MAX is now set to ATA_MAX_QUEUE + 1.
This avoids the OOB. But please note, there was a worthwhile discussion
on what ATA_TAG_INTERNAL and ATA_MAX_QUEUE is. And why there should not
be a "fake" 33 command-long queue size.
Ideally, the dw driver should account for the ATA_TAG_INTERNAL.
In Damien Le Moal's words: "... having looked at the driver, it
is a bigger change than just faking a 33rd "tag" that is in fact
not a command tag at all."
BugLink: https://github.com/openwrt/openwrt/issues/9505
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 28361c403683c2b00d4f5e76045f3ccd299bf99d Version: 28361c403683c2b00d4f5e76045f3ccd299bf99d Version: 28361c403683c2b00d4f5e76045f3ccd299bf99d Version: 28361c403683c2b00d4f5e76045f3ccd299bf99d Version: 28361c403683c2b00d4f5e76045f3ccd299bf99d Version: 28361c403683c2b00d4f5e76045f3ccd299bf99d Version: 28361c403683c2b00d4f5e76045f3ccd299bf99d |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/ata/sata_dwc_460ex.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "596c7efd69aae94f4b0e91172b075eb197958b99",
"status": "affected",
"version": "28361c403683c2b00d4f5e76045f3ccd299bf99d",
"versionType": "git"
},
{
"lessThan": "55e1465ba79562a191708a40eeae3f8082a209e3",
"status": "affected",
"version": "28361c403683c2b00d4f5e76045f3ccd299bf99d",
"versionType": "git"
},
{
"lessThan": "fc629224aa62f23849cae83717932985ac51232d",
"status": "affected",
"version": "28361c403683c2b00d4f5e76045f3ccd299bf99d",
"versionType": "git"
},
{
"lessThan": "8a05a6952ecd59aaa62cbdcdaf523ae2c8f436e8",
"status": "affected",
"version": "28361c403683c2b00d4f5e76045f3ccd299bf99d",
"versionType": "git"
},
{
"lessThan": "234c0132f76f0676d175757f61b0025191a3d935",
"status": "affected",
"version": "28361c403683c2b00d4f5e76045f3ccd299bf99d",
"versionType": "git"
},
{
"lessThan": "3a8751c0d4e24129e72dcec0139e99833b13904a",
"status": "affected",
"version": "28361c403683c2b00d4f5e76045f3ccd299bf99d",
"versionType": "git"
},
{
"lessThan": "7aa8104a554713b685db729e66511b93d989dd6a",
"status": "affected",
"version": "28361c403683c2b00d4f5e76045f3ccd299bf99d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/ata/sata_dwc_460ex.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: sata_dwc_460ex: Fix crash due to OOB write\n\nthe driver uses libata\u0027s \"tag\" values from in various arrays.\nSince the mentioned patch bumped the ATA_TAG_INTERNAL to 32,\nthe value of the SATA_DWC_QCMD_MAX needs to account for that.\n\nOtherwise ATA_TAG_INTERNAL usage cause similar crashes like\nthis as reported by Tice Rex on the OpenWrt Forum and\nreproduced (with symbols) here:\n\n| BUG: Kernel NULL pointer dereference at 0x00000000\n| Faulting instruction address: 0xc03ed4b8\n| Oops: Kernel access of bad area, sig: 11 [#1]\n| BE PAGE_SIZE=4K PowerPC 44x Platform\n| CPU: 0 PID: 362 Comm: scsi_eh_1 Not tainted 5.4.163 #0\n| NIP: c03ed4b8 LR: c03d27e8 CTR: c03ed36c\n| REGS: cfa59950 TRAP: 0300 Not tainted (5.4.163)\n| MSR: 00021000 \u003cCE,ME\u003e CR: 42000222 XER: 00000000\n| DEAR: 00000000 ESR: 00000000\n| GPR00: c03d27e8 cfa59a08 cfa55fe0 00000000 0fa46bc0 [...]\n| [..]\n| NIP [c03ed4b8] sata_dwc_qc_issue+0x14c/0x254\n| LR [c03d27e8] ata_qc_issue+0x1c8/0x2dc\n| Call Trace:\n| [cfa59a08] [c003f4e0] __cancel_work_timer+0x124/0x194 (unreliable)\n| [cfa59a78] [c03d27e8] ata_qc_issue+0x1c8/0x2dc\n| [cfa59a98] [c03d2b3c] ata_exec_internal_sg+0x240/0x524\n| [cfa59b08] [c03d2e98] ata_exec_internal+0x78/0xe0\n| [cfa59b58] [c03d30fc] ata_read_log_page.part.38+0x1dc/0x204\n| [cfa59bc8] [c03d324c] ata_identify_page_supported+0x68/0x130\n| [...]\n\nThis is because sata_dwc_dma_xfer_complete() NULLs the\ndma_pending\u0027s next neighbour \"chan\" (a *dma_chan struct) in\nthis \u002732\u0027 case right here (line ~735):\n\u003e hsdevp-\u003edma_pending[tag] = SATA_DWC_DMA_PENDING_NONE;\n\nThen the next time, a dma gets issued; dma_dwc_xfer_setup() passes\nthe NULL\u0027d hsdevp-\u003echan to the dmaengine_slave_config() which then\ncauses the crash.\n\nWith this patch, SATA_DWC_QCMD_MAX is now set to ATA_MAX_QUEUE + 1.\nThis avoids the OOB. But please note, there was a worthwhile discussion\non what ATA_TAG_INTERNAL and ATA_MAX_QUEUE is. And why there should not\nbe a \"fake\" 33 command-long queue size.\n\nIdeally, the dw driver should account for the ATA_TAG_INTERNAL.\nIn Damien Le Moal\u0027s words: \"... having looked at the driver, it\nis a bigger change than just faking a 33rd \"tag\" that is in fact\nnot a command tag at all.\"\n\nBugLink: https://github.com/openwrt/openwrt/issues/9505"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:08.797Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/596c7efd69aae94f4b0e91172b075eb197958b99"
},
{
"url": "https://git.kernel.org/stable/c/55e1465ba79562a191708a40eeae3f8082a209e3"
},
{
"url": "https://git.kernel.org/stable/c/fc629224aa62f23849cae83717932985ac51232d"
},
{
"url": "https://git.kernel.org/stable/c/8a05a6952ecd59aaa62cbdcdaf523ae2c8f436e8"
},
{
"url": "https://git.kernel.org/stable/c/234c0132f76f0676d175757f61b0025191a3d935"
},
{
"url": "https://git.kernel.org/stable/c/3a8751c0d4e24129e72dcec0139e99833b13904a"
},
{
"url": "https://git.kernel.org/stable/c/7aa8104a554713b685db729e66511b93d989dd6a"
}
],
"title": "ata: sata_dwc_460ex: Fix crash due to OOB write",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49073",
"datePublished": "2025-02-26T01:54:37.804Z",
"dateReserved": "2025-02-26T01:49:39.245Z",
"dateUpdated": "2025-05-04T08:29:08.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49082 (GCVE-0-2022-49082)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()
The function mpt3sas_transport_port_remove() called in
_scsih_expander_node_remove() frees the port field of the sas_expander
structure, leading to the following use-after-free splat from KASAN when
the ioc_info() call following that function is executed (e.g. when doing
rmmod of the driver module):
[ 3479.371167] ==================================================================
[ 3479.378496] BUG: KASAN: use-after-free in _scsih_expander_node_remove+0x710/0x750 [mpt3sas]
[ 3479.386936] Read of size 1 at addr ffff8881c037691c by task rmmod/1531
[ 3479.393524]
[ 3479.395035] CPU: 18 PID: 1531 Comm: rmmod Not tainted 5.17.0-rc8+ #1436
[ 3479.401712] Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.1 06/02/2021
[ 3479.409263] Call Trace:
[ 3479.411743] <TASK>
[ 3479.413875] dump_stack_lvl+0x45/0x59
[ 3479.417582] print_address_description.constprop.0+0x1f/0x120
[ 3479.423389] ? _scsih_expander_node_remove+0x710/0x750 [mpt3sas]
[ 3479.429469] kasan_report.cold+0x83/0xdf
[ 3479.433438] ? _scsih_expander_node_remove+0x710/0x750 [mpt3sas]
[ 3479.439514] _scsih_expander_node_remove+0x710/0x750 [mpt3sas]
[ 3479.445411] ? _raw_spin_unlock_irqrestore+0x2d/0x40
[ 3479.452032] scsih_remove+0x525/0xc90 [mpt3sas]
[ 3479.458212] ? mpt3sas_expander_remove+0x1d0/0x1d0 [mpt3sas]
[ 3479.465529] ? down_write+0xde/0x150
[ 3479.470746] ? up_write+0x14d/0x460
[ 3479.475840] ? kernfs_find_ns+0x137/0x310
[ 3479.481438] pci_device_remove+0x65/0x110
[ 3479.487013] __device_release_driver+0x316/0x680
[ 3479.493180] driver_detach+0x1ec/0x2d0
[ 3479.498499] bus_remove_driver+0xe7/0x2d0
[ 3479.504081] pci_unregister_driver+0x26/0x250
[ 3479.510033] _mpt3sas_exit+0x2b/0x6cf [mpt3sas]
[ 3479.516144] __x64_sys_delete_module+0x2fd/0x510
[ 3479.522315] ? free_module+0xaa0/0xaa0
[ 3479.527593] ? __cond_resched+0x1c/0x90
[ 3479.532951] ? lockdep_hardirqs_on_prepare+0x273/0x3e0
[ 3479.539607] ? syscall_enter_from_user_mode+0x21/0x70
[ 3479.546161] ? trace_hardirqs_on+0x1c/0x110
[ 3479.551828] do_syscall_64+0x35/0x80
[ 3479.556884] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3479.563402] RIP: 0033:0x7f1fc482483b
...
[ 3479.943087] ==================================================================
Fix this by introducing the local variable port_id to store the port ID
value before executing mpt3sas_transport_port_remove(). This local variable
is then used in the call to ioc_info() instead of dereferencing the freed
port structure.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:17:34.716925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:35.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/mpt3sas/mpt3sas_scsih.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "25c1353dca74ad7cf3fd7ce258fe7c957a147d5e",
"status": "affected",
"version": "7d310f241001e090cf1ec0f3ae836b38d8c6ebec",
"versionType": "git"
},
{
"lessThan": "17d66b1c92bcb41e72271ec60069d3684aaa1c9c",
"status": "affected",
"version": "7d310f241001e090cf1ec0f3ae836b38d8c6ebec",
"versionType": "git"
},
{
"lessThan": "1bb8a7fc64d63ec818e367e1b37676ea2ef2d20c",
"status": "affected",
"version": "7d310f241001e090cf1ec0f3ae836b38d8c6ebec",
"versionType": "git"
},
{
"lessThan": "87d663d40801dffc99a5ad3b0188ad3e2b4d1557",
"status": "affected",
"version": "7d310f241001e090cf1ec0f3ae836b38d8c6ebec",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/mpt3sas/mpt3sas_scsih.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()\n\nThe function mpt3sas_transport_port_remove() called in\n_scsih_expander_node_remove() frees the port field of the sas_expander\nstructure, leading to the following use-after-free splat from KASAN when\nthe ioc_info() call following that function is executed (e.g. when doing\nrmmod of the driver module):\n\n[ 3479.371167] ==================================================================\n[ 3479.378496] BUG: KASAN: use-after-free in _scsih_expander_node_remove+0x710/0x750 [mpt3sas]\n[ 3479.386936] Read of size 1 at addr ffff8881c037691c by task rmmod/1531\n[ 3479.393524]\n[ 3479.395035] CPU: 18 PID: 1531 Comm: rmmod Not tainted 5.17.0-rc8+ #1436\n[ 3479.401712] Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.1 06/02/2021\n[ 3479.409263] Call Trace:\n[ 3479.411743] \u003cTASK\u003e\n[ 3479.413875] dump_stack_lvl+0x45/0x59\n[ 3479.417582] print_address_description.constprop.0+0x1f/0x120\n[ 3479.423389] ? _scsih_expander_node_remove+0x710/0x750 [mpt3sas]\n[ 3479.429469] kasan_report.cold+0x83/0xdf\n[ 3479.433438] ? _scsih_expander_node_remove+0x710/0x750 [mpt3sas]\n[ 3479.439514] _scsih_expander_node_remove+0x710/0x750 [mpt3sas]\n[ 3479.445411] ? _raw_spin_unlock_irqrestore+0x2d/0x40\n[ 3479.452032] scsih_remove+0x525/0xc90 [mpt3sas]\n[ 3479.458212] ? mpt3sas_expander_remove+0x1d0/0x1d0 [mpt3sas]\n[ 3479.465529] ? down_write+0xde/0x150\n[ 3479.470746] ? up_write+0x14d/0x460\n[ 3479.475840] ? kernfs_find_ns+0x137/0x310\n[ 3479.481438] pci_device_remove+0x65/0x110\n[ 3479.487013] __device_release_driver+0x316/0x680\n[ 3479.493180] driver_detach+0x1ec/0x2d0\n[ 3479.498499] bus_remove_driver+0xe7/0x2d0\n[ 3479.504081] pci_unregister_driver+0x26/0x250\n[ 3479.510033] _mpt3sas_exit+0x2b/0x6cf [mpt3sas]\n[ 3479.516144] __x64_sys_delete_module+0x2fd/0x510\n[ 3479.522315] ? free_module+0xaa0/0xaa0\n[ 3479.527593] ? __cond_resched+0x1c/0x90\n[ 3479.532951] ? lockdep_hardirqs_on_prepare+0x273/0x3e0\n[ 3479.539607] ? syscall_enter_from_user_mode+0x21/0x70\n[ 3479.546161] ? trace_hardirqs_on+0x1c/0x110\n[ 3479.551828] do_syscall_64+0x35/0x80\n[ 3479.556884] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 3479.563402] RIP: 0033:0x7f1fc482483b\n...\n[ 3479.943087] ==================================================================\n\nFix this by introducing the local variable port_id to store the port ID\nvalue before executing mpt3sas_transport_port_remove(). This local variable\nis then used in the call to ioc_info() instead of dereferencing the freed\nport structure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:20.299Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/25c1353dca74ad7cf3fd7ce258fe7c957a147d5e"
},
{
"url": "https://git.kernel.org/stable/c/17d66b1c92bcb41e72271ec60069d3684aaa1c9c"
},
{
"url": "https://git.kernel.org/stable/c/1bb8a7fc64d63ec818e367e1b37676ea2ef2d20c"
},
{
"url": "https://git.kernel.org/stable/c/87d663d40801dffc99a5ad3b0188ad3e2b4d1557"
}
],
"title": "scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49082",
"datePublished": "2025-02-26T01:54:42.101Z",
"dateReserved": "2025-02-26T01:49:39.247Z",
"dateUpdated": "2025-05-04T08:29:20.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49649 (GCVE-0-2022-49649)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
xenvif_rx_next_skb() is expecting the rx queue not being empty, but
in case the loop in xenvif_rx_action() is doing multiple iterations,
the availability of another skb in the rx queue is not being checked.
This can lead to crashes:
[40072.537261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
[40072.537407] IP: xenvif_rx_skb+0x23/0x590 [xen_netback]
[40072.537534] PGD 0 P4D 0
[40072.537644] Oops: 0000 [#1] SMP NOPTI
[40072.537749] CPU: 0 PID: 12505 Comm: v1-c40247-q2-gu Not tainted 4.12.14-122.121-default #1 SLE12-SP5
[40072.537867] Hardware name: HP ProLiant DL580 Gen9/ProLiant DL580 Gen9, BIOS U17 11/23/2021
[40072.537999] task: ffff880433b38100 task.stack: ffffc90043d40000
[40072.538112] RIP: e030:xenvif_rx_skb+0x23/0x590 [xen_netback]
[40072.538217] RSP: e02b:ffffc90043d43de0 EFLAGS: 00010246
[40072.538319] RAX: 0000000000000000 RBX: ffffc90043cd7cd0 RCX: 00000000000000f7
[40072.538430] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffc90043d43df8
[40072.538531] RBP: 000000000000003f R08: 000077ff80000000 R09: 0000000000000008
[40072.538644] R10: 0000000000007ff0 R11: 00000000000008f6 R12: ffffc90043ce2708
[40072.538745] R13: 0000000000000000 R14: ffffc90043d43ed0 R15: ffff88043ea748c0
[40072.538861] FS: 0000000000000000(0000) GS:ffff880484600000(0000) knlGS:0000000000000000
[40072.538988] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[40072.539088] CR2: 0000000000000080 CR3: 0000000407ac8000 CR4: 0000000000040660
[40072.539211] Call Trace:
[40072.539319] xenvif_rx_action+0x71/0x90 [xen_netback]
[40072.539429] xenvif_kthread_guest_rx+0x14a/0x29c [xen_netback]
Fix that by stopping the loop in case the rx queue becomes empty.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 98f6d57ced73b723551568262019f1d6c8771f20 Version: 98f6d57ced73b723551568262019f1d6c8771f20 Version: 98f6d57ced73b723551568262019f1d6c8771f20 Version: 98f6d57ced73b723551568262019f1d6c8771f20 Version: 98f6d57ced73b723551568262019f1d6c8771f20 Version: 98f6d57ced73b723551568262019f1d6c8771f20 Version: 98f6d57ced73b723551568262019f1d6c8771f20 Version: 98f6d57ced73b723551568262019f1d6c8771f20 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:44.927179Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:48.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/xen-netback/rx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c0fcceb5f3f1ec197c014fe218c2f28108cacd27",
"status": "affected",
"version": "98f6d57ced73b723551568262019f1d6c8771f20",
"versionType": "git"
},
{
"lessThan": "d5320c6a27aa975aff740f9cb481dcbde48f4348",
"status": "affected",
"version": "98f6d57ced73b723551568262019f1d6c8771f20",
"versionType": "git"
},
{
"lessThan": "5a071aefd6414af5a20321ab58a0557b81993687",
"status": "affected",
"version": "98f6d57ced73b723551568262019f1d6c8771f20",
"versionType": "git"
},
{
"lessThan": "7425479d20f9e96f7c3ec8e8a93fe0d7478724cb",
"status": "affected",
"version": "98f6d57ced73b723551568262019f1d6c8771f20",
"versionType": "git"
},
{
"lessThan": "b9c32a6886af79d6e0ad87a7b01800ed079cdd02",
"status": "affected",
"version": "98f6d57ced73b723551568262019f1d6c8771f20",
"versionType": "git"
},
{
"lessThan": "b99174ac57fe5d8867448c03b23828e63f24cb1c",
"status": "affected",
"version": "98f6d57ced73b723551568262019f1d6c8771f20",
"versionType": "git"
},
{
"lessThan": "f0b5c819b062df8bf5f2acf4697e3871cb3722da",
"status": "affected",
"version": "98f6d57ced73b723551568262019f1d6c8771f20",
"versionType": "git"
},
{
"lessThan": "94e8100678889ab428e68acadf042de723f094b9",
"status": "affected",
"version": "98f6d57ced73b723551568262019f1d6c8771f20",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/xen-netback/rx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.289",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.324",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.289",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.253",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue\n\nxenvif_rx_next_skb() is expecting the rx queue not being empty, but\nin case the loop in xenvif_rx_action() is doing multiple iterations,\nthe availability of another skb in the rx queue is not being checked.\n\nThis can lead to crashes:\n\n[40072.537261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080\n[40072.537407] IP: xenvif_rx_skb+0x23/0x590 [xen_netback]\n[40072.537534] PGD 0 P4D 0\n[40072.537644] Oops: 0000 [#1] SMP NOPTI\n[40072.537749] CPU: 0 PID: 12505 Comm: v1-c40247-q2-gu Not tainted 4.12.14-122.121-default #1 SLE12-SP5\n[40072.537867] Hardware name: HP ProLiant DL580 Gen9/ProLiant DL580 Gen9, BIOS U17 11/23/2021\n[40072.537999] task: ffff880433b38100 task.stack: ffffc90043d40000\n[40072.538112] RIP: e030:xenvif_rx_skb+0x23/0x590 [xen_netback]\n[40072.538217] RSP: e02b:ffffc90043d43de0 EFLAGS: 00010246\n[40072.538319] RAX: 0000000000000000 RBX: ffffc90043cd7cd0 RCX: 00000000000000f7\n[40072.538430] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffc90043d43df8\n[40072.538531] RBP: 000000000000003f R08: 000077ff80000000 R09: 0000000000000008\n[40072.538644] R10: 0000000000007ff0 R11: 00000000000008f6 R12: ffffc90043ce2708\n[40072.538745] R13: 0000000000000000 R14: ffffc90043d43ed0 R15: ffff88043ea748c0\n[40072.538861] FS: 0000000000000000(0000) GS:ffff880484600000(0000) knlGS:0000000000000000\n[40072.538988] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033\n[40072.539088] CR2: 0000000000000080 CR3: 0000000407ac8000 CR4: 0000000000040660\n[40072.539211] Call Trace:\n[40072.539319] xenvif_rx_action+0x71/0x90 [xen_netback]\n[40072.539429] xenvif_kthread_guest_rx+0x14a/0x29c [xen_netback]\n\nFix that by stopping the loop in case the rx queue becomes empty."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:33.632Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c0fcceb5f3f1ec197c014fe218c2f28108cacd27"
},
{
"url": "https://git.kernel.org/stable/c/d5320c6a27aa975aff740f9cb481dcbde48f4348"
},
{
"url": "https://git.kernel.org/stable/c/5a071aefd6414af5a20321ab58a0557b81993687"
},
{
"url": "https://git.kernel.org/stable/c/7425479d20f9e96f7c3ec8e8a93fe0d7478724cb"
},
{
"url": "https://git.kernel.org/stable/c/b9c32a6886af79d6e0ad87a7b01800ed079cdd02"
},
{
"url": "https://git.kernel.org/stable/c/b99174ac57fe5d8867448c03b23828e63f24cb1c"
},
{
"url": "https://git.kernel.org/stable/c/f0b5c819b062df8bf5f2acf4697e3871cb3722da"
},
{
"url": "https://git.kernel.org/stable/c/94e8100678889ab428e68acadf042de723f094b9"
}
],
"title": "xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49649",
"datePublished": "2025-02-26T02:23:52.531Z",
"dateReserved": "2025-02-26T02:21:30.433Z",
"dateUpdated": "2025-10-01T19:36:48.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49628 (GCVE-0-2022-49628)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: fix leaks in probe
These two error paths should clean up before returning.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/dwmac-ingenic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f4bd3202a2b4194ab6c0ce61628095d54f994db4",
"status": "affected",
"version": "2bb4b98b60d7dc89fc0a5bb64534be348ab654df",
"versionType": "git"
},
{
"lessThan": "dd91bc60f305610401b2196bedb573693d6c8e46",
"status": "affected",
"version": "2bb4b98b60d7dc89fc0a5bb64534be348ab654df",
"versionType": "git"
},
{
"lessThan": "23aa6d5088e3bd65de77c5c307237b9937f8b48a",
"status": "affected",
"version": "2bb4b98b60d7dc89fc0a5bb64534be348ab654df",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/dwmac-ingenic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix leaks in probe\n\nThese two error paths should clean up before returning."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:07.742Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f4bd3202a2b4194ab6c0ce61628095d54f994db4"
},
{
"url": "https://git.kernel.org/stable/c/dd91bc60f305610401b2196bedb573693d6c8e46"
},
{
"url": "https://git.kernel.org/stable/c/23aa6d5088e3bd65de77c5c307237b9937f8b48a"
}
],
"title": "net: stmmac: fix leaks in probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49628",
"datePublished": "2025-02-26T02:23:42.241Z",
"dateReserved": "2025-02-26T02:21:30.422Z",
"dateUpdated": "2025-05-04T08:42:07.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49611 (GCVE-0-2022-49611)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/speculation: Fill RSB on vmexit for IBRS
Prevent RSB underflow/poisoning attacks with RSB. While at it, add a
bunch of comments to attempt to document the current state of tribal
knowledge about RSB attacks and what exactly is being mitigated.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/include/asm/cpufeatures.h",
"arch/x86/kernel/cpu/bugs.c",
"arch/x86/kvm/vmx/vmenter.S"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3d323b99ff5c8c57005184056d65f6af5b0479d8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f744b88dfc201bf8092833ec70b23c720188b527",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "17a9fc4a7b91f8599223631bb6ae6416bc0de1c0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4d7f72b6e1bc630bec7e4cd51814bc2b092bf153",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8d5cff499a6d740c91ff37963907e0e983c37f0f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8c38306e2e9257af4af2819aa287a4711ff36329",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9756bba28470722dacb79ffce554336dd1f6a6cd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/include/asm/cpufeatures.h",
"arch/x86/kernel/cpu/bugs.c",
"arch/x86/kvm/vmx/vmenter.S"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.266",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.133",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/speculation: Fill RSB on vmexit for IBRS\n\nPrevent RSB underflow/poisoning attacks with RSB. While at it, add a\nbunch of comments to attempt to document the current state of tribal\nknowledge about RSB attacks and what exactly is being mitigated."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:45.892Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3d323b99ff5c8c57005184056d65f6af5b0479d8"
},
{
"url": "https://git.kernel.org/stable/c/f744b88dfc201bf8092833ec70b23c720188b527"
},
{
"url": "https://git.kernel.org/stable/c/17a9fc4a7b91f8599223631bb6ae6416bc0de1c0"
},
{
"url": "https://git.kernel.org/stable/c/4d7f72b6e1bc630bec7e4cd51814bc2b092bf153"
},
{
"url": "https://git.kernel.org/stable/c/8d5cff499a6d740c91ff37963907e0e983c37f0f"
},
{
"url": "https://git.kernel.org/stable/c/8c38306e2e9257af4af2819aa287a4711ff36329"
},
{
"url": "https://git.kernel.org/stable/c/9756bba28470722dacb79ffce554336dd1f6a6cd"
}
],
"title": "x86/speculation: Fill RSB on vmexit for IBRS",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49611",
"datePublished": "2025-02-26T02:23:33.779Z",
"dateReserved": "2025-02-26T02:21:30.418Z",
"dateUpdated": "2025-05-04T08:41:45.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49314 (GCVE-0-2022-49314)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: Fix a possible resource leak in icom_probe
When pci_read_config_dword failed, call pci_release_regions() and
pci_disable_device() to recycle the resource previously allocated.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:06.570220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:57.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/icom.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f4c836d90da1ece88905d62ce2ce39a962f25d1a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d703d912a985c1c5b50dd38c3181fc3540fa77cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a2df0b4d080cc770b4da7bff487048c803dfd07e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8c014373f178a4f13a08e045ef63bdb23f62e892",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cb7147afd328c07edeeee287710d8d96ac0459f5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f9b2e4ca88cab1a96b86ecd45544e488ca43faf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "23e155b51d403c0ccedc60c0d6c3c452afed07fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9a8305f357a8d03698fc7bc855ff9c6865d5486b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ee157a79e7c82b01ae4c25de0ac75899801f322c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/icom.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: Fix a possible resource leak in icom_probe\n\nWhen pci_read_config_dword failed, call pci_release_regions() and\npci_disable_device() to recycle the resource previously allocated."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:00.853Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f4c836d90da1ece88905d62ce2ce39a962f25d1a"
},
{
"url": "https://git.kernel.org/stable/c/d703d912a985c1c5b50dd38c3181fc3540fa77cb"
},
{
"url": "https://git.kernel.org/stable/c/a2df0b4d080cc770b4da7bff487048c803dfd07e"
},
{
"url": "https://git.kernel.org/stable/c/8c014373f178a4f13a08e045ef63bdb23f62e892"
},
{
"url": "https://git.kernel.org/stable/c/cb7147afd328c07edeeee287710d8d96ac0459f5"
},
{
"url": "https://git.kernel.org/stable/c/5f9b2e4ca88cab1a96b86ecd45544e488ca43faf"
},
{
"url": "https://git.kernel.org/stable/c/23e155b51d403c0ccedc60c0d6c3c452afed07fe"
},
{
"url": "https://git.kernel.org/stable/c/9a8305f357a8d03698fc7bc855ff9c6865d5486b"
},
{
"url": "https://git.kernel.org/stable/c/ee157a79e7c82b01ae4c25de0ac75899801f322c"
}
],
"title": "tty: Fix a possible resource leak in icom_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49314",
"datePublished": "2025-02-26T02:10:42.594Z",
"dateReserved": "2025-02-26T02:08:31.536Z",
"dateUpdated": "2025-10-01T19:46:57.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49438 (GCVE-0-2022-49438)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Input: sparcspkr - fix refcount leak in bbc_beep_probe
of_find_node_by_path() calls of_find_node_opts_by_path(),
which returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9c1a5077fdca99356c891af37931e537dea874f5 Version: 9c1a5077fdca99356c891af37931e537dea874f5 Version: 9c1a5077fdca99356c891af37931e537dea874f5 Version: 9c1a5077fdca99356c891af37931e537dea874f5 Version: 9c1a5077fdca99356c891af37931e537dea874f5 Version: 9c1a5077fdca99356c891af37931e537dea874f5 Version: 9c1a5077fdca99356c891af37931e537dea874f5 Version: 9c1a5077fdca99356c891af37931e537dea874f5 Version: 9c1a5077fdca99356c891af37931e537dea874f5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:02.614022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:49.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/input/misc/sparcspkr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2f51db16cb740ff90086189a1ef2581eab665591",
"status": "affected",
"version": "9c1a5077fdca99356c891af37931e537dea874f5",
"versionType": "git"
},
{
"lessThan": "f13064b0f2c651a3fbb0749932795c6fd21556a8",
"status": "affected",
"version": "9c1a5077fdca99356c891af37931e537dea874f5",
"versionType": "git"
},
{
"lessThan": "353bc58ac6c782d4dcde9136a91d1f90867938fe",
"status": "affected",
"version": "9c1a5077fdca99356c891af37931e537dea874f5",
"versionType": "git"
},
{
"lessThan": "bbc2b0ce6042dd3117827f10ea8cb67e0ab786da",
"status": "affected",
"version": "9c1a5077fdca99356c891af37931e537dea874f5",
"versionType": "git"
},
{
"lessThan": "6e07ccc7d56130f760d23f67a70c45366c07debc",
"status": "affected",
"version": "9c1a5077fdca99356c891af37931e537dea874f5",
"versionType": "git"
},
{
"lessThan": "418b6a3e12f75638abc5673eb76cb32127d0ab13",
"status": "affected",
"version": "9c1a5077fdca99356c891af37931e537dea874f5",
"versionType": "git"
},
{
"lessThan": "73d6f42d8d86648bec2e73d34fe1648cb6d23e08",
"status": "affected",
"version": "9c1a5077fdca99356c891af37931e537dea874f5",
"versionType": "git"
},
{
"lessThan": "1124e39fea0e2fdb4202f95b716cb97cc7de7cc7",
"status": "affected",
"version": "9c1a5077fdca99356c891af37931e537dea874f5",
"versionType": "git"
},
{
"lessThan": "c8994b30d71d64d5dcc9bc0edbfdf367171aa96f",
"status": "affected",
"version": "9c1a5077fdca99356c891af37931e537dea874f5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/input/misc/sparcspkr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.26"
},
{
"lessThan": "2.6.26",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "2.6.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: sparcspkr - fix refcount leak in bbc_beep_probe\n\nof_find_node_by_path() calls of_find_node_opts_by_path(),\nwhich returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:39.980Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f51db16cb740ff90086189a1ef2581eab665591"
},
{
"url": "https://git.kernel.org/stable/c/f13064b0f2c651a3fbb0749932795c6fd21556a8"
},
{
"url": "https://git.kernel.org/stable/c/353bc58ac6c782d4dcde9136a91d1f90867938fe"
},
{
"url": "https://git.kernel.org/stable/c/bbc2b0ce6042dd3117827f10ea8cb67e0ab786da"
},
{
"url": "https://git.kernel.org/stable/c/6e07ccc7d56130f760d23f67a70c45366c07debc"
},
{
"url": "https://git.kernel.org/stable/c/418b6a3e12f75638abc5673eb76cb32127d0ab13"
},
{
"url": "https://git.kernel.org/stable/c/73d6f42d8d86648bec2e73d34fe1648cb6d23e08"
},
{
"url": "https://git.kernel.org/stable/c/1124e39fea0e2fdb4202f95b716cb97cc7de7cc7"
},
{
"url": "https://git.kernel.org/stable/c/c8994b30d71d64d5dcc9bc0edbfdf367171aa96f"
}
],
"title": "Input: sparcspkr - fix refcount leak in bbc_beep_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49438",
"datePublished": "2025-02-26T02:12:53.007Z",
"dateReserved": "2025-02-26T02:08:31.570Z",
"dateUpdated": "2025-10-01T19:46:49.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49165 (GCVE-0-2022-49165)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers
If the application queues an NV12M jpeg as output buffer, but then
queues a single planar capture buffer, the kernel will crash with
"Unable to handle kernel NULL pointer dereference" in mxc_jpeg_addrs,
prevent this by finishing the job with error.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/imx-jpeg/mxc-jpeg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eff76b180751e5e55c872d17755680c3b83ba9ab",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
},
{
"lessThan": "8d075ede7d24f19dc817c5bd517a53f0524f9031",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
},
{
"lessThan": "4eb591c47c82a6a6ad293ed108c3cb77115fbc25",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
},
{
"lessThan": "417591a766b3c040c346044541ff949c0b2bb7b2",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/imx-jpeg/mxc-jpeg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers\n\nIf the application queues an NV12M jpeg as output buffer, but then\nqueues a single planar capture buffer, the kernel will crash with\n\"Unable to handle kernel NULL pointer dereference\" in mxc_jpeg_addrs,\nprevent this by finishing the job with error."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:23.412Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eff76b180751e5e55c872d17755680c3b83ba9ab"
},
{
"url": "https://git.kernel.org/stable/c/8d075ede7d24f19dc817c5bd517a53f0524f9031"
},
{
"url": "https://git.kernel.org/stable/c/4eb591c47c82a6a6ad293ed108c3cb77115fbc25"
},
{
"url": "https://git.kernel.org/stable/c/417591a766b3c040c346044541ff949c0b2bb7b2"
}
],
"title": "media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49165",
"datePublished": "2025-02-26T01:55:25.028Z",
"dateReserved": "2025-02-26T01:49:39.278Z",
"dateUpdated": "2025-05-04T08:31:23.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49532 (GCVE-0-2022-49532)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
drm_cvt_mode may return NULL and we should check it.
This bug is found by syzkaller:
FAULT_INJECTION stacktrace:
[ 168.567394] FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
[ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1
[ 168.567406] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[ 168.567408] Call trace:
[ 168.567414] dump_backtrace+0x0/0x310
[ 168.567418] show_stack+0x28/0x38
[ 168.567423] dump_stack+0xec/0x15c
[ 168.567427] should_fail+0x3ac/0x3d0
[ 168.567437] __should_failslab+0xb8/0x120
[ 168.567441] should_failslab+0x28/0xc0
[ 168.567445] kmem_cache_alloc_trace+0x50/0x640
[ 168.567454] drm_mode_create+0x40/0x90
[ 168.567458] drm_cvt_mode+0x48/0xc78
[ 168.567477] virtio_gpu_conn_get_modes+0xa8/0x140 [virtio_gpu]
[ 168.567485] drm_helper_probe_single_connector_modes+0x3a4/0xd80
[ 168.567492] drm_mode_getconnector+0x2e0/0xa70
[ 168.567496] drm_ioctl_kernel+0x11c/0x1d8
[ 168.567514] drm_ioctl+0x558/0x6d0
[ 168.567522] do_vfs_ioctl+0x160/0xf30
[ 168.567525] ksys_ioctl+0x98/0xd8
[ 168.567530] __arm64_sys_ioctl+0x50/0xc8
[ 168.567536] el0_svc_common+0xc8/0x320
[ 168.567540] el0_svc_handler+0xf8/0x160
[ 168.567544] el0_svc+0x10/0x218
KASAN stacktrace:
[ 168.567561] BUG: KASAN: null-ptr-deref in virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]
[ 168.567565] Read of size 4 at addr 0000000000000054 by task syz/6425
[ 168.567566]
[ 168.567571] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1
[ 168.567573] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[ 168.567575] Call trace:
[ 168.567578] dump_backtrace+0x0/0x310
[ 168.567582] show_stack+0x28/0x38
[ 168.567586] dump_stack+0xec/0x15c
[ 168.567591] kasan_report+0x244/0x2f0
[ 168.567594] __asan_load4+0x58/0xb0
[ 168.567607] virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]
[ 168.567612] drm_helper_probe_single_connector_modes+0x3a4/0xd80
[ 168.567617] drm_mode_getconnector+0x2e0/0xa70
[ 168.567621] drm_ioctl_kernel+0x11c/0x1d8
[ 168.567624] drm_ioctl+0x558/0x6d0
[ 168.567628] do_vfs_ioctl+0x160/0xf30
[ 168.567632] ksys_ioctl+0x98/0xd8
[ 168.567636] __arm64_sys_ioctl+0x50/0xc8
[ 168.567641] el0_svc_common+0xc8/0x320
[ 168.567645] el0_svc_handler+0xf8/0x160
[ 168.567649] el0_svc+0x10/0x218
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:37:52.324584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:41.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/virtio/virtgpu_display.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e0828456578cc8ba0a69147f7ae3428392eec287",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "848dd072744ea662ab3097e3c8282bee552df218",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "edafcad84c4134ebec4bc24b29ca4497a1184eea",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f85cb059fad03a3b33a50023be91e944bb065ae8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fadc626cae99aaa1325094edc6a9e2b883f3e562",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "32e10aabc287f09a148ff759bb9ce70b01b0012c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c51d00472fa54b9b05c17789ed665c17adf3a25d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0f8bc147a963686b7351aa35d1701124ffacac08",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "194d250cdc4a40ccbd179afd522a9e9846957402",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/virtio/virtgpu_display.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes\n\ndrm_cvt_mode may return NULL and we should check it.\n\nThis bug is found by syzkaller:\n\nFAULT_INJECTION stacktrace:\n[ 168.567394] FAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 1\n[ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1\n[ 168.567406] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n[ 168.567408] Call trace:\n[ 168.567414] dump_backtrace+0x0/0x310\n[ 168.567418] show_stack+0x28/0x38\n[ 168.567423] dump_stack+0xec/0x15c\n[ 168.567427] should_fail+0x3ac/0x3d0\n[ 168.567437] __should_failslab+0xb8/0x120\n[ 168.567441] should_failslab+0x28/0xc0\n[ 168.567445] kmem_cache_alloc_trace+0x50/0x640\n[ 168.567454] drm_mode_create+0x40/0x90\n[ 168.567458] drm_cvt_mode+0x48/0xc78\n[ 168.567477] virtio_gpu_conn_get_modes+0xa8/0x140 [virtio_gpu]\n[ 168.567485] drm_helper_probe_single_connector_modes+0x3a4/0xd80\n[ 168.567492] drm_mode_getconnector+0x2e0/0xa70\n[ 168.567496] drm_ioctl_kernel+0x11c/0x1d8\n[ 168.567514] drm_ioctl+0x558/0x6d0\n[ 168.567522] do_vfs_ioctl+0x160/0xf30\n[ 168.567525] ksys_ioctl+0x98/0xd8\n[ 168.567530] __arm64_sys_ioctl+0x50/0xc8\n[ 168.567536] el0_svc_common+0xc8/0x320\n[ 168.567540] el0_svc_handler+0xf8/0x160\n[ 168.567544] el0_svc+0x10/0x218\n\nKASAN stacktrace:\n[ 168.567561] BUG: KASAN: null-ptr-deref in virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]\n[ 168.567565] Read of size 4 at addr 0000000000000054 by task syz/6425\n[ 168.567566]\n[ 168.567571] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1\n[ 168.567573] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n[ 168.567575] Call trace:\n[ 168.567578] dump_backtrace+0x0/0x310\n[ 168.567582] show_stack+0x28/0x38\n[ 168.567586] dump_stack+0xec/0x15c\n[ 168.567591] kasan_report+0x244/0x2f0\n[ 168.567594] __asan_load4+0x58/0xb0\n[ 168.567607] virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]\n[ 168.567612] drm_helper_probe_single_connector_modes+0x3a4/0xd80\n[ 168.567617] drm_mode_getconnector+0x2e0/0xa70\n[ 168.567621] drm_ioctl_kernel+0x11c/0x1d8\n[ 168.567624] drm_ioctl+0x558/0x6d0\n[ 168.567628] do_vfs_ioctl+0x160/0xf30\n[ 168.567632] ksys_ioctl+0x98/0xd8\n[ 168.567636] __arm64_sys_ioctl+0x50/0xc8\n[ 168.567641] el0_svc_common+0xc8/0x320\n[ 168.567645] el0_svc_handler+0xf8/0x160\n[ 168.567649] el0_svc+0x10/0x218"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:57.117Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e0828456578cc8ba0a69147f7ae3428392eec287"
},
{
"url": "https://git.kernel.org/stable/c/848dd072744ea662ab3097e3c8282bee552df218"
},
{
"url": "https://git.kernel.org/stable/c/edafcad84c4134ebec4bc24b29ca4497a1184eea"
},
{
"url": "https://git.kernel.org/stable/c/f85cb059fad03a3b33a50023be91e944bb065ae8"
},
{
"url": "https://git.kernel.org/stable/c/fadc626cae99aaa1325094edc6a9e2b883f3e562"
},
{
"url": "https://git.kernel.org/stable/c/32e10aabc287f09a148ff759bb9ce70b01b0012c"
},
{
"url": "https://git.kernel.org/stable/c/c51d00472fa54b9b05c17789ed665c17adf3a25d"
},
{
"url": "https://git.kernel.org/stable/c/0f8bc147a963686b7351aa35d1701124ffacac08"
},
{
"url": "https://git.kernel.org/stable/c/194d250cdc4a40ccbd179afd522a9e9846957402"
}
],
"title": "drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49532",
"datePublished": "2025-02-26T02:13:52.013Z",
"dateReserved": "2025-02-26T02:08:31.589Z",
"dateUpdated": "2025-10-01T19:46:41.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49050 (GCVE-0-2022-49050)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
memory: renesas-rpc-if: fix platform-device leak in error path
Make sure to free the flash platform device in the event that
registration fails during probe.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/memory/renesas-rpc-if.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c089ffc846c85f200db34ad208338f4f81a6d82d",
"status": "affected",
"version": "ca7d8b980b67f133317525c4273e144116ee1ae5",
"versionType": "git"
},
{
"lessThan": "05d1824a7fb43ab9adb1eb82404954af81d8c984",
"status": "affected",
"version": "ca7d8b980b67f133317525c4273e144116ee1ae5",
"versionType": "git"
},
{
"lessThan": "66b9b707ea4dcafca92b6261c6924652914e3b73",
"status": "affected",
"version": "ca7d8b980b67f133317525c4273e144116ee1ae5",
"versionType": "git"
},
{
"lessThan": "b452dbf24d7d9a990d70118462925f6ee287d135",
"status": "affected",
"version": "ca7d8b980b67f133317525c4273e144116ee1ae5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/memory/renesas-rpc-if.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.112",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.35",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: renesas-rpc-if: fix platform-device leak in error path\n\nMake sure to free the flash platform device in the event that\nregistration fails during probe."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:40.501Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c089ffc846c85f200db34ad208338f4f81a6d82d"
},
{
"url": "https://git.kernel.org/stable/c/05d1824a7fb43ab9adb1eb82404954af81d8c984"
},
{
"url": "https://git.kernel.org/stable/c/66b9b707ea4dcafca92b6261c6924652914e3b73"
},
{
"url": "https://git.kernel.org/stable/c/b452dbf24d7d9a990d70118462925f6ee287d135"
}
],
"title": "memory: renesas-rpc-if: fix platform-device leak in error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49050",
"datePublished": "2025-02-26T01:54:25.392Z",
"dateReserved": "2025-02-26T01:49:39.242Z",
"dateUpdated": "2025-05-04T08:28:40.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49256 (GCVE-0-2022-49256)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: Actually free the watch
free_watch() does everything barring actually freeing the watch object. Fix
this by adding the missing kfree.
kmemleak produces a report something like the following. Note that as an
address can be seen in the first word, the watch would appear to have gone
through call_rcu().
BUG: memory leak
unreferenced object 0xffff88810ce4a200 (size 96):
comm "syz-executor352", pid 3605, jiffies 4294947473 (age 13.720s)
hex dump (first 32 bytes):
e0 82 48 0d 81 88 ff ff 00 00 00 00 00 00 00 00 ..H.............
80 a2 e4 0c 81 88 ff ff 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8214e6cc>] kmalloc include/linux/slab.h:581 [inline]
[<ffffffff8214e6cc>] kzalloc include/linux/slab.h:714 [inline]
[<ffffffff8214e6cc>] keyctl_watch_key+0xec/0x2e0 security/keys/keyctl.c:1800
[<ffffffff8214ec84>] __do_sys_keyctl+0x3c4/0x490 security/keys/keyctl.c:2016
[<ffffffff84493a25>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84493a25>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/watch_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9d92be1a09fbb3dd65600dbfe7eedb40e7228e4b",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "f69aecb49968e14196366bbe896eab0a904229f5",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "7e8c9b0df07a77f0d072603b8ced2677e30e1893",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "31824613a42aacdcbeb325bf07a1c8247a11ebe2",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "3d8dcf278b1ee1eff1e90be848fa2237db4c07a7",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/watch_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: Actually free the watch\n\nfree_watch() does everything barring actually freeing the watch object. Fix\nthis by adding the missing kfree.\n\nkmemleak produces a report something like the following. Note that as an\naddress can be seen in the first word, the watch would appear to have gone\nthrough call_rcu().\n\nBUG: memory leak\nunreferenced object 0xffff88810ce4a200 (size 96):\n comm \"syz-executor352\", pid 3605, jiffies 4294947473 (age 13.720s)\n hex dump (first 32 bytes):\n e0 82 48 0d 81 88 ff ff 00 00 00 00 00 00 00 00 ..H.............\n 80 a2 e4 0c 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffff8214e6cc\u003e] kmalloc include/linux/slab.h:581 [inline]\n [\u003cffffffff8214e6cc\u003e] kzalloc include/linux/slab.h:714 [inline]\n [\u003cffffffff8214e6cc\u003e] keyctl_watch_key+0xec/0x2e0 security/keys/keyctl.c:1800\n [\u003cffffffff8214ec84\u003e] __do_sys_keyctl+0x3c4/0x490 security/keys/keyctl.c:2016\n [\u003cffffffff84493a25\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [\u003cffffffff84493a25\u003e] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n [\u003cffffffff84600068\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:29.888Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9d92be1a09fbb3dd65600dbfe7eedb40e7228e4b"
},
{
"url": "https://git.kernel.org/stable/c/f69aecb49968e14196366bbe896eab0a904229f5"
},
{
"url": "https://git.kernel.org/stable/c/7e8c9b0df07a77f0d072603b8ced2677e30e1893"
},
{
"url": "https://git.kernel.org/stable/c/31824613a42aacdcbeb325bf07a1c8247a11ebe2"
},
{
"url": "https://git.kernel.org/stable/c/3d8dcf278b1ee1eff1e90be848fa2237db4c07a7"
}
],
"title": "watch_queue: Actually free the watch",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49256",
"datePublished": "2025-02-26T01:56:10.599Z",
"dateReserved": "2025-02-26T01:49:39.296Z",
"dateUpdated": "2025-05-04T08:33:29.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49288 (GCVE-0-2022-49288)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: Fix races among concurrent prealloc proc writes
We have no protection against concurrent PCM buffer preallocation
changes via proc files, and it may potentially lead to UAF or some
weird problem. This patch applies the PCM open_mutex to the proc
write operation for avoiding the racy proc writes and the PCM stream
open (and further operations).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:58:50.352103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:29.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/core/pcm_memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e7786c445bb67a9a6e64f66ebd6b7215b153ff7d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e14dca613e0a6ddc2bf6e360f16936a9f865205b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "37b12c16beb6f6c1c3c678c1aacbc46525c250f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b560d670c87d7d40b3cf6949246fa4c7aa65a00a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "51fce708ab8986a9879ee5da946a2cc120f1036d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a21d2f323b5a978dedf9ff1d50f101f85e39b3f2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5ed8f8e3c4e59d0396b9ccf2e639711e24295bb6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "69534c48ba8ce552ce383b3dfdb271ffe51820c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/core/pcm_memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.243",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix races among concurrent prealloc proc writes\n\nWe have no protection against concurrent PCM buffer preallocation\nchanges via proc files, and it may potentially lead to UAF or some\nweird problem. This patch applies the PCM open_mutex to the proc\nwrite operation for avoiding the racy proc writes and the PCM stream\nopen (and further operations)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:18.875Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e7786c445bb67a9a6e64f66ebd6b7215b153ff7d"
},
{
"url": "https://git.kernel.org/stable/c/e14dca613e0a6ddc2bf6e360f16936a9f865205b"
},
{
"url": "https://git.kernel.org/stable/c/37b12c16beb6f6c1c3c678c1aacbc46525c250f7"
},
{
"url": "https://git.kernel.org/stable/c/b560d670c87d7d40b3cf6949246fa4c7aa65a00a"
},
{
"url": "https://git.kernel.org/stable/c/51fce708ab8986a9879ee5da946a2cc120f1036d"
},
{
"url": "https://git.kernel.org/stable/c/a21d2f323b5a978dedf9ff1d50f101f85e39b3f2"
},
{
"url": "https://git.kernel.org/stable/c/5ed8f8e3c4e59d0396b9ccf2e639711e24295bb6"
},
{
"url": "https://git.kernel.org/stable/c/69534c48ba8ce552ce383b3dfdb271ffe51820c3"
}
],
"title": "ALSA: pcm: Fix races among concurrent prealloc proc writes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49288",
"datePublished": "2025-02-26T01:56:26.550Z",
"dateReserved": "2025-02-26T01:49:39.302Z",
"dateUpdated": "2025-05-04T08:34:18.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49193 (GCVE-0-2022-49193)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: fix 'scheduling while atomic' on aux critical err interrupt
There's a kernel BUG splat on processing aux critical error
interrupts in ice_misc_intr():
[ 2100.917085] BUG: scheduling while atomic: swapper/15/0/0x00010000
...
[ 2101.060770] Call Trace:
[ 2101.063229] <IRQ>
[ 2101.065252] dump_stack+0x41/0x60
[ 2101.068587] __schedule_bug.cold.100+0x4c/0x58
[ 2101.073060] __schedule+0x6a4/0x830
[ 2101.076570] schedule+0x35/0xa0
[ 2101.079727] schedule_preempt_disabled+0xa/0x10
[ 2101.084284] __mutex_lock.isra.7+0x310/0x420
[ 2101.088580] ? ice_misc_intr+0x201/0x2e0 [ice]
[ 2101.093078] ice_send_event_to_aux+0x25/0x70 [ice]
[ 2101.097921] ice_misc_intr+0x220/0x2e0 [ice]
[ 2101.102232] __handle_irq_event_percpu+0x40/0x180
[ 2101.106965] handle_irq_event_percpu+0x30/0x80
[ 2101.111434] handle_irq_event+0x36/0x53
[ 2101.115292] handle_edge_irq+0x82/0x190
[ 2101.119148] handle_irq+0x1c/0x30
[ 2101.122480] do_IRQ+0x49/0xd0
[ 2101.125465] common_interrupt+0xf/0xf
[ 2101.129146] </IRQ>
...
As Andrew correctly mentioned previously[0], the following call
ladder happens:
ice_misc_intr() <- hardirq
ice_send_event_to_aux()
device_lock()
mutex_lock()
might_sleep()
might_resched() <- oops
Add a new PF state bit which indicates that an aux critical error
occurred and serve it in ice_service_task() in process context.
The new ice_pf::oicr_err_reg is read-write in both hardirq and
process contexts, but only 3 bits of non-critical data probably
aren't worth explicit synchronizing (and they're even in the same
byte [31:24]).
[0] https://lore.kernel.org/all/YeSRUVmrdmlUXHDn@lunn.ch
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice.h",
"drivers/net/ethernet/intel/ice/ice_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9b77c8cf69a41d1e3851370aeaa04a9ea83b865c",
"status": "affected",
"version": "348048e724a0e8f08b63948d728d27596f6d3769",
"versionType": "git"
},
{
"lessThan": "24d7ac8426306ae7ccea7f7dd612a7368fe7201d",
"status": "affected",
"version": "348048e724a0e8f08b63948d728d27596f6d3769",
"versionType": "git"
},
{
"lessThan": "59e88a50afad7469c55804e46bf2924b9130281f",
"status": "affected",
"version": "348048e724a0e8f08b63948d728d27596f6d3769",
"versionType": "git"
},
{
"lessThan": "32d53c0aa3a7b727243473949bad2a830b908edc",
"status": "affected",
"version": "348048e724a0e8f08b63948d728d27596f6d3769",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice.h",
"drivers/net/ethernet/intel/ice/ice_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix \u0027scheduling while atomic\u0027 on aux critical err interrupt\n\nThere\u0027s a kernel BUG splat on processing aux critical error\ninterrupts in ice_misc_intr():\n\n[ 2100.917085] BUG: scheduling while atomic: swapper/15/0/0x00010000\n...\n[ 2101.060770] Call Trace:\n[ 2101.063229] \u003cIRQ\u003e\n[ 2101.065252] dump_stack+0x41/0x60\n[ 2101.068587] __schedule_bug.cold.100+0x4c/0x58\n[ 2101.073060] __schedule+0x6a4/0x830\n[ 2101.076570] schedule+0x35/0xa0\n[ 2101.079727] schedule_preempt_disabled+0xa/0x10\n[ 2101.084284] __mutex_lock.isra.7+0x310/0x420\n[ 2101.088580] ? ice_misc_intr+0x201/0x2e0 [ice]\n[ 2101.093078] ice_send_event_to_aux+0x25/0x70 [ice]\n[ 2101.097921] ice_misc_intr+0x220/0x2e0 [ice]\n[ 2101.102232] __handle_irq_event_percpu+0x40/0x180\n[ 2101.106965] handle_irq_event_percpu+0x30/0x80\n[ 2101.111434] handle_irq_event+0x36/0x53\n[ 2101.115292] handle_edge_irq+0x82/0x190\n[ 2101.119148] handle_irq+0x1c/0x30\n[ 2101.122480] do_IRQ+0x49/0xd0\n[ 2101.125465] common_interrupt+0xf/0xf\n[ 2101.129146] \u003c/IRQ\u003e\n...\n\nAs Andrew correctly mentioned previously[0], the following call\nladder happens:\n\nice_misc_intr() \u003c- hardirq\n ice_send_event_to_aux()\n device_lock()\n mutex_lock()\n might_sleep()\n might_resched() \u003c- oops\n\nAdd a new PF state bit which indicates that an aux critical error\noccurred and serve it in ice_service_task() in process context.\nThe new ice_pf::oicr_err_reg is read-write in both hardirq and\nprocess contexts, but only 3 bits of non-critical data probably\naren\u0027t worth explicit synchronizing (and they\u0027re even in the same\nbyte [31:24]).\n\n[0] https://lore.kernel.org/all/YeSRUVmrdmlUXHDn@lunn.ch"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:05.116Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9b77c8cf69a41d1e3851370aeaa04a9ea83b865c"
},
{
"url": "https://git.kernel.org/stable/c/24d7ac8426306ae7ccea7f7dd612a7368fe7201d"
},
{
"url": "https://git.kernel.org/stable/c/59e88a50afad7469c55804e46bf2924b9130281f"
},
{
"url": "https://git.kernel.org/stable/c/32d53c0aa3a7b727243473949bad2a830b908edc"
}
],
"title": "ice: fix \u0027scheduling while atomic\u0027 on aux critical err interrupt",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49193",
"datePublished": "2025-02-26T01:55:39.088Z",
"dateReserved": "2025-02-26T01:49:39.287Z",
"dateUpdated": "2025-05-04T08:32:05.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49208 (GCVE-0-2022-49208)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Prevent some integer underflows
My static checker complains that:
drivers/infiniband/hw/irdma/ctrl.c:3605 irdma_sc_ceq_init()
warn: can subtract underflow 'info->dev->hmc_fpm_misc.max_ceqs'?
It appears that "info->dev->hmc_fpm_misc.max_ceqs" comes from the firmware
in irdma_sc_parse_fpm_query_buf() so, yes, there is a chance that it could
be zero. Even if we trust the firmware, it's easy enough to change the
condition just as a hardenning measure.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:46:59.199426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:06.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/irdma/ctrl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d52dab6e03550f9c97121b0c11c0a3ed78ee76a4",
"status": "affected",
"version": "3f49d684256963d3f27dfb9d9ff228e2255be78d",
"versionType": "git"
},
{
"lessThan": "f21056f15bbeacab7b4b87af232f5599d1f2bff1",
"status": "affected",
"version": "3f49d684256963d3f27dfb9d9ff228e2255be78d",
"versionType": "git"
},
{
"lessThan": "7340c3675d7ac946f4019b84cd7c64ed542dfe4c",
"status": "affected",
"version": "3f49d684256963d3f27dfb9d9ff228e2255be78d",
"versionType": "git"
},
{
"lessThan": "6f6dbb819dfc1a35bcb8b709b5c83a3ea8beff75",
"status": "affected",
"version": "3f49d684256963d3f27dfb9d9ff228e2255be78d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/irdma/ctrl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Prevent some integer underflows\n\nMy static checker complains that:\n\n drivers/infiniband/hw/irdma/ctrl.c:3605 irdma_sc_ceq_init()\n warn: can subtract underflow \u0027info-\u003edev-\u003ehmc_fpm_misc.max_ceqs\u0027?\n\nIt appears that \"info-\u003edev-\u003ehmc_fpm_misc.max_ceqs\" comes from the firmware\nin irdma_sc_parse_fpm_query_buf() so, yes, there is a chance that it could\nbe zero. Even if we trust the firmware, it\u0027s easy enough to change the\ncondition just as a hardenning measure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:23.562Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d52dab6e03550f9c97121b0c11c0a3ed78ee76a4"
},
{
"url": "https://git.kernel.org/stable/c/f21056f15bbeacab7b4b87af232f5599d1f2bff1"
},
{
"url": "https://git.kernel.org/stable/c/7340c3675d7ac946f4019b84cd7c64ed542dfe4c"
},
{
"url": "https://git.kernel.org/stable/c/6f6dbb819dfc1a35bcb8b709b5c83a3ea8beff75"
}
],
"title": "RDMA/irdma: Prevent some integer underflows",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49208",
"datePublished": "2025-02-26T01:55:46.666Z",
"dateReserved": "2025-02-26T01:49:39.291Z",
"dateUpdated": "2025-10-01T19:47:06.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49313 (GCVE-0-2022-49313)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
There is a deadlock in oxu_bus_suspend(), which is shown below:
(Thread 1) | (Thread 2)
| timer_action()
oxu_bus_suspend() | mod_timer()
spin_lock_irq() //(1) | (wait a time)
... | oxu_watchdog()
del_timer_sync() | spin_lock_irq() //(2)
(wait timer to stop) | ...
We hold oxu->lock in position (1) of thread 1, and use
del_timer_sync() to wait timer to stop, but timer handler
also need oxu->lock in position (2) of thread 2. As a result,
oxu_bus_suspend() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_irq(), which could let timer handler to obtain
the needed lock.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:10.208294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:57.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/oxu210hp-hcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9b58d255f27b0ed6a2e43208960864d67579db58",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a3d380188bde8900c3f604e82b56572896499124",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f8242044c91cafbba9e320b0fb31abf2429a3221",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2dcec0bc142be2096af71a5703d63237127db204",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ffe9440d698274c6462d2e304562c6ddfc8c84df",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d888753872190abd18f68a7d77b9c7c367f0a7ab",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4187b291a76664a3c03d3f0d9bfadc8322881868",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b97aae8b43b718314012e8170b7e03dbfd2e7677",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4d378f2ae58138d4c55684e1d274e7dd94aa6524",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/oxu210hp-hcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: usb: host: Fix deadlock in oxu_bus_suspend()\n\nThere is a deadlock in oxu_bus_suspend(), which is shown below:\n\n (Thread 1) | (Thread 2)\n | timer_action()\noxu_bus_suspend() | mod_timer()\n spin_lock_irq() //(1) | (wait a time)\n ... | oxu_watchdog()\n del_timer_sync() | spin_lock_irq() //(2)\n (wait timer to stop) | ...\n\nWe hold oxu-\u003elock in position (1) of thread 1, and use\ndel_timer_sync() to wait timer to stop, but timer handler\nalso need oxu-\u003elock in position (2) of thread 2. As a result,\noxu_bus_suspend() will block forever.\n\nThis patch extracts del_timer_sync() from the protection of\nspin_lock_irq(), which could let timer handler to obtain\nthe needed lock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:59.093Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9b58d255f27b0ed6a2e43208960864d67579db58"
},
{
"url": "https://git.kernel.org/stable/c/a3d380188bde8900c3f604e82b56572896499124"
},
{
"url": "https://git.kernel.org/stable/c/f8242044c91cafbba9e320b0fb31abf2429a3221"
},
{
"url": "https://git.kernel.org/stable/c/2dcec0bc142be2096af71a5703d63237127db204"
},
{
"url": "https://git.kernel.org/stable/c/ffe9440d698274c6462d2e304562c6ddfc8c84df"
},
{
"url": "https://git.kernel.org/stable/c/d888753872190abd18f68a7d77b9c7c367f0a7ab"
},
{
"url": "https://git.kernel.org/stable/c/4187b291a76664a3c03d3f0d9bfadc8322881868"
},
{
"url": "https://git.kernel.org/stable/c/b97aae8b43b718314012e8170b7e03dbfd2e7677"
},
{
"url": "https://git.kernel.org/stable/c/4d378f2ae58138d4c55684e1d274e7dd94aa6524"
}
],
"title": "drivers: usb: host: Fix deadlock in oxu_bus_suspend()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49313",
"datePublished": "2025-02-26T02:10:42.109Z",
"dateReserved": "2025-02-26T02:08:31.536Z",
"dateUpdated": "2025-10-01T19:46:57.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49218 (GCVE-0-2022-49218)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/dp: Fix OOB read when handling Post Cursor2 register
The link_status array was not large enough to read the Adjust Request
Post Cursor2 register, so remove the common helper function to avoid
an OOB read, found with a -Warray-bounds build:
drivers/gpu/drm/drm_dp_helper.c: In function 'drm_dp_get_adjust_request_post_cursor':
drivers/gpu/drm/drm_dp_helper.c:59:27: error: array subscript 10 is outside array bounds of 'const u8[6]' {aka 'const unsigned char[6]'} [-Werror=array-bounds]
59 | return link_status[r - DP_LANE0_1_STATUS];
| ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
drivers/gpu/drm/drm_dp_helper.c:147:51: note: while referencing 'link_status'
147 | u8 drm_dp_get_adjust_request_post_cursor(const u8 link_status[DP_LINK_STATUS_SIZE],
| ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace the only user of the helper with an open-coded fetch and decode,
similar to drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49218",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:46:31.327734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:04.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/dp/drm_dp.c",
"drivers/gpu/drm/tegra/dp.c",
"include/drm/dp/drm_dp_helper.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "aeaed9a9fe694f8b1462fb81e2d33298c929180b",
"status": "affected",
"version": "79465e0ffeb9e4866939ea562bc55367be91e595",
"versionType": "git"
},
{
"lessThan": "a2151490cc6c57b368d7974ffd447a8b36ade639",
"status": "affected",
"version": "79465e0ffeb9e4866939ea562bc55367be91e595",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/dp/drm_dp.c",
"drivers/gpu/drm/tegra/dp.c",
"include/drm/dp/drm_dp_helper.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp: Fix OOB read when handling Post Cursor2 register\n\nThe link_status array was not large enough to read the Adjust Request\nPost Cursor2 register, so remove the common helper function to avoid\nan OOB read, found with a -Warray-bounds build:\n\ndrivers/gpu/drm/drm_dp_helper.c: In function \u0027drm_dp_get_adjust_request_post_cursor\u0027:\ndrivers/gpu/drm/drm_dp_helper.c:59:27: error: array subscript 10 is outside array bounds of \u0027const u8[6]\u0027 {aka \u0027const unsigned char[6]\u0027} [-Werror=array-bounds]\n 59 | return link_status[r - DP_LANE0_1_STATUS];\n | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~\ndrivers/gpu/drm/drm_dp_helper.c:147:51: note: while referencing \u0027link_status\u0027\n 147 | u8 drm_dp_get_adjust_request_post_cursor(const u8 link_status[DP_LINK_STATUS_SIZE],\n | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReplace the only user of the helper with an open-coded fetch and decode,\nsimilar to drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:35.949Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/aeaed9a9fe694f8b1462fb81e2d33298c929180b"
},
{
"url": "https://git.kernel.org/stable/c/a2151490cc6c57b368d7974ffd447a8b36ade639"
}
],
"title": "drm/dp: Fix OOB read when handling Post Cursor2 register",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49218",
"datePublished": "2025-02-26T01:55:51.646Z",
"dateReserved": "2025-02-26T01:49:39.292Z",
"dateUpdated": "2025-10-01T19:47:04.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49309 (GCVE-0-2022-49309)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-11-03 19:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback()
There is a deadlock in rtw_surveydone_event_callback(),
which is shown below:
(Thread 1) | (Thread 2)
| _set_timer()
rtw_surveydone_event_callback()| mod_timer()
spin_lock_bh() //(1) | (wait a time)
... | rtw_scan_timeout_handler()
del_timer_sync() | spin_lock_bh() //(2)
(wait timer to stop) | ...
We hold pmlmepriv->lock in position (1) of thread 1 and use
del_timer_sync() to wait timer to stop, but timer handler
also need pmlmepriv->lock in position (2) of thread 2.
As a result, rtw_surveydone_event_callback() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_bh(), which could let timer handler to obtain
the needed lock. What`s more, we change spin_lock_bh() in
rtw_scan_timeout_handler() to spin_lock_irq(). Otherwise,
spin_lock_bh() will also cause deadlock() in timer handler.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:51.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8723bs/core/rtw_mlme.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c84e5c819600ee0628f61b33d145258ae0f3d7a7",
"status": "affected",
"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b",
"versionType": "git"
},
{
"lessThan": "f89f6c3ebf69623b8ea48200bd690e9e210335a1",
"status": "affected",
"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b",
"versionType": "git"
},
{
"lessThan": "ce129d3efd181da5fd56f4360cc8827122afa67e",
"status": "affected",
"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b",
"versionType": "git"
},
{
"lessThan": "2c41f5c341853f84b7bc2f32605d4e2782e8c279",
"status": "affected",
"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b",
"versionType": "git"
},
{
"lessThan": "cc7ad0d77b51c872d629bcd98aea463a3c4109e7",
"status": "affected",
"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8723bs/core/rtw_mlme.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.237",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback()\n\nThere is a deadlock in rtw_surveydone_event_callback(),\nwhich is shown below:\n\n (Thread 1) | (Thread 2)\n | _set_timer()\nrtw_surveydone_event_callback()| mod_timer()\n spin_lock_bh() //(1) | (wait a time)\n ... | rtw_scan_timeout_handler()\n del_timer_sync() | spin_lock_bh() //(2)\n (wait timer to stop) | ...\n\nWe hold pmlmepriv-\u003elock in position (1) of thread 1 and use\ndel_timer_sync() to wait timer to stop, but timer handler\nalso need pmlmepriv-\u003elock in position (2) of thread 2.\nAs a result, rtw_surveydone_event_callback() will block forever.\n\nThis patch extracts del_timer_sync() from the protection of\nspin_lock_bh(), which could let timer handler to obtain\nthe needed lock. What`s more, we change spin_lock_bh() in\nrtw_scan_timeout_handler() to spin_lock_irq(). Otherwise,\nspin_lock_bh() will also cause deadlock() in timer handler."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:54.201Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c84e5c819600ee0628f61b33d145258ae0f3d7a7"
},
{
"url": "https://git.kernel.org/stable/c/f89f6c3ebf69623b8ea48200bd690e9e210335a1"
},
{
"url": "https://git.kernel.org/stable/c/ce129d3efd181da5fd56f4360cc8827122afa67e"
},
{
"url": "https://git.kernel.org/stable/c/2c41f5c341853f84b7bc2f32605d4e2782e8c279"
},
{
"url": "https://git.kernel.org/stable/c/cc7ad0d77b51c872d629bcd98aea463a3c4109e7"
}
],
"title": "drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49309",
"datePublished": "2025-02-26T02:10:40.167Z",
"dateReserved": "2025-02-26T02:08:31.536Z",
"dateUpdated": "2025-11-03T19:27:51.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47659 (GCVE-0-2021-47659)
Vulnerability from cvelistv5
Published
2025-02-26 02:05
Modified
2025-05-16 07:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/plane: Move range check for format_count earlier
While the check for format_count > 64 in __drm_universal_plane_init()
shouldn't be hit (it's a WARN_ON), in its current position it will then
leak the plane->format_types array and fail to call
drm_mode_object_unregister() leaking the modeset identifier. Move it to
the start of the function to avoid allocating those resources in the
first place.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e6fc3b68558e4c6d8d160b5daf2511b99afa8814 Version: e6fc3b68558e4c6d8d160b5daf2511b99afa8814 Version: e6fc3b68558e4c6d8d160b5daf2511b99afa8814 Version: e6fc3b68558e4c6d8d160b5daf2511b99afa8814 Version: e6fc3b68558e4c6d8d160b5daf2511b99afa8814 Version: e6fc3b68558e4c6d8d160b5daf2511b99afa8814 Version: e6fc3b68558e4c6d8d160b5daf2511b99afa8814 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4ab7e453a3ee88c274cf97bee9487ab92a66d313",
"status": "affected",
"version": "e6fc3b68558e4c6d8d160b5daf2511b99afa8814",
"versionType": "git"
},
{
"lessThan": "1e29d829ad51d1472dd035487953a6724b56fc33",
"status": "affected",
"version": "e6fc3b68558e4c6d8d160b5daf2511b99afa8814",
"versionType": "git"
},
{
"lessThan": "b5cd108143513e4498027b96ec4710702d186f11",
"status": "affected",
"version": "e6fc3b68558e4c6d8d160b5daf2511b99afa8814",
"versionType": "git"
},
{
"lessThan": "978e3d023256bfaf34a0033d40c94e8a8e70cf3c",
"status": "affected",
"version": "e6fc3b68558e4c6d8d160b5daf2511b99afa8814",
"versionType": "git"
},
{
"lessThan": "787163d19bc3cdc6ca4b96223f62208534d1cf6b",
"status": "affected",
"version": "e6fc3b68558e4c6d8d160b5daf2511b99afa8814",
"versionType": "git"
},
{
"lessThan": "ad6dd7a2bac86118985c7b3426e175b9d3c1ec4f",
"status": "affected",
"version": "e6fc3b68558e4c6d8d160b5daf2511b99afa8814",
"versionType": "git"
},
{
"lessThan": "4b674dd69701c2e22e8e7770c1706a69f3b17269",
"status": "affected",
"version": "e6fc3b68558e4c6d8d160b5daf2511b99afa8814",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/plane: Move range check for format_count earlier\n\nWhile the check for format_count \u003e 64 in __drm_universal_plane_init()\nshouldn\u0027t be hit (it\u0027s a WARN_ON), in its current position it will then\nleak the plane-\u003eformat_types array and fail to call\ndrm_mode_object_unregister() leaking the modeset identifier. Move it to\nthe start of the function to avoid allocating those resources in the\nfirst place."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T07:23:06.514Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4ab7e453a3ee88c274cf97bee9487ab92a66d313"
},
{
"url": "https://git.kernel.org/stable/c/1e29d829ad51d1472dd035487953a6724b56fc33"
},
{
"url": "https://git.kernel.org/stable/c/b5cd108143513e4498027b96ec4710702d186f11"
},
{
"url": "https://git.kernel.org/stable/c/978e3d023256bfaf34a0033d40c94e8a8e70cf3c"
},
{
"url": "https://git.kernel.org/stable/c/787163d19bc3cdc6ca4b96223f62208534d1cf6b"
},
{
"url": "https://git.kernel.org/stable/c/ad6dd7a2bac86118985c7b3426e175b9d3c1ec4f"
},
{
"url": "https://git.kernel.org/stable/c/4b674dd69701c2e22e8e7770c1706a69f3b17269"
}
],
"title": "drm/plane: Move range check for format_count earlier",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47659",
"datePublished": "2025-02-26T02:05:56.954Z",
"dateReserved": "2025-02-26T02:04:38.057Z",
"dateUpdated": "2025-05-16T07:23:06.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49212 (GCVE-0-2022-49212)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
The reference counting issue happens in several error handling paths
on a refcounted object "nc->dmac". In these paths, the function simply
returns the error code, forgetting to balance the reference count of
"nc->dmac", increased earlier by dma_request_channel(), which may
cause refcount leaks.
Fix it by decrementing the refcount of specific object in those error
paths.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f88fc122cc34c2545dec9562eaab121494e401ef Version: f88fc122cc34c2545dec9562eaab121494e401ef Version: f88fc122cc34c2545dec9562eaab121494e401ef Version: f88fc122cc34c2545dec9562eaab121494e401ef Version: f88fc122cc34c2545dec9562eaab121494e401ef Version: f88fc122cc34c2545dec9562eaab121494e401ef Version: f88fc122cc34c2545dec9562eaab121494e401ef Version: f88fc122cc34c2545dec9562eaab121494e401ef |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49212",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:46:47.729080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:05.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mtd/nand/raw/atmel/nand-controller.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0856bf27057561f42b37df111603cf5a0d040294",
"status": "affected",
"version": "f88fc122cc34c2545dec9562eaab121494e401ef",
"versionType": "git"
},
{
"lessThan": "9843c9c98f26c6ad843260b19bfdaa2598f2ae1e",
"status": "affected",
"version": "f88fc122cc34c2545dec9562eaab121494e401ef",
"versionType": "git"
},
{
"lessThan": "9b08d211db4c447eb1a07df65e45e0aa772e0fa6",
"status": "affected",
"version": "f88fc122cc34c2545dec9562eaab121494e401ef",
"versionType": "git"
},
{
"lessThan": "a3587259ae553e41d1ce8c7435351a5d6b299a11",
"status": "affected",
"version": "f88fc122cc34c2545dec9562eaab121494e401ef",
"versionType": "git"
},
{
"lessThan": "fe0e2ce5c87e9c0b9485ff566362030aa55972cf",
"status": "affected",
"version": "f88fc122cc34c2545dec9562eaab121494e401ef",
"versionType": "git"
},
{
"lessThan": "8baea2b96fa90af8d0f937caf4cf2105ee094d93",
"status": "affected",
"version": "f88fc122cc34c2545dec9562eaab121494e401ef",
"versionType": "git"
},
{
"lessThan": "f1694169f3674cdf7553aed06864254635679878",
"status": "affected",
"version": "f88fc122cc34c2545dec9562eaab121494e401ef",
"versionType": "git"
},
{
"lessThan": "fecbd4a317c95d73c849648c406bcf1b6a0ec1cf",
"status": "affected",
"version": "f88fc122cc34c2545dec9562eaab121494e401ef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mtd/nand/raw/atmel/nand-controller.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init\n\nThe reference counting issue happens in several error handling paths\non a refcounted object \"nc-\u003edmac\". In these paths, the function simply\nreturns the error code, forgetting to balance the reference count of\n\"nc-\u003edmac\", increased earlier by dma_request_channel(), which may\ncause refcount leaks.\n\nFix it by decrementing the refcount of specific object in those error\npaths."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:29.102Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0856bf27057561f42b37df111603cf5a0d040294"
},
{
"url": "https://git.kernel.org/stable/c/9843c9c98f26c6ad843260b19bfdaa2598f2ae1e"
},
{
"url": "https://git.kernel.org/stable/c/9b08d211db4c447eb1a07df65e45e0aa772e0fa6"
},
{
"url": "https://git.kernel.org/stable/c/a3587259ae553e41d1ce8c7435351a5d6b299a11"
},
{
"url": "https://git.kernel.org/stable/c/fe0e2ce5c87e9c0b9485ff566362030aa55972cf"
},
{
"url": "https://git.kernel.org/stable/c/8baea2b96fa90af8d0f937caf4cf2105ee094d93"
},
{
"url": "https://git.kernel.org/stable/c/f1694169f3674cdf7553aed06864254635679878"
},
{
"url": "https://git.kernel.org/stable/c/fecbd4a317c95d73c849648c406bcf1b6a0ec1cf"
}
],
"title": "mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49212",
"datePublished": "2025-02-26T01:55:48.690Z",
"dateReserved": "2025-02-26T01:49:39.292Z",
"dateUpdated": "2025-10-01T19:47:05.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49271 (GCVE-0-2022-49271)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-10-29 10:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cifs: prevent bad output lengths in smb2_ioctl_query_info()
When calling smb2_ioctl_query_info() with
smb_query_info::flags=PASSTHRU_FSCTL and
smb_query_info::output_buffer_length=0, the following would return
0x10
buffer = memdup_user(arg + sizeof(struct smb_query_info),
qi.output_buffer_length);
if (IS_ERR(buffer)) {
kfree(vars);
return PTR_ERR(buffer);
}
rather than a valid pointer thus making IS_ERR() check fail. This
would then cause a NULL ptr deference in @buffer when accessing it
later in smb2_ioctl_query_ioctl(). While at it, prevent having a
@buffer smaller than 8 bytes to correctly handle SMB2_SET_INFO
FileEndOfFileInformation requests when
smb_query_info::flags=PASSTHRU_SET_INFO.
Here is a small C reproducer which triggers a NULL ptr in @buffer when
passing an invalid smb_query_info::flags
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#define die(s) perror(s), exit(1)
#define QUERY_INFO 0xc018cf07
int main(int argc, char *argv[])
{
int fd;
if (argc < 2)
exit(1);
fd = open(argv[1], O_RDONLY);
if (fd == -1)
die("open");
if (ioctl(fd, QUERY_INFO, (uint32_t[]) { 0, 0, 0, 4, 0, 0}) == -1)
die("ioctl");
close(fd);
return 0;
}
mount.cifs //srv/share /mnt -o ...
gcc repro.c && ./a.out /mnt/f0
[ 114.138620] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 114.139310] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 114.139775] CPU: 2 PID: 995 Comm: a.out Not tainted 5.17.0-rc8 #1
[ 114.140148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014
[ 114.140818] RIP: 0010:smb2_ioctl_query_info+0x206/0x410 [cifs]
[ 114.141221] Code: 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 c8 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 7b 28 4c 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 9c 01 00 00 49 8b 3f e8 58 02 fb ff 48 8b 14 24
[ 114.142348] RSP: 0018:ffffc90000b47b00 EFLAGS: 00010256
[ 114.142692] RAX: dffffc0000000000 RBX: ffff888115503200 RCX: ffffffffa020580d
[ 114.143119] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffffa043a380
[ 114.143544] RBP: ffff888115503278 R08: 0000000000000001 R09: 0000000000000003
[ 114.143983] R10: fffffbfff4087470 R11: 0000000000000001 R12: ffff888115503288
[ 114.144424] R13: 00000000ffffffea R14: ffff888115503228 R15: 0000000000000000
[ 114.144852] FS: 00007f7aeabdf740(0000) GS:ffff888151600000(0000) knlGS:0000000000000000
[ 114.145338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 114.145692] CR2: 00007f7aeacfdf5e CR3: 000000012000e000 CR4: 0000000000350ee0
[ 114.146131] Call Trace:
[ 114.146291] <TASK>
[ 114.146432] ? smb2_query_reparse_tag+0x890/0x890 [cifs]
[ 114.146800] ? cifs_mapchar+0x460/0x460 [cifs]
[ 114.147121] ? rcu_read_lock_sched_held+0x3f/0x70
[ 114.147412] ? cifs_strndup_to_utf16+0x15b/0x250 [cifs]
[ 114.147775] ? dentry_path_raw+0xa6/0xf0
[ 114.148024] ? cifs_convert_path_to_utf16+0x198/0x220 [cifs]
[ 114.148413] ? smb2_check_message+0x1080/0x1080 [cifs]
[ 114.148766] ? rcu_read_lock_sched_held+0x3f/0x70
[ 114.149065] cifs_ioctl+0x1577/0x3320 [cifs]
[ 114.149371] ? lock_downgrade+0x6f0/0x6f0
[ 114.149631] ? cifs_readdir+0x2e60/0x2e60 [cifs]
[ 114.149956] ? rcu_read_lock_sched_held+0x3f/0x70
[ 114.150250] ? __rseq_handle_notify_resume+0x80b/0xbe0
[ 114.150562] ? __up_read+0x192/0x710
[ 114.150791] ? __ia32_sys_rseq+0xf0/0xf0
[ 114.151025] ? __x64_sys_openat+0x11f/0x1d0
[ 114.151296] __x64_sys_ioctl+0x127/0x190
[ 114.151549] do_syscall_64+0x3b/0x90
[ 114.151768] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 114.152079] RIP: 0033:0x7f7aead043df
[ 114.152306] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24
---truncated---
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/cifs/smb2ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9963ccea6087268e1275b992dca5d0dd4b938765",
"status": "affected",
"version": "cfaa1181097f6a1a6f4f6670ebc97848efda0883",
"versionType": "git"
},
{
"lessThan": "f143f8334fb9eb2f6c7c15b9da1472d9c965fd84",
"status": "affected",
"version": "cfaa1181097f6a1a6f4f6670ebc97848efda0883",
"versionType": "git"
},
{
"lessThan": "fadddfc1dc3c6f79b21cff4a7e9a6c40b84fbc53",
"status": "affected",
"version": "cfaa1181097f6a1a6f4f6670ebc97848efda0883",
"versionType": "git"
},
{
"lessThan": "7529fbee10d82493c5cb109e51788bf74816d1c0",
"status": "affected",
"version": "cfaa1181097f6a1a6f4f6670ebc97848efda0883",
"versionType": "git"
},
{
"lessThan": "b92e358757b91c2827af112cae9af513f26a3f34",
"status": "affected",
"version": "cfaa1181097f6a1a6f4f6670ebc97848efda0883",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/cifs/smb2ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: prevent bad output lengths in smb2_ioctl_query_info()\n\nWhen calling smb2_ioctl_query_info() with\nsmb_query_info::flags=PASSTHRU_FSCTL and\nsmb_query_info::output_buffer_length=0, the following would return\n0x10\n\n\tbuffer = memdup_user(arg + sizeof(struct smb_query_info),\n\t\t\t qi.output_buffer_length);\n\tif (IS_ERR(buffer)) {\n\t\tkfree(vars);\n\t\treturn PTR_ERR(buffer);\n\t}\n\nrather than a valid pointer thus making IS_ERR() check fail. This\nwould then cause a NULL ptr deference in @buffer when accessing it\nlater in smb2_ioctl_query_ioctl(). While at it, prevent having a\n@buffer smaller than 8 bytes to correctly handle SMB2_SET_INFO\nFileEndOfFileInformation requests when\nsmb_query_info::flags=PASSTHRU_SET_INFO.\n\nHere is a small C reproducer which triggers a NULL ptr in @buffer when\npassing an invalid smb_query_info::flags\n\n\t#include \u003cstdio.h\u003e\n\t#include \u003cstdlib.h\u003e\n\t#include \u003cstdint.h\u003e\n\t#include \u003cunistd.h\u003e\n\t#include \u003cfcntl.h\u003e\n\t#include \u003csys/ioctl.h\u003e\n\n\t#define die(s) perror(s), exit(1)\n\t#define QUERY_INFO 0xc018cf07\n\n\tint main(int argc, char *argv[])\n\t{\n\t\tint fd;\n\n\t\tif (argc \u003c 2)\n\t\t\texit(1);\n\t\tfd = open(argv[1], O_RDONLY);\n\t\tif (fd == -1)\n\t\t\tdie(\"open\");\n\t\tif (ioctl(fd, QUERY_INFO, (uint32_t[]) { 0, 0, 0, 4, 0, 0}) == -1)\n\t\t\tdie(\"ioctl\");\n\t\tclose(fd);\n\t\treturn 0;\n\t}\n\n\tmount.cifs //srv/share /mnt -o ...\n\tgcc repro.c \u0026\u0026 ./a.out /mnt/f0\n\n\t[ 114.138620] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\n\t[ 114.139310] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n\t[ 114.139775] CPU: 2 PID: 995 Comm: a.out Not tainted 5.17.0-rc8 #1\n\t[ 114.140148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014\n\t[ 114.140818] RIP: 0010:smb2_ioctl_query_info+0x206/0x410 [cifs]\n\t[ 114.141221] Code: 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 c8 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 7b 28 4c 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 9c 01 00 00 49 8b 3f e8 58 02 fb ff 48 8b 14 24\n\t[ 114.142348] RSP: 0018:ffffc90000b47b00 EFLAGS: 00010256\n\t[ 114.142692] RAX: dffffc0000000000 RBX: ffff888115503200 RCX: ffffffffa020580d\n\t[ 114.143119] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffffa043a380\n\t[ 114.143544] RBP: ffff888115503278 R08: 0000000000000001 R09: 0000000000000003\n\t[ 114.143983] R10: fffffbfff4087470 R11: 0000000000000001 R12: ffff888115503288\n\t[ 114.144424] R13: 00000000ffffffea R14: ffff888115503228 R15: 0000000000000000\n\t[ 114.144852] FS: 00007f7aeabdf740(0000) GS:ffff888151600000(0000) knlGS:0000000000000000\n\t[ 114.145338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\t[ 114.145692] CR2: 00007f7aeacfdf5e CR3: 000000012000e000 CR4: 0000000000350ee0\n\t[ 114.146131] Call Trace:\n\t[ 114.146291] \u003cTASK\u003e\n\t[ 114.146432] ? smb2_query_reparse_tag+0x890/0x890 [cifs]\n\t[ 114.146800] ? cifs_mapchar+0x460/0x460 [cifs]\n\t[ 114.147121] ? rcu_read_lock_sched_held+0x3f/0x70\n\t[ 114.147412] ? cifs_strndup_to_utf16+0x15b/0x250 [cifs]\n\t[ 114.147775] ? dentry_path_raw+0xa6/0xf0\n\t[ 114.148024] ? cifs_convert_path_to_utf16+0x198/0x220 [cifs]\n\t[ 114.148413] ? smb2_check_message+0x1080/0x1080 [cifs]\n\t[ 114.148766] ? rcu_read_lock_sched_held+0x3f/0x70\n\t[ 114.149065] cifs_ioctl+0x1577/0x3320 [cifs]\n\t[ 114.149371] ? lock_downgrade+0x6f0/0x6f0\n\t[ 114.149631] ? cifs_readdir+0x2e60/0x2e60 [cifs]\n\t[ 114.149956] ? rcu_read_lock_sched_held+0x3f/0x70\n\t[ 114.150250] ? __rseq_handle_notify_resume+0x80b/0xbe0\n\t[ 114.150562] ? __up_read+0x192/0x710\n\t[ 114.150791] ? __ia32_sys_rseq+0xf0/0xf0\n\t[ 114.151025] ? __x64_sys_openat+0x11f/0x1d0\n\t[ 114.151296] __x64_sys_ioctl+0x127/0x190\n\t[ 114.151549] do_syscall_64+0x3b/0x90\n\t[ 114.151768] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\t[ 114.152079] RIP: 0033:0x7f7aead043df\n\t[ 114.152306] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T10:49:55.652Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9963ccea6087268e1275b992dca5d0dd4b938765"
},
{
"url": "https://git.kernel.org/stable/c/f143f8334fb9eb2f6c7c15b9da1472d9c965fd84"
},
{
"url": "https://git.kernel.org/stable/c/fadddfc1dc3c6f79b21cff4a7e9a6c40b84fbc53"
},
{
"url": "https://git.kernel.org/stable/c/7529fbee10d82493c5cb109e51788bf74816d1c0"
},
{
"url": "https://git.kernel.org/stable/c/b92e358757b91c2827af112cae9af513f26a3f34"
}
],
"title": "cifs: prevent bad output lengths in smb2_ioctl_query_info()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49271",
"datePublished": "2025-02-26T01:56:18.148Z",
"dateReserved": "2025-02-26T01:49:39.297Z",
"dateUpdated": "2025-10-29T10:49:55.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49478 (GCVE-0-2022-49478)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
Syzbot reported that -1 is used as array index. The problem was in
missing validation check.
hdw->unit_number is initialized with -1 and then if init table walk fails
this value remains unchanged. Since code blindly uses this member for
array indexing adding sanity check is the easiest fix for that.
hdw->workpoll initialization moved upper to prevent warning in
__flush_work.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d855497edbfbf9e19a17f4a1154bca69cb4bd9ba Version: d855497edbfbf9e19a17f4a1154bca69cb4bd9ba Version: d855497edbfbf9e19a17f4a1154bca69cb4bd9ba Version: d855497edbfbf9e19a17f4a1154bca69cb4bd9ba Version: d855497edbfbf9e19a17f4a1154bca69cb4bd9ba Version: d855497edbfbf9e19a17f4a1154bca69cb4bd9ba Version: d855497edbfbf9e19a17f4a1154bca69cb4bd9ba Version: d855497edbfbf9e19a17f4a1154bca69cb4bd9ba Version: d855497edbfbf9e19a17f4a1154bca69cb4bd9ba |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:29.496371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:45.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/pvrusb2/pvrusb2-hdw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4351bfe36aba9fa7dc9d68d498d25d41a0f45e67",
"status": "affected",
"version": "d855497edbfbf9e19a17f4a1154bca69cb4bd9ba",
"versionType": "git"
},
{
"lessThan": "2e004fe914b243db41fa96f9e583385f360ea58e",
"status": "affected",
"version": "d855497edbfbf9e19a17f4a1154bca69cb4bd9ba",
"versionType": "git"
},
{
"lessThan": "a3660e06675bccec4bf149c7229ea1d491ba10d7",
"status": "affected",
"version": "d855497edbfbf9e19a17f4a1154bca69cb4bd9ba",
"versionType": "git"
},
{
"lessThan": "1310fc3538dcc375a2f46ef0a438512c2ca32827",
"status": "affected",
"version": "d855497edbfbf9e19a17f4a1154bca69cb4bd9ba",
"versionType": "git"
},
{
"lessThan": "a3304766d9384886e6d3092c776273526947a2e9",
"status": "affected",
"version": "d855497edbfbf9e19a17f4a1154bca69cb4bd9ba",
"versionType": "git"
},
{
"lessThan": "3309c2c574e13b21b44729f5bdbf21f60189b79a",
"status": "affected",
"version": "d855497edbfbf9e19a17f4a1154bca69cb4bd9ba",
"versionType": "git"
},
{
"lessThan": "f99a8b1ec0eddc2931aeaa4f490277a15b39f511",
"status": "affected",
"version": "d855497edbfbf9e19a17f4a1154bca69cb4bd9ba",
"versionType": "git"
},
{
"lessThan": "24e807541e4a9263ed928e6ae3498de3ad43bd1e",
"status": "affected",
"version": "d855497edbfbf9e19a17f4a1154bca69cb4bd9ba",
"versionType": "git"
},
{
"lessThan": "471bec68457aaf981add77b4f590d65dd7da1059",
"status": "affected",
"version": "d855497edbfbf9e19a17f4a1154bca69cb4bd9ba",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/pvrusb2/pvrusb2-hdw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.18"
},
{
"lessThan": "2.6.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "2.6.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init\n\nSyzbot reported that -1 is used as array index. The problem was in\nmissing validation check.\n\nhdw-\u003eunit_number is initialized with -1 and then if init table walk fails\nthis value remains unchanged. Since code blindly uses this member for\narray indexing adding sanity check is the easiest fix for that.\n\nhdw-\u003eworkpoll initialization moved upper to prevent warning in\n__flush_work."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:35.676Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4351bfe36aba9fa7dc9d68d498d25d41a0f45e67"
},
{
"url": "https://git.kernel.org/stable/c/2e004fe914b243db41fa96f9e583385f360ea58e"
},
{
"url": "https://git.kernel.org/stable/c/a3660e06675bccec4bf149c7229ea1d491ba10d7"
},
{
"url": "https://git.kernel.org/stable/c/1310fc3538dcc375a2f46ef0a438512c2ca32827"
},
{
"url": "https://git.kernel.org/stable/c/a3304766d9384886e6d3092c776273526947a2e9"
},
{
"url": "https://git.kernel.org/stable/c/3309c2c574e13b21b44729f5bdbf21f60189b79a"
},
{
"url": "https://git.kernel.org/stable/c/f99a8b1ec0eddc2931aeaa4f490277a15b39f511"
},
{
"url": "https://git.kernel.org/stable/c/24e807541e4a9263ed928e6ae3498de3ad43bd1e"
},
{
"url": "https://git.kernel.org/stable/c/471bec68457aaf981add77b4f590d65dd7da1059"
}
],
"title": "media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49478",
"datePublished": "2025-02-26T02:13:19.330Z",
"dateReserved": "2025-02-26T02:08:31.581Z",
"dateUpdated": "2025-10-01T19:46:45.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49179 (GCVE-0-2022-49179)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: don't move oom_bfqq
Our test report a UAF:
[ 2073.019181] ==================================================================
[ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168
[ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584
[ 2073.019192]
[ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5
[ 2073.019198] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[ 2073.019200] Call trace:
[ 2073.019203] dump_backtrace+0x0/0x310
[ 2073.019206] show_stack+0x28/0x38
[ 2073.019210] dump_stack+0xec/0x15c
[ 2073.019216] print_address_description+0x68/0x2d0
[ 2073.019220] kasan_report+0x238/0x2f0
[ 2073.019224] __asan_store8+0x88/0xb0
[ 2073.019229] __bfq_put_async_bfqq+0xa0/0x168
[ 2073.019233] bfq_put_async_queues+0xbc/0x208
[ 2073.019236] bfq_pd_offline+0x178/0x238
[ 2073.019240] blkcg_deactivate_policy+0x1f0/0x420
[ 2073.019244] bfq_exit_queue+0x128/0x178
[ 2073.019249] blk_mq_exit_sched+0x12c/0x160
[ 2073.019252] elevator_exit+0xc8/0xd0
[ 2073.019256] blk_exit_queue+0x50/0x88
[ 2073.019259] blk_cleanup_queue+0x228/0x3d8
[ 2073.019267] null_del_dev+0xfc/0x1e0 [null_blk]
[ 2073.019274] null_exit+0x90/0x114 [null_blk]
[ 2073.019278] __arm64_sys_delete_module+0x358/0x5a0
[ 2073.019282] el0_svc_common+0xc8/0x320
[ 2073.019287] el0_svc_handler+0xf8/0x160
[ 2073.019290] el0_svc+0x10/0x218
[ 2073.019291]
[ 2073.019294] Allocated by task 14163:
[ 2073.019301] kasan_kmalloc+0xe0/0x190
[ 2073.019305] kmem_cache_alloc_node_trace+0x1cc/0x418
[ 2073.019308] bfq_pd_alloc+0x54/0x118
[ 2073.019313] blkcg_activate_policy+0x250/0x460
[ 2073.019317] bfq_create_group_hierarchy+0x38/0x110
[ 2073.019321] bfq_init_queue+0x6d0/0x948
[ 2073.019325] blk_mq_init_sched+0x1d8/0x390
[ 2073.019330] elevator_switch_mq+0x88/0x170
[ 2073.019334] elevator_switch+0x140/0x270
[ 2073.019338] elv_iosched_store+0x1a4/0x2a0
[ 2073.019342] queue_attr_store+0x90/0xe0
[ 2073.019348] sysfs_kf_write+0xa8/0xe8
[ 2073.019351] kernfs_fop_write+0x1f8/0x378
[ 2073.019359] __vfs_write+0xe0/0x360
[ 2073.019363] vfs_write+0xf0/0x270
[ 2073.019367] ksys_write+0xdc/0x1b8
[ 2073.019371] __arm64_sys_write+0x50/0x60
[ 2073.019375] el0_svc_common+0xc8/0x320
[ 2073.019380] el0_svc_handler+0xf8/0x160
[ 2073.019383] el0_svc+0x10/0x218
[ 2073.019385]
[ 2073.019387] Freed by task 72584:
[ 2073.019391] __kasan_slab_free+0x120/0x228
[ 2073.019394] kasan_slab_free+0x10/0x18
[ 2073.019397] kfree+0x94/0x368
[ 2073.019400] bfqg_put+0x64/0xb0
[ 2073.019404] bfqg_and_blkg_put+0x90/0xb0
[ 2073.019408] bfq_put_queue+0x220/0x228
[ 2073.019413] __bfq_put_async_bfqq+0x98/0x168
[ 2073.019416] bfq_put_async_queues+0xbc/0x208
[ 2073.019420] bfq_pd_offline+0x178/0x238
[ 2073.019424] blkcg_deactivate_policy+0x1f0/0x420
[ 2073.019429] bfq_exit_queue+0x128/0x178
[ 2073.019433] blk_mq_exit_sched+0x12c/0x160
[ 2073.019437] elevator_exit+0xc8/0xd0
[ 2073.019440] blk_exit_queue+0x50/0x88
[ 2073.019443] blk_cleanup_queue+0x228/0x3d8
[ 2073.019451] null_del_dev+0xfc/0x1e0 [null_blk]
[ 2073.019459] null_exit+0x90/0x114 [null_blk]
[ 2073.019462] __arm64_sys_delete_module+0x358/0x5a0
[ 2073.019467] el0_svc_common+0xc8/0x320
[ 2073.019471] el0_svc_handler+0xf8/0x160
[ 2073.019474] el0_svc+0x10/0x218
[ 2073.019475]
[ 2073.019479] The buggy address belongs to the object at ffff8000ccf63f00
which belongs to the cache kmalloc-1024 of size 1024
[ 2073.019484] The buggy address is located 552 bytes inside of
1024-byte region [ffff8000ccf63f00, ffff8000ccf64300)
[ 2073.019486] The buggy address belongs to the page:
[ 2073.019492] page:ffff7e000333d800 count:1 mapcount:0 mapping:ffff8000c0003a00 index:0x0 compound_mapcount: 0
[ 2073.020123] flags: 0x7ffff0000008100(slab|head)
[ 2073.020403] raw: 07ffff0000008100 ffff7e0003334c08 ffff7e00001f5a08 ffff8000c0003a00
[ 2073.020409] ra
---truncated---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:59:03.662860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:29.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/bfq-cgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c4f5a678add58a8a0e7ee5e038496b376ea6d205",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "7507ead1e9d42957c2340f2c4a0e9d00034e3366",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "8f34dea99cd7761156a146a5258a67d045d862f7",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "87fdfe8589d43e471dffb4c60f75eeb6f37afc4c",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "c01fced8d38fbccc82787065229578006f28e020",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "8410f70977734f21b8ed45c37e925d311dfda2e7",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/bfq-cgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: don\u0027t move oom_bfqq\n\nOur test report a UAF:\n\n[ 2073.019181] ==================================================================\n[ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584\n[ 2073.019192]\n[ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5\n[ 2073.019198] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n[ 2073.019200] Call trace:\n[ 2073.019203] dump_backtrace+0x0/0x310\n[ 2073.019206] show_stack+0x28/0x38\n[ 2073.019210] dump_stack+0xec/0x15c\n[ 2073.019216] print_address_description+0x68/0x2d0\n[ 2073.019220] kasan_report+0x238/0x2f0\n[ 2073.019224] __asan_store8+0x88/0xb0\n[ 2073.019229] __bfq_put_async_bfqq+0xa0/0x168\n[ 2073.019233] bfq_put_async_queues+0xbc/0x208\n[ 2073.019236] bfq_pd_offline+0x178/0x238\n[ 2073.019240] blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019244] bfq_exit_queue+0x128/0x178\n[ 2073.019249] blk_mq_exit_sched+0x12c/0x160\n[ 2073.019252] elevator_exit+0xc8/0xd0\n[ 2073.019256] blk_exit_queue+0x50/0x88\n[ 2073.019259] blk_cleanup_queue+0x228/0x3d8\n[ 2073.019267] null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019274] null_exit+0x90/0x114 [null_blk]\n[ 2073.019278] __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019282] el0_svc_common+0xc8/0x320\n[ 2073.019287] el0_svc_handler+0xf8/0x160\n[ 2073.019290] el0_svc+0x10/0x218\n[ 2073.019291]\n[ 2073.019294] Allocated by task 14163:\n[ 2073.019301] kasan_kmalloc+0xe0/0x190\n[ 2073.019305] kmem_cache_alloc_node_trace+0x1cc/0x418\n[ 2073.019308] bfq_pd_alloc+0x54/0x118\n[ 2073.019313] blkcg_activate_policy+0x250/0x460\n[ 2073.019317] bfq_create_group_hierarchy+0x38/0x110\n[ 2073.019321] bfq_init_queue+0x6d0/0x948\n[ 2073.019325] blk_mq_init_sched+0x1d8/0x390\n[ 2073.019330] elevator_switch_mq+0x88/0x170\n[ 2073.019334] elevator_switch+0x140/0x270\n[ 2073.019338] elv_iosched_store+0x1a4/0x2a0\n[ 2073.019342] queue_attr_store+0x90/0xe0\n[ 2073.019348] sysfs_kf_write+0xa8/0xe8\n[ 2073.019351] kernfs_fop_write+0x1f8/0x378\n[ 2073.019359] __vfs_write+0xe0/0x360\n[ 2073.019363] vfs_write+0xf0/0x270\n[ 2073.019367] ksys_write+0xdc/0x1b8\n[ 2073.019371] __arm64_sys_write+0x50/0x60\n[ 2073.019375] el0_svc_common+0xc8/0x320\n[ 2073.019380] el0_svc_handler+0xf8/0x160\n[ 2073.019383] el0_svc+0x10/0x218\n[ 2073.019385]\n[ 2073.019387] Freed by task 72584:\n[ 2073.019391] __kasan_slab_free+0x120/0x228\n[ 2073.019394] kasan_slab_free+0x10/0x18\n[ 2073.019397] kfree+0x94/0x368\n[ 2073.019400] bfqg_put+0x64/0xb0\n[ 2073.019404] bfqg_and_blkg_put+0x90/0xb0\n[ 2073.019408] bfq_put_queue+0x220/0x228\n[ 2073.019413] __bfq_put_async_bfqq+0x98/0x168\n[ 2073.019416] bfq_put_async_queues+0xbc/0x208\n[ 2073.019420] bfq_pd_offline+0x178/0x238\n[ 2073.019424] blkcg_deactivate_policy+0x1f0/0x420\n[ 2073.019429] bfq_exit_queue+0x128/0x178\n[ 2073.019433] blk_mq_exit_sched+0x12c/0x160\n[ 2073.019437] elevator_exit+0xc8/0xd0\n[ 2073.019440] blk_exit_queue+0x50/0x88\n[ 2073.019443] blk_cleanup_queue+0x228/0x3d8\n[ 2073.019451] null_del_dev+0xfc/0x1e0 [null_blk]\n[ 2073.019459] null_exit+0x90/0x114 [null_blk]\n[ 2073.019462] __arm64_sys_delete_module+0x358/0x5a0\n[ 2073.019467] el0_svc_common+0xc8/0x320\n[ 2073.019471] el0_svc_handler+0xf8/0x160\n[ 2073.019474] el0_svc+0x10/0x218\n[ 2073.019475]\n[ 2073.019479] The buggy address belongs to the object at ffff8000ccf63f00\n which belongs to the cache kmalloc-1024 of size 1024\n[ 2073.019484] The buggy address is located 552 bytes inside of\n 1024-byte region [ffff8000ccf63f00, ffff8000ccf64300)\n[ 2073.019486] The buggy address belongs to the page:\n[ 2073.019492] page:ffff7e000333d800 count:1 mapcount:0 mapping:ffff8000c0003a00 index:0x0 compound_mapcount: 0\n[ 2073.020123] flags: 0x7ffff0000008100(slab|head)\n[ 2073.020403] raw: 07ffff0000008100 ffff7e0003334c08 ffff7e00001f5a08 ffff8000c0003a00\n[ 2073.020409] ra\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:42.491Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c4f5a678add58a8a0e7ee5e038496b376ea6d205"
},
{
"url": "https://git.kernel.org/stable/c/7507ead1e9d42957c2340f2c4a0e9d00034e3366"
},
{
"url": "https://git.kernel.org/stable/c/8f34dea99cd7761156a146a5258a67d045d862f7"
},
{
"url": "https://git.kernel.org/stable/c/87fdfe8589d43e471dffb4c60f75eeb6f37afc4c"
},
{
"url": "https://git.kernel.org/stable/c/c01fced8d38fbccc82787065229578006f28e020"
},
{
"url": "https://git.kernel.org/stable/c/8410f70977734f21b8ed45c37e925d311dfda2e7"
}
],
"title": "block, bfq: don\u0027t move oom_bfqq",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49179",
"datePublished": "2025-02-26T01:55:32.100Z",
"dateReserved": "2025-02-26T01:49:39.281Z",
"dateUpdated": "2025-05-04T08:31:42.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49285 (GCVE-0-2022-49285)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: accel: mma8452: use the correct logic to get mma8452_data
The original logic to get mma8452_data is wrong, the *dev point to
the device belong to iio_dev. we can't use this dev to find the
correct i2c_client. The original logic happen to work because it
finally use dev->driver_data to get iio_dev. Here use the API
to_i2c_client() is wrong and make reader confuse. To correct the
logic, it should be like this
struct mma8452_data *data = iio_priv(dev_get_drvdata(dev));
But after commit 8b7651f25962 ("iio: iio_device_alloc(): Remove
unnecessary self drvdata"), the upper logic also can't work.
When try to show the avialable scale in userspace, will meet kernel
dump, kernel handle NULL pointer dereference.
So use dev_to_iio_dev() to correct the logic.
Dual fixes tags as the second reflects when the bug was exposed, whilst
the first reflects when the original bug was introduced.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/accel/mma8452.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4c0bb583a4444cce224e8661090cbffc98e2fe07",
"status": "affected",
"version": "c3cdd6e48e35b7a02f28e301ef30a87ff3cd6527",
"versionType": "git"
},
{
"lessThan": "d2d9ebdbff79d87d27652578e6d1638ad3b5f3bf",
"status": "affected",
"version": "c3cdd6e48e35b7a02f28e301ef30a87ff3cd6527",
"versionType": "git"
},
{
"lessThan": "c87b7b12f48db86ac9909894f4dc0107d7df6375",
"status": "affected",
"version": "c3cdd6e48e35b7a02f28e301ef30a87ff3cd6527",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/accel/mma8452.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: mma8452: use the correct logic to get mma8452_data\n\nThe original logic to get mma8452_data is wrong, the *dev point to\nthe device belong to iio_dev. we can\u0027t use this dev to find the\ncorrect i2c_client. The original logic happen to work because it\nfinally use dev-\u003edriver_data to get iio_dev. Here use the API\nto_i2c_client() is wrong and make reader confuse. To correct the\nlogic, it should be like this\n\n struct mma8452_data *data = iio_priv(dev_get_drvdata(dev));\n\nBut after commit 8b7651f25962 (\"iio: iio_device_alloc(): Remove\nunnecessary self drvdata\"), the upper logic also can\u0027t work.\nWhen try to show the avialable scale in userspace, will meet kernel\ndump, kernel handle NULL pointer dereference.\n\nSo use dev_to_iio_dev() to correct the logic.\n\nDual fixes tags as the second reflects when the bug was exposed, whilst\nthe first reflects when the original bug was introduced."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:15.589Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4c0bb583a4444cce224e8661090cbffc98e2fe07"
},
{
"url": "https://git.kernel.org/stable/c/d2d9ebdbff79d87d27652578e6d1638ad3b5f3bf"
},
{
"url": "https://git.kernel.org/stable/c/c87b7b12f48db86ac9909894f4dc0107d7df6375"
}
],
"title": "iio: accel: mma8452: use the correct logic to get mma8452_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49285",
"datePublished": "2025-02-26T01:56:25.096Z",
"dateReserved": "2025-02-26T01:49:39.298Z",
"dateUpdated": "2025-05-04T08:34:15.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49249 (GCVE-0-2022-49249)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: wc938x: fix accessing array out of bounds for enum type
Accessing enums using integer would result in array out of bounds access
on platforms like aarch64 where sizeof(long) is 8 compared to enum size
which is 4 bytes.
Fix this by using enumerated items instead of integers.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/wcd938x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "adafea71b49ec4dbc44e0b84ec6eb602004a7a08",
"status": "affected",
"version": "e8ba1e05bdc016700c85fad559a812c2e795442f",
"versionType": "git"
},
{
"lessThan": "f03c0c94186d5876857132d97e28f20cdc100bdc",
"status": "affected",
"version": "e8ba1e05bdc016700c85fad559a812c2e795442f",
"versionType": "git"
},
{
"lessThan": "d09aee1b1da196be11ed86dd4897f228f2487613",
"status": "affected",
"version": "e8ba1e05bdc016700c85fad559a812c2e795442f",
"versionType": "git"
},
{
"lessThan": "cc587b7c8fbbe128f6bd0dad025a0caea5e6d164",
"status": "affected",
"version": "e8ba1e05bdc016700c85fad559a812c2e795442f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/wcd938x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wc938x: fix accessing array out of bounds for enum type\n\nAccessing enums using integer would result in array out of bounds access\non platforms like aarch64 where sizeof(long) is 8 compared to enum size\nwhich is 4 bytes.\n\nFix this by using enumerated items instead of integers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:20.386Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/adafea71b49ec4dbc44e0b84ec6eb602004a7a08"
},
{
"url": "https://git.kernel.org/stable/c/f03c0c94186d5876857132d97e28f20cdc100bdc"
},
{
"url": "https://git.kernel.org/stable/c/d09aee1b1da196be11ed86dd4897f228f2487613"
},
{
"url": "https://git.kernel.org/stable/c/cc587b7c8fbbe128f6bd0dad025a0caea5e6d164"
}
],
"title": "ASoC: codecs: wc938x: fix accessing array out of bounds for enum type",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49249",
"datePublished": "2025-02-26T01:56:07.215Z",
"dateReserved": "2025-02-26T01:49:39.295Z",
"dateUpdated": "2025-05-04T08:33:20.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49175 (GCVE-0-2022-49175)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PM: core: keep irq flags in device_pm_check_callbacks()
The function device_pm_check_callbacks() can be called under the spin
lock (in the reported case it happens from genpd_add_device() ->
dev_pm_domain_set(), when the genpd uses spinlocks rather than mutexes.
However this function uncoditionally uses spin_lock_irq() /
spin_unlock_irq(), thus not preserving the CPU flags. Use the
irqsave/irqrestore instead.
The backtrace for the reference:
[ 2.752010] ------------[ cut here ]------------
[ 2.756769] raw_local_irq_restore() called with IRQs enabled
[ 2.762596] WARNING: CPU: 4 PID: 1 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x34/0x50
[ 2.772338] Modules linked in:
[ 2.775487] CPU: 4 PID: 1 Comm: swapper/0 Tainted: G S 5.17.0-rc6-00384-ge330d0d82eff-dirty #684
[ 2.781384] Freeing initrd memory: 46024K
[ 2.785839] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 2.785841] pc : warn_bogus_irq_restore+0x34/0x50
[ 2.785844] lr : warn_bogus_irq_restore+0x34/0x50
[ 2.785846] sp : ffff80000805b7d0
[ 2.785847] x29: ffff80000805b7d0 x28: 0000000000000000 x27: 0000000000000002
[ 2.785850] x26: ffffd40e80930b18 x25: ffff7ee2329192b8 x24: ffff7edfc9f60800
[ 2.785853] x23: ffffd40e80930b18 x22: ffffd40e80930d30 x21: ffff7edfc0dffa00
[ 2.785856] x20: ffff7edfc09e3768 x19: 0000000000000000 x18: ffffffffffffffff
[ 2.845775] x17: 6572206f74206465 x16: 6c696166203a3030 x15: ffff80008805b4f7
[ 2.853108] x14: 0000000000000000 x13: ffffd40e809550b0 x12: 00000000000003d8
[ 2.860441] x11: 0000000000000148 x10: ffffd40e809550b0 x9 : ffffd40e809550b0
[ 2.867774] x8 : 00000000ffffefff x7 : ffffd40e809ad0b0 x6 : ffffd40e809ad0b0
[ 2.875107] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000
[ 2.882440] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff7edfc03a8000
[ 2.889774] Call trace:
[ 2.892290] warn_bogus_irq_restore+0x34/0x50
[ 2.896770] _raw_spin_unlock_irqrestore+0x94/0xa0
[ 2.901690] genpd_unlock_spin+0x20/0x30
[ 2.905724] genpd_add_device+0x100/0x2d0
[ 2.909850] __genpd_dev_pm_attach+0xa8/0x23c
[ 2.914329] genpd_dev_pm_attach_by_id+0xc4/0x190
[ 2.919167] genpd_dev_pm_attach_by_name+0x3c/0xd0
[ 2.924086] dev_pm_domain_attach_by_name+0x24/0x30
[ 2.929102] psci_dt_attach_cpu+0x24/0x90
[ 2.933230] psci_cpuidle_probe+0x2d4/0x46c
[ 2.937534] platform_probe+0x68/0xe0
[ 2.941304] really_probe.part.0+0x9c/0x2fc
[ 2.945605] __driver_probe_device+0x98/0x144
[ 2.950085] driver_probe_device+0x44/0x15c
[ 2.954385] __device_attach_driver+0xb8/0x120
[ 2.958950] bus_for_each_drv+0x78/0xd0
[ 2.962896] __device_attach+0xd8/0x180
[ 2.966843] device_initial_probe+0x14/0x20
[ 2.971144] bus_probe_device+0x9c/0xa4
[ 2.975092] device_add+0x380/0x88c
[ 2.978679] platform_device_add+0x114/0x234
[ 2.983067] platform_device_register_full+0x100/0x190
[ 2.988344] psci_idle_init+0x6c/0xb0
[ 2.992113] do_one_initcall+0x74/0x3a0
[ 2.996060] kernel_init_freeable+0x2fc/0x384
[ 3.000543] kernel_init+0x28/0x130
[ 3.004132] ret_from_fork+0x10/0x20
[ 3.007817] irq event stamp: 319826
[ 3.011404] hardirqs last enabled at (319825): [<ffffd40e7eda0268>] __up_console_sem+0x78/0x84
[ 3.020332] hardirqs last disabled at (319826): [<ffffd40e7fd6d9d8>] el1_dbg+0x24/0x8c
[ 3.028458] softirqs last enabled at (318312): [<ffffd40e7ec90410>] _stext+0x410/0x588
[ 3.036678] softirqs last disabled at (318299): [<ffffd40e7ed1bf68>] __irq_exit_rcu+0x158/0x174
[ 3.045607] ---[ end trace 0000000000000000 ]---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/power/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3ec80d52b9b74b9e691997632a543c73eddfeba0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "78c4d68b952f5f537788dbd454031ea9bf50f642",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "be8bc05f38d667eda1e820bc6f69234795be7809",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0cccf9d4fb45f1acbc0bbf6d7e4d8d0fb7a10416",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ede1ef1a7de973321699736ef96d01a4b9a6fe9e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c29642ba72f87c0a3d7449f7db5d6d76a7ed53c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2add538e57a2825c61d639260386f385c75e4166",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c7c0ec5a1dcc3eaa1e85c804c2ccf46e457788a3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "524bb1da785a7ae43dd413cd392b5071c6c367f8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/power/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: core: keep irq flags in device_pm_check_callbacks()\n\nThe function device_pm_check_callbacks() can be called under the spin\nlock (in the reported case it happens from genpd_add_device() -\u003e\ndev_pm_domain_set(), when the genpd uses spinlocks rather than mutexes.\n\nHowever this function uncoditionally uses spin_lock_irq() /\nspin_unlock_irq(), thus not preserving the CPU flags. Use the\nirqsave/irqrestore instead.\n\nThe backtrace for the reference:\n[ 2.752010] ------------[ cut here ]------------\n[ 2.756769] raw_local_irq_restore() called with IRQs enabled\n[ 2.762596] WARNING: CPU: 4 PID: 1 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x34/0x50\n[ 2.772338] Modules linked in:\n[ 2.775487] CPU: 4 PID: 1 Comm: swapper/0 Tainted: G S 5.17.0-rc6-00384-ge330d0d82eff-dirty #684\n[ 2.781384] Freeing initrd memory: 46024K\n[ 2.785839] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2.785841] pc : warn_bogus_irq_restore+0x34/0x50\n[ 2.785844] lr : warn_bogus_irq_restore+0x34/0x50\n[ 2.785846] sp : ffff80000805b7d0\n[ 2.785847] x29: ffff80000805b7d0 x28: 0000000000000000 x27: 0000000000000002\n[ 2.785850] x26: ffffd40e80930b18 x25: ffff7ee2329192b8 x24: ffff7edfc9f60800\n[ 2.785853] x23: ffffd40e80930b18 x22: ffffd40e80930d30 x21: ffff7edfc0dffa00\n[ 2.785856] x20: ffff7edfc09e3768 x19: 0000000000000000 x18: ffffffffffffffff\n[ 2.845775] x17: 6572206f74206465 x16: 6c696166203a3030 x15: ffff80008805b4f7\n[ 2.853108] x14: 0000000000000000 x13: ffffd40e809550b0 x12: 00000000000003d8\n[ 2.860441] x11: 0000000000000148 x10: ffffd40e809550b0 x9 : ffffd40e809550b0\n[ 2.867774] x8 : 00000000ffffefff x7 : ffffd40e809ad0b0 x6 : ffffd40e809ad0b0\n[ 2.875107] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 2.882440] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff7edfc03a8000\n[ 2.889774] Call trace:\n[ 2.892290] warn_bogus_irq_restore+0x34/0x50\n[ 2.896770] _raw_spin_unlock_irqrestore+0x94/0xa0\n[ 2.901690] genpd_unlock_spin+0x20/0x30\n[ 2.905724] genpd_add_device+0x100/0x2d0\n[ 2.909850] __genpd_dev_pm_attach+0xa8/0x23c\n[ 2.914329] genpd_dev_pm_attach_by_id+0xc4/0x190\n[ 2.919167] genpd_dev_pm_attach_by_name+0x3c/0xd0\n[ 2.924086] dev_pm_domain_attach_by_name+0x24/0x30\n[ 2.929102] psci_dt_attach_cpu+0x24/0x90\n[ 2.933230] psci_cpuidle_probe+0x2d4/0x46c\n[ 2.937534] platform_probe+0x68/0xe0\n[ 2.941304] really_probe.part.0+0x9c/0x2fc\n[ 2.945605] __driver_probe_device+0x98/0x144\n[ 2.950085] driver_probe_device+0x44/0x15c\n[ 2.954385] __device_attach_driver+0xb8/0x120\n[ 2.958950] bus_for_each_drv+0x78/0xd0\n[ 2.962896] __device_attach+0xd8/0x180\n[ 2.966843] device_initial_probe+0x14/0x20\n[ 2.971144] bus_probe_device+0x9c/0xa4\n[ 2.975092] device_add+0x380/0x88c\n[ 2.978679] platform_device_add+0x114/0x234\n[ 2.983067] platform_device_register_full+0x100/0x190\n[ 2.988344] psci_idle_init+0x6c/0xb0\n[ 2.992113] do_one_initcall+0x74/0x3a0\n[ 2.996060] kernel_init_freeable+0x2fc/0x384\n[ 3.000543] kernel_init+0x28/0x130\n[ 3.004132] ret_from_fork+0x10/0x20\n[ 3.007817] irq event stamp: 319826\n[ 3.011404] hardirqs last enabled at (319825): [\u003cffffd40e7eda0268\u003e] __up_console_sem+0x78/0x84\n[ 3.020332] hardirqs last disabled at (319826): [\u003cffffd40e7fd6d9d8\u003e] el1_dbg+0x24/0x8c\n[ 3.028458] softirqs last enabled at (318312): [\u003cffffd40e7ec90410\u003e] _stext+0x410/0x588\n[ 3.036678] softirqs last disabled at (318299): [\u003cffffd40e7ed1bf68\u003e] __irq_exit_rcu+0x158/0x174\n[ 3.045607] ---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:37.398Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3ec80d52b9b74b9e691997632a543c73eddfeba0"
},
{
"url": "https://git.kernel.org/stable/c/78c4d68b952f5f537788dbd454031ea9bf50f642"
},
{
"url": "https://git.kernel.org/stable/c/be8bc05f38d667eda1e820bc6f69234795be7809"
},
{
"url": "https://git.kernel.org/stable/c/0cccf9d4fb45f1acbc0bbf6d7e4d8d0fb7a10416"
},
{
"url": "https://git.kernel.org/stable/c/ede1ef1a7de973321699736ef96d01a4b9a6fe9e"
},
{
"url": "https://git.kernel.org/stable/c/c29642ba72f87c0a3d7449f7db5d6d76a7ed53c3"
},
{
"url": "https://git.kernel.org/stable/c/2add538e57a2825c61d639260386f385c75e4166"
},
{
"url": "https://git.kernel.org/stable/c/c7c0ec5a1dcc3eaa1e85c804c2ccf46e457788a3"
},
{
"url": "https://git.kernel.org/stable/c/524bb1da785a7ae43dd413cd392b5071c6c367f8"
}
],
"title": "PM: core: keep irq flags in device_pm_check_callbacks()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49175",
"datePublished": "2025-02-26T01:55:30.087Z",
"dateReserved": "2025-02-26T01:49:39.280Z",
"dateUpdated": "2025-05-04T08:31:37.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49566 (GCVE-0-2022-49566)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - fix memory leak in RSA
When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is
used, some components of the private key persist even after the TFM is
released.
Replace the explicit calls to free the buffers in qat_rsa_exit_tfm()
with a call to qat_rsa_clear_ctx() which frees all buffers referenced in
the TFM context.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:37:03.443358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:38.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/qat/qat_common/qat_asym_algs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a843925e0287eebb4aa808666bf22c664dfe4c53",
"status": "affected",
"version": "879f77e9071f029e1c9bd5a75814ecf51370f846",
"versionType": "git"
},
{
"lessThan": "0f967fdc09955221a1951a279481b0bf4d359941",
"status": "affected",
"version": "879f77e9071f029e1c9bd5a75814ecf51370f846",
"versionType": "git"
},
{
"lessThan": "80a52e1ee7757b742f96bfb0d58f0c14eb6583d0",
"status": "affected",
"version": "879f77e9071f029e1c9bd5a75814ecf51370f846",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/qat/qat_common/qat_asym_algs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - fix memory leak in RSA\n\nWhen an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is\nused, some components of the private key persist even after the TFM is\nreleased.\nReplace the explicit calls to free the buffers in qat_rsa_exit_tfm()\nwith a call to qat_rsa_clear_ctx() which frees all buffers referenced in\nthe TFM context."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:46.792Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a843925e0287eebb4aa808666bf22c664dfe4c53"
},
{
"url": "https://git.kernel.org/stable/c/0f967fdc09955221a1951a279481b0bf4d359941"
},
{
"url": "https://git.kernel.org/stable/c/80a52e1ee7757b742f96bfb0d58f0c14eb6583d0"
}
],
"title": "crypto: qat - fix memory leak in RSA",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49566",
"datePublished": "2025-02-26T02:23:11.749Z",
"dateReserved": "2025-02-26T02:21:30.410Z",
"dateUpdated": "2025-10-01T19:46:38.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49252 (GCVE-0-2022-49252)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type
Accessing enums using integer would result in array out of bounds access
on platforms like aarch64 where sizeof(long) is 8 compared to enum size
which is 4 bytes.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/lpass-rx-macro.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eb15c6ea692fd88d70698d874d9a0d667fb4cde9",
"status": "affected",
"version": "4f692926f562ff48abfcca6b16f36ff8d57473b6",
"versionType": "git"
},
{
"lessThan": "7e3629e256d1cabf801d00050550ade4d036cafe",
"status": "affected",
"version": "4f692926f562ff48abfcca6b16f36ff8d57473b6",
"versionType": "git"
},
{
"lessThan": "aed43e92e4b9187029903880d5db608f7fa1c53c",
"status": "affected",
"version": "4f692926f562ff48abfcca6b16f36ff8d57473b6",
"versionType": "git"
},
{
"lessThan": "bcfe5f76cc4051ea3f9eb5d2c8ea621641f290a5",
"status": "affected",
"version": "4f692926f562ff48abfcca6b16f36ff8d57473b6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/lpass-rx-macro.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: rx-macro: fix accessing array out of bounds for enum type\n\nAccessing enums using integer would result in array out of bounds access\non platforms like aarch64 where sizeof(long) is 8 compared to enum size\nwhich is 4 bytes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:24.889Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eb15c6ea692fd88d70698d874d9a0d667fb4cde9"
},
{
"url": "https://git.kernel.org/stable/c/7e3629e256d1cabf801d00050550ade4d036cafe"
},
{
"url": "https://git.kernel.org/stable/c/aed43e92e4b9187029903880d5db608f7fa1c53c"
},
{
"url": "https://git.kernel.org/stable/c/bcfe5f76cc4051ea3f9eb5d2c8ea621641f290a5"
}
],
"title": "ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49252",
"datePublished": "2025-02-26T01:56:08.663Z",
"dateReserved": "2025-02-26T01:49:39.295Z",
"dateUpdated": "2025-05-04T08:33:24.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49555 (GCVE-0-2022-49555)
Vulnerability from cvelistv5
Published
2025-02-26 02:14
Modified
2025-05-04 08:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_qca: Use del_timer_sync() before freeing
While looking at a crash report on a timer list being corrupted, which
usually happens when a timer is freed while still active. This is
commonly triggered by code calling del_timer() instead of
del_timer_sync() just before freeing.
One possible culprit is the hci_qca driver, which does exactly that.
Eric mentioned that wake_retrans_timer could be rearmed via the work
queue, so also move the destruction of the work queue before
del_timer_sync().
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/hci_qca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4989bb03342941f2b730b37dfa38bce27b543661",
"status": "affected",
"version": "0ff252c1976da5d80db1377eb39b551931e61826",
"versionType": "git"
},
{
"lessThan": "db03727b4bbbbb36e6ef4cb655c670eefb6448e9",
"status": "affected",
"version": "0ff252c1976da5d80db1377eb39b551931e61826",
"versionType": "git"
},
{
"lessThan": "37d17f63d085d601011964ade7371aeebeb6ed4b",
"status": "affected",
"version": "0ff252c1976da5d80db1377eb39b551931e61826",
"versionType": "git"
},
{
"lessThan": "2717654ae022e6ea959a4b7b762702fe1a4690c2",
"status": "affected",
"version": "0ff252c1976da5d80db1377eb39b551931e61826",
"versionType": "git"
},
{
"lessThan": "72ef98445aca568a81c2da050532500a8345ad3a",
"status": "affected",
"version": "0ff252c1976da5d80db1377eb39b551931e61826",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/hci_qca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.120",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.45",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.13",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.2",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_qca: Use del_timer_sync() before freeing\n\nWhile looking at a crash report on a timer list being corrupted, which\nusually happens when a timer is freed while still active. This is\ncommonly triggered by code calling del_timer() instead of\ndel_timer_sync() just before freeing.\n\nOne possible culprit is the hci_qca driver, which does exactly that.\n\nEric mentioned that wake_retrans_timer could be rearmed via the work\nqueue, so also move the destruction of the work queue before\ndel_timer_sync()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:27.341Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4989bb03342941f2b730b37dfa38bce27b543661"
},
{
"url": "https://git.kernel.org/stable/c/db03727b4bbbbb36e6ef4cb655c670eefb6448e9"
},
{
"url": "https://git.kernel.org/stable/c/37d17f63d085d601011964ade7371aeebeb6ed4b"
},
{
"url": "https://git.kernel.org/stable/c/2717654ae022e6ea959a4b7b762702fe1a4690c2"
},
{
"url": "https://git.kernel.org/stable/c/72ef98445aca568a81c2da050532500a8345ad3a"
}
],
"title": "Bluetooth: hci_qca: Use del_timer_sync() before freeing",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49555",
"datePublished": "2025-02-26T02:14:03.150Z",
"dateReserved": "2025-02-26T02:08:31.590Z",
"dateUpdated": "2025-05-04T08:40:27.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49323 (GCVE-0-2022-49323)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe()
It will cause null-ptr-deref when using 'res', if platform_get_resource()
returns NULL, so move using 'res' after devm_ioremap_resource() that
will check it to avoid null-ptr-deref.
And use devm_platform_get_and_ioremap_resource() to simplify code.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:43:37.777213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:56.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/arm/arm-smmu/arm-smmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3660db29b0305f9a1d95979c7af0f5db6ea99f5d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "98dd53a92825747395649f54d23512a13c3ed471",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "80776a71340f57d6a4952635fc89f0342072f3ca",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "449fc4561762ad9ad85362d5f01f0d0df397457a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d9ed8af1dee37f181096631fb03729ece98ba816",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/arm/arm-smmu/arm-smmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe()\n\nIt will cause null-ptr-deref when using \u0027res\u0027, if platform_get_resource()\nreturns NULL, so move using \u0027res\u0027 after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.\nAnd use devm_platform_get_and_ioremap_resource() to simplify code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:11.847Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3660db29b0305f9a1d95979c7af0f5db6ea99f5d"
},
{
"url": "https://git.kernel.org/stable/c/98dd53a92825747395649f54d23512a13c3ed471"
},
{
"url": "https://git.kernel.org/stable/c/80776a71340f57d6a4952635fc89f0342072f3ca"
},
{
"url": "https://git.kernel.org/stable/c/449fc4561762ad9ad85362d5f01f0d0df397457a"
},
{
"url": "https://git.kernel.org/stable/c/d9ed8af1dee37f181096631fb03729ece98ba816"
}
],
"title": "iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49323",
"datePublished": "2025-02-26T02:10:47.142Z",
"dateReserved": "2025-02-26T02:08:31.537Z",
"dateUpdated": "2025-10-01T19:46:56.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49677 (GCVE-0-2022-49677)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: cns3xxx: Fix refcount leak in cns3xxx_init
of_find_compatible_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 415f59142d9d9dd023deaeb3b4dfc1aecdd3983c Version: 415f59142d9d9dd023deaeb3b4dfc1aecdd3983c Version: 415f59142d9d9dd023deaeb3b4dfc1aecdd3983c Version: 415f59142d9d9dd023deaeb3b4dfc1aecdd3983c Version: 415f59142d9d9dd023deaeb3b4dfc1aecdd3983c Version: 415f59142d9d9dd023deaeb3b4dfc1aecdd3983c Version: 415f59142d9d9dd023deaeb3b4dfc1aecdd3983c Version: 415f59142d9d9dd023deaeb3b4dfc1aecdd3983c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:12.364142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:47.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-cns3xxx/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b8b84e01ca94e2e1f5492353e9c24dab520b2e5b",
"status": "affected",
"version": "415f59142d9d9dd023deaeb3b4dfc1aecdd3983c",
"versionType": "git"
},
{
"lessThan": "45bebbc8cea7d586a6216dc62814bdb380b9b29b",
"status": "affected",
"version": "415f59142d9d9dd023deaeb3b4dfc1aecdd3983c",
"versionType": "git"
},
{
"lessThan": "68d4303bf59662b64bd555e2aa0518282d20aa4f",
"status": "affected",
"version": "415f59142d9d9dd023deaeb3b4dfc1aecdd3983c",
"versionType": "git"
},
{
"lessThan": "d1359e4129ad43e43972a28838b87291c51de23d",
"status": "affected",
"version": "415f59142d9d9dd023deaeb3b4dfc1aecdd3983c",
"versionType": "git"
},
{
"lessThan": "c980392af1473d6d5662f70d8089c8e6d85144a4",
"status": "affected",
"version": "415f59142d9d9dd023deaeb3b4dfc1aecdd3983c",
"versionType": "git"
},
{
"lessThan": "da3ee7cd2f15922ad88a7ca6deee2eafdc7cd214",
"status": "affected",
"version": "415f59142d9d9dd023deaeb3b4dfc1aecdd3983c",
"versionType": "git"
},
{
"lessThan": "dc5170aae24e04068fd5ea125d06c0ab51f48a27",
"status": "affected",
"version": "415f59142d9d9dd023deaeb3b4dfc1aecdd3983c",
"versionType": "git"
},
{
"lessThan": "1ba904b6b16e08de5aed7c1349838d9cd0d178c5",
"status": "affected",
"version": "415f59142d9d9dd023deaeb3b4dfc1aecdd3983c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-cns3xxx/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.250",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.321",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.286",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.250",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.202",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: cns3xxx: Fix refcount leak in cns3xxx_init\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:07.547Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b8b84e01ca94e2e1f5492353e9c24dab520b2e5b"
},
{
"url": "https://git.kernel.org/stable/c/45bebbc8cea7d586a6216dc62814bdb380b9b29b"
},
{
"url": "https://git.kernel.org/stable/c/68d4303bf59662b64bd555e2aa0518282d20aa4f"
},
{
"url": "https://git.kernel.org/stable/c/d1359e4129ad43e43972a28838b87291c51de23d"
},
{
"url": "https://git.kernel.org/stable/c/c980392af1473d6d5662f70d8089c8e6d85144a4"
},
{
"url": "https://git.kernel.org/stable/c/da3ee7cd2f15922ad88a7ca6deee2eafdc7cd214"
},
{
"url": "https://git.kernel.org/stable/c/dc5170aae24e04068fd5ea125d06c0ab51f48a27"
},
{
"url": "https://git.kernel.org/stable/c/1ba904b6b16e08de5aed7c1349838d9cd0d178c5"
}
],
"title": "ARM: cns3xxx: Fix refcount leak in cns3xxx_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49677",
"datePublished": "2025-02-26T02:24:08.366Z",
"dateReserved": "2025-02-26T02:21:30.438Z",
"dateUpdated": "2025-10-01T19:36:47.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42098 (GCVE-0-2024-42098)
Vulnerability from cvelistv5
Published
2024-07-29 17:39
Modified
2025-11-03 22:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: ecdh - explicitly zeroize private_key
private_key is overwritten with the key parameter passed in by the
caller (if present), or alternatively a newly generated private key.
However, it is possible that the caller provides a key (or the newly
generated key) which is shorter than the previous key. In that
scenario, some key material from the previous key would not be
overwritten. The easiest solution is to explicitly zeroize the entire
private_key array first.
Note that this patch slightly changes the behavior of this function:
previously, if the ecc_gen_privkey failed, the old private_key would
remain. Now, the private_key is always zeroized. This behavior is
consistent with the case where params.key is set and ecc_is_key_valid
fails.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:01:33.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:18:15.393547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:59.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"crypto/ecdh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "39173b04abda87872b43c331468a4a14f8f05ce8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd7ef325911eba1b7191b83cb580463242f2090d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "80575b252ab0358b7e93895b2a510beb3cb3f975",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d96187eb8e59b572a8e6a68b6a9837a867ea29df",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "73e5984e540a76a2ee1868b91590c922da8c24c9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"crypto/ecdh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdh - explicitly zeroize private_key\n\nprivate_key is overwritten with the key parameter passed in by the\ncaller (if present), or alternatively a newly generated private key.\nHowever, it is possible that the caller provides a key (or the newly\ngenerated key) which is shorter than the previous key. In that\nscenario, some key material from the previous key would not be\noverwritten. The easiest solution is to explicitly zeroize the entire\nprivate_key array first.\n\nNote that this patch slightly changes the behavior of this function:\npreviously, if the ecc_gen_privkey failed, the old private_key would\nremain. Now, the private_key is always zeroized. This behavior is\nconsistent with the case where params.key is set and ecc_is_key_valid\nfails."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:57.691Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8"
},
{
"url": "https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d"
},
{
"url": "https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975"
},
{
"url": "https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df"
},
{
"url": "https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9"
}
],
"title": "crypto: ecdh - explicitly zeroize private_key",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42098",
"datePublished": "2024-07-29T17:39:33.395Z",
"dateReserved": "2024-07-29T15:50:41.173Z",
"dateUpdated": "2025-11-03T22:01:33.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49653 (GCVE-0-2022-49653)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: piix4: Fix a memory leak in the EFCH MMIO support
The recently added support for EFCH MMIO regions introduced a memory
leak in that code path. The leak is caused by the fact that
release_resource() merely removes the resource from the tree but does
not free its memory. We need to call release_mem_region() instead,
which does free the memory. As a nice side effect, this brings back
some symmetry between the legacy and MMIO paths.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:38.203252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:48.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-piix4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d2bf1a6480e8d44658a8ac3bdcec081238873212",
"status": "affected",
"version": "4b965566ca26e83553d92b8c57050e5d59911806",
"versionType": "git"
},
{
"lessThan": "a3263e4cf8265f0c9eb0ed8a9b50f132c7a42e19",
"status": "affected",
"version": "7c148722d074c29fb998578eea5de3c14b9608c9",
"versionType": "git"
},
{
"lessThan": "8ad59b397f86a4d8014966fdc0552095a0c4fb2b",
"status": "affected",
"version": "7c148722d074c29fb998578eea5de3c14b9608c9",
"versionType": "git"
},
{
"status": "affected",
"version": "f48190bca4b1a397f2e050efea2c8e8e72049ec8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-piix4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "5.15.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.11",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: piix4: Fix a memory leak in the EFCH MMIO support\n\nThe recently added support for EFCH MMIO regions introduced a memory\nleak in that code path. The leak is caused by the fact that\nrelease_resource() merely removes the resource from the tree but does\nnot free its memory. We need to call release_mem_region() instead,\nwhich does free the memory. As a nice side effect, this brings back\nsome symmetry between the legacy and MMIO paths."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:45:03.594Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d2bf1a6480e8d44658a8ac3bdcec081238873212"
},
{
"url": "https://git.kernel.org/stable/c/a3263e4cf8265f0c9eb0ed8a9b50f132c7a42e19"
},
{
"url": "https://git.kernel.org/stable/c/8ad59b397f86a4d8014966fdc0552095a0c4fb2b"
}
],
"title": "i2c: piix4: Fix a memory leak in the EFCH MMIO support",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49653",
"datePublished": "2025-02-26T02:23:54.484Z",
"dateReserved": "2025-02-26T02:21:30.433Z",
"dateUpdated": "2025-10-01T19:36:48.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49090 (GCVE-0-2022-49090)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
arch/arm64: Fix topology initialization for core scheduling
Arm64 systems rely on store_cpu_topology() to call update_siblings_masks()
to transfer the toplogy to the various cpu masks. This needs to be done
before the call to notify_cpu_starting() which tells the scheduler about
each cpu found, otherwise the core scheduling data structures are setup
in a way that does not match the actual topology.
With smt_mask not setup correctly we bail on `cpumask_weight(smt_mask) == 1`
for !leaders in:
notify_cpu_starting()
cpuhp_invoke_callback_range()
sched_cpu_starting()
sched_core_cpu_starting()
which leads to rq->core not being correctly set for !leader-rq's.
Without this change stress-ng (which enables core scheduling in its prctl
tests in newer versions -- i.e. with PR_SCHED_CORE support) causes a warning
and then a crash (trimmed for legibility):
[ 1853.805168] ------------[ cut here ]------------
[ 1853.809784] task_rq(b)->core != rq->core
[ 1853.809792] WARNING: CPU: 117 PID: 0 at kernel/sched/fair.c:11102 cfs_prio_less+0x1b4/0x1c4
...
[ 1854.015210] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
...
[ 1854.231256] Call trace:
[ 1854.233689] pick_next_task+0x3dc/0x81c
[ 1854.237512] __schedule+0x10c/0x4cc
[ 1854.240988] schedule_idle+0x34/0x54
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/kernel/smp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "87f5d66daa5f457449bb95d6b8d18bb7596aa627",
"status": "affected",
"version": "9edeaea1bc452372718837ed2ba775811baf1ba1",
"versionType": "git"
},
{
"lessThan": "790c1567582bda8f1153015436e3330a7c6eb278",
"status": "affected",
"version": "9edeaea1bc452372718837ed2ba775811baf1ba1",
"versionType": "git"
},
{
"lessThan": "c78a1b2d0bff678570c8dc9f14035606f5e5257d",
"status": "affected",
"version": "9edeaea1bc452372718837ed2ba775811baf1ba1",
"versionType": "git"
},
{
"lessThan": "5524cbb1bfcdff0cad0aaa9f94e6092002a07259",
"status": "affected",
"version": "9edeaea1bc452372718837ed2ba775811baf1ba1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/kernel/smp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narch/arm64: Fix topology initialization for core scheduling\n\nArm64 systems rely on store_cpu_topology() to call update_siblings_masks()\nto transfer the toplogy to the various cpu masks. This needs to be done\nbefore the call to notify_cpu_starting() which tells the scheduler about\neach cpu found, otherwise the core scheduling data structures are setup\nin a way that does not match the actual topology.\n\nWith smt_mask not setup correctly we bail on `cpumask_weight(smt_mask) == 1`\nfor !leaders in:\n\n notify_cpu_starting()\n cpuhp_invoke_callback_range()\n sched_cpu_starting()\n sched_core_cpu_starting()\n\nwhich leads to rq-\u003ecore not being correctly set for !leader-rq\u0027s.\n\nWithout this change stress-ng (which enables core scheduling in its prctl\ntests in newer versions -- i.e. with PR_SCHED_CORE support) causes a warning\nand then a crash (trimmed for legibility):\n\n[ 1853.805168] ------------[ cut here ]------------\n[ 1853.809784] task_rq(b)-\u003ecore != rq-\u003ecore\n[ 1853.809792] WARNING: CPU: 117 PID: 0 at kernel/sched/fair.c:11102 cfs_prio_less+0x1b4/0x1c4\n...\n[ 1854.015210] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n...\n[ 1854.231256] Call trace:\n[ 1854.233689] pick_next_task+0x3dc/0x81c\n[ 1854.237512] __schedule+0x10c/0x4cc\n[ 1854.240988] schedule_idle+0x34/0x54"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:30.905Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/87f5d66daa5f457449bb95d6b8d18bb7596aa627"
},
{
"url": "https://git.kernel.org/stable/c/790c1567582bda8f1153015436e3330a7c6eb278"
},
{
"url": "https://git.kernel.org/stable/c/c78a1b2d0bff678570c8dc9f14035606f5e5257d"
},
{
"url": "https://git.kernel.org/stable/c/5524cbb1bfcdff0cad0aaa9f94e6092002a07259"
}
],
"title": "arch/arm64: Fix topology initialization for core scheduling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49090",
"datePublished": "2025-02-26T01:54:46.227Z",
"dateReserved": "2025-02-26T01:49:39.249Z",
"dateUpdated": "2025-05-04T08:29:30.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49351 (GCVE-0-2022-49351)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: altera: Fix refcount leak in altera_tse_mdio_create
Every iteration of for_each_child_of_node() decrements
the reference count of the previous node.
When break from a for_each_child_of_node() loop,
we need to explicitly call of_node_put() on the child node when
not need anymore.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bbd2190ce96d8fce031f0526c1f970b68adc9d1a Version: bbd2190ce96d8fce031f0526c1f970b68adc9d1a Version: bbd2190ce96d8fce031f0526c1f970b68adc9d1a Version: bbd2190ce96d8fce031f0526c1f970b68adc9d1a Version: bbd2190ce96d8fce031f0526c1f970b68adc9d1a Version: bbd2190ce96d8fce031f0526c1f970b68adc9d1a Version: bbd2190ce96d8fce031f0526c1f970b68adc9d1a Version: bbd2190ce96d8fce031f0526c1f970b68adc9d1a Version: bbd2190ce96d8fce031f0526c1f970b68adc9d1a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:52.544103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:54.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/altera/altera_tse_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a013fa884d8738ad8455aa1a843b8c9d80c6c833",
"status": "affected",
"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a",
"versionType": "git"
},
{
"lessThan": "1fd12298a0e0ca23478c715e672ee64c85670584",
"status": "affected",
"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a",
"versionType": "git"
},
{
"lessThan": "5cd0e22fa11f4a21a8c09cc258f20b1474c95801",
"status": "affected",
"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a",
"versionType": "git"
},
{
"lessThan": "8174acbef87b8dd8bf3731eba2a5af1ac857e239",
"status": "affected",
"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a",
"versionType": "git"
},
{
"lessThan": "96bf5ed057df2d157274d4e2079002f9a9404bb8",
"status": "affected",
"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a",
"versionType": "git"
},
{
"lessThan": "e31d9ba169860687dba19bdc8fccbfd34077f655",
"status": "affected",
"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a",
"versionType": "git"
},
{
"lessThan": "803b217f1fb49a2dbb2123acdb45111b9c48b8be",
"status": "affected",
"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a",
"versionType": "git"
},
{
"lessThan": "4f850fe0a32c3f1e19b76996a3b1ca32637a14de",
"status": "affected",
"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a",
"versionType": "git"
},
{
"lessThan": "11ec18b1d8d92b9df307d31950dcba0b3dd7283c",
"status": "affected",
"version": "bbd2190ce96d8fce031f0526c1f970b68adc9d1a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/altera/altera_tse_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.15"
},
{
"lessThan": "3.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: altera: Fix refcount leak in altera_tse_mdio_create\n\nEvery iteration of for_each_child_of_node() decrements\nthe reference count of the previous node.\nWhen break from a for_each_child_of_node() loop,\nwe need to explicitly call of_node_put() on the child node when\nnot need anymore.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:52.462Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a013fa884d8738ad8455aa1a843b8c9d80c6c833"
},
{
"url": "https://git.kernel.org/stable/c/1fd12298a0e0ca23478c715e672ee64c85670584"
},
{
"url": "https://git.kernel.org/stable/c/5cd0e22fa11f4a21a8c09cc258f20b1474c95801"
},
{
"url": "https://git.kernel.org/stable/c/8174acbef87b8dd8bf3731eba2a5af1ac857e239"
},
{
"url": "https://git.kernel.org/stable/c/96bf5ed057df2d157274d4e2079002f9a9404bb8"
},
{
"url": "https://git.kernel.org/stable/c/e31d9ba169860687dba19bdc8fccbfd34077f655"
},
{
"url": "https://git.kernel.org/stable/c/803b217f1fb49a2dbb2123acdb45111b9c48b8be"
},
{
"url": "https://git.kernel.org/stable/c/4f850fe0a32c3f1e19b76996a3b1ca32637a14de"
},
{
"url": "https://git.kernel.org/stable/c/11ec18b1d8d92b9df307d31950dcba0b3dd7283c"
}
],
"title": "net: altera: Fix refcount leak in altera_tse_mdio_create",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49351",
"datePublished": "2025-02-26T02:11:04.014Z",
"dateReserved": "2025-02-26T02:08:31.544Z",
"dateUpdated": "2025-10-01T19:46:54.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49272 (GCVE-0-2022-49272)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
syzbot caught a potential deadlock between the PCM
runtime->buffer_mutex and the mm->mmap_lock. It was brought by the
recent fix to cover the racy read/write and other ioctls, and in that
commit, I overlooked a (hopefully only) corner case that may take the
revert lock, namely, the OSS mmap. The OSS mmap operation
exceptionally allows to re-configure the parameters inside the OSS
mmap syscall, where mm->mmap_mutex is already held. Meanwhile, the
copy_from/to_user calls at read/write operations also take the
mm->mmap_lock internally, hence it may lead to a AB/BA deadlock.
A similar problem was already seen in the past and we fixed it with a
refcount (in commit b248371628aa). The former fix covered only the
call paths with OSS read/write and OSS ioctls, while we need to cover
the concurrent access via both ALSA and OSS APIs now.
This patch addresses the problem above by replacing the buffer_mutex
lock in the read/write operations with a refcount similar as we've
used for OSS. The new field, runtime->buffer_accessing, keeps the
number of concurrent read/write operations. Unlike the former
buffer_mutex protection, this protects only around the
copy_from/to_user() calls; the other codes are basically protected by
the PCM stream lock. The refcount can be a negative, meaning blocked
by the ioctls. If a negative value is seen, the read/write aborts
with -EBUSY. In the ioctl side, OTOH, they check this refcount, too,
and set to a negative value for blocking unless it's already being
accessed.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 73867cb2bc7dfa7fbd219e53a0b68d253d8fda09 Version: b3830197aa7413c65767cf5a1aa8775c83f0dbf7 Version: 08d1807f097a63ea00a7067dad89c1c81cb2115e Version: 8527c8f052fb42091c6569cb928e472376a4a889 Version: 47711ff10c7e126702cfa725f6d86ef529d15a5f Version: 4d1b0ace2d56dc27cc4921eda7fae57f77f03eb5 Version: dd2f8c684da3e226e5ec7a81c89ff5fd4a957a03 Version: dca947d4d26dbf925a64a6cfb2ddbc035e831a3d |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/sound/pcm.h",
"sound/core/pcm.c",
"sound/core/pcm_lib.c",
"sound/core/pcm_native.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7e9133607e1501c94881be35e118d8f84d96dcb4",
"status": "affected",
"version": "73867cb2bc7dfa7fbd219e53a0b68d253d8fda09",
"versionType": "git"
},
{
"lessThan": "40f4cffbe13a51faf136faf5f9ef6847782cd595",
"status": "affected",
"version": "b3830197aa7413c65767cf5a1aa8775c83f0dbf7",
"versionType": "git"
},
{
"lessThan": "9661bf674d6a82b76e4ae424438a8ce1e3ed855d",
"status": "affected",
"version": "08d1807f097a63ea00a7067dad89c1c81cb2115e",
"versionType": "git"
},
{
"lessThan": "9017201e8d8c6d1472273361389ed431188584a0",
"status": "affected",
"version": "8527c8f052fb42091c6569cb928e472376a4a889",
"versionType": "git"
},
{
"lessThan": "7777744e92a0b30e3e0cce2758d911837011ebd9",
"status": "affected",
"version": "47711ff10c7e126702cfa725f6d86ef529d15a5f",
"versionType": "git"
},
{
"lessThan": "abedf0d08c79d76da0d6fa0d5dbbc98871dcbc2e",
"status": "affected",
"version": "4d1b0ace2d56dc27cc4921eda7fae57f77f03eb5",
"versionType": "git"
},
{
"lessThan": "be9813ad2fc8f0885f5ce6925af0d993ce5da4e5",
"status": "affected",
"version": "dd2f8c684da3e226e5ec7a81c89ff5fd4a957a03",
"versionType": "git"
},
{
"lessThan": "bc55cfd5718c7c23e5524582e9fa70b4d10f2433",
"status": "affected",
"version": "dca947d4d26dbf925a64a6cfb2ddbc035e831a3d",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/sound/pcm.h",
"sound/core/pcm.c",
"sound/core/pcm_lib.c",
"sound/core/pcm_native.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.10.110",
"status": "affected",
"version": "5.10.109",
"versionType": "semver"
},
{
"lessThan": "5.15.33",
"status": "affected",
"version": "5.15.32",
"versionType": "semver"
},
{
"lessThan": "5.16.19",
"status": "affected",
"version": "5.16.18",
"versionType": "semver"
},
{
"lessThan": "5.17.2",
"status": "affected",
"version": "5.17.1",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.10.109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.15.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.16.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.17.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock\n\nsyzbot caught a potential deadlock between the PCM\nruntime-\u003ebuffer_mutex and the mm-\u003emmap_lock. It was brought by the\nrecent fix to cover the racy read/write and other ioctls, and in that\ncommit, I overlooked a (hopefully only) corner case that may take the\nrevert lock, namely, the OSS mmap. The OSS mmap operation\nexceptionally allows to re-configure the parameters inside the OSS\nmmap syscall, where mm-\u003emmap_mutex is already held. Meanwhile, the\ncopy_from/to_user calls at read/write operations also take the\nmm-\u003emmap_lock internally, hence it may lead to a AB/BA deadlock.\n\nA similar problem was already seen in the past and we fixed it with a\nrefcount (in commit b248371628aa). The former fix covered only the\ncall paths with OSS read/write and OSS ioctls, while we need to cover\nthe concurrent access via both ALSA and OSS APIs now.\n\nThis patch addresses the problem above by replacing the buffer_mutex\nlock in the read/write operations with a refcount similar as we\u0027ve\nused for OSS. The new field, runtime-\u003ebuffer_accessing, keeps the\nnumber of concurrent read/write operations. Unlike the former\nbuffer_mutex protection, this protects only around the\ncopy_from/to_user() calls; the other codes are basically protected by\nthe PCM stream lock. The refcount can be a negative, meaning blocked\nby the ioctls. If a negative value is seen, the read/write aborts\nwith -EBUSY. In the ioctl side, OTOH, they check this refcount, too,\nand set to a negative value for blocking unless it\u0027s already being\naccessed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:54.705Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7e9133607e1501c94881be35e118d8f84d96dcb4"
},
{
"url": "https://git.kernel.org/stable/c/40f4cffbe13a51faf136faf5f9ef6847782cd595"
},
{
"url": "https://git.kernel.org/stable/c/9661bf674d6a82b76e4ae424438a8ce1e3ed855d"
},
{
"url": "https://git.kernel.org/stable/c/9017201e8d8c6d1472273361389ed431188584a0"
},
{
"url": "https://git.kernel.org/stable/c/7777744e92a0b30e3e0cce2758d911837011ebd9"
},
{
"url": "https://git.kernel.org/stable/c/abedf0d08c79d76da0d6fa0d5dbbc98871dcbc2e"
},
{
"url": "https://git.kernel.org/stable/c/be9813ad2fc8f0885f5ce6925af0d993ce5da4e5"
},
{
"url": "https://git.kernel.org/stable/c/bc55cfd5718c7c23e5524582e9fa70b4d10f2433"
}
],
"title": "ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49272",
"datePublished": "2025-02-26T01:56:18.626Z",
"dateReserved": "2025-02-26T01:49:39.297Z",
"dateUpdated": "2025-05-04T08:33:54.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49188 (GCVE-0-2022-49188)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region
The device_node pointer is returned by of_parse_phandle() or
of_get_child_by_name() with refcount incremented.
We should use of_node_put() on it when done.
This function only call of_node_put(node) when of_address_to_resource
succeeds, missing error cases.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/remoteproc/qcom_q6v5_mss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f7210ca29a783c94478da02368731e4c9cf7cdb7",
"status": "affected",
"version": "051fb70fd4ea40fbc7139186a4890b2fe5cb1e76",
"versionType": "git"
},
{
"lessThan": "bd4771ba2cf9e18473a42b5b70175e50d67a64bb",
"status": "affected",
"version": "051fb70fd4ea40fbc7139186a4890b2fe5cb1e76",
"versionType": "git"
},
{
"lessThan": "a7d988735e757e111f9722de7cf1b40a84a48b1f",
"status": "affected",
"version": "051fb70fd4ea40fbc7139186a4890b2fe5cb1e76",
"versionType": "git"
},
{
"lessThan": "b9df3007b3cda4936cc50f5a7d2d30505a652828",
"status": "affected",
"version": "051fb70fd4ea40fbc7139186a4890b2fe5cb1e76",
"versionType": "git"
},
{
"lessThan": "07a5dcc4bed9d7cae54adf5aa10ff9f037a3204b",
"status": "affected",
"version": "051fb70fd4ea40fbc7139186a4890b2fe5cb1e76",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/remoteproc/qcom_q6v5_mss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region\n\nThe device_node pointer is returned by of_parse_phandle() or\nof_get_child_by_name() with refcount incremented.\nWe should use of_node_put() on it when done.\n\nThis function only call of_node_put(node) when of_address_to_resource\nsucceeds, missing error cases."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:52.927Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f7210ca29a783c94478da02368731e4c9cf7cdb7"
},
{
"url": "https://git.kernel.org/stable/c/bd4771ba2cf9e18473a42b5b70175e50d67a64bb"
},
{
"url": "https://git.kernel.org/stable/c/a7d988735e757e111f9722de7cf1b40a84a48b1f"
},
{
"url": "https://git.kernel.org/stable/c/b9df3007b3cda4936cc50f5a7d2d30505a652828"
},
{
"url": "https://git.kernel.org/stable/c/07a5dcc4bed9d7cae54adf5aa10ff9f037a3204b"
}
],
"title": "remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49188",
"datePublished": "2025-02-26T01:55:36.582Z",
"dateReserved": "2025-02-26T01:49:39.286Z",
"dateUpdated": "2025-05-04T08:31:52.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49137 (GCVE-0-2022-49137)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
This issue takes place in an error path in
amdgpu_cs_fence_to_handle_ioctl(). When `info->in.what` falls into
default case, the function simply returns -EINVAL, forgetting to
decrement the reference count of a dma_fence obj, which is bumped
earlier by amdgpu_cs_get_fence(). This may result in reference count
leaks.
Fix it by decreasing the refcount of specific object before returning
the error code.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:48:05.650366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:02.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "72d77ddb2224ebc00648f4f78f8a9a259dccbdf7",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "4009f104b02b223d1a11d74b36b1cc083bc37028",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "927beb05aaa429c883cc0ec6adc48964b187e291",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "3edd8646cb7c11b57c90e026bda6f21076223f5b",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "b6d1f7d97c81ebaf2cda9c4c943ee2e484fffdcf",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "bc2d5c0775c839e2b072884f4ee6a93ba410f107",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "dfced44f122c500004a48ecc8db516bb6a295a1b",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj\n\nThis issue takes place in an error path in\namdgpu_cs_fence_to_handle_ioctl(). When `info-\u003ein.what` falls into\ndefault case, the function simply returns -EINVAL, forgetting to\ndecrement the reference count of a dma_fence obj, which is bumped\nearlier by amdgpu_cs_get_fence(). This may result in reference count\nleaks.\n\nFix it by decreasing the refcount of specific object before returning\nthe error code."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:01:57.792Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/72d77ddb2224ebc00648f4f78f8a9a259dccbdf7"
},
{
"url": "https://git.kernel.org/stable/c/4009f104b02b223d1a11d74b36b1cc083bc37028"
},
{
"url": "https://git.kernel.org/stable/c/927beb05aaa429c883cc0ec6adc48964b187e291"
},
{
"url": "https://git.kernel.org/stable/c/3edd8646cb7c11b57c90e026bda6f21076223f5b"
},
{
"url": "https://git.kernel.org/stable/c/b6d1f7d97c81ebaf2cda9c4c943ee2e484fffdcf"
},
{
"url": "https://git.kernel.org/stable/c/bc2d5c0775c839e2b072884f4ee6a93ba410f107"
},
{
"url": "https://git.kernel.org/stable/c/dfced44f122c500004a48ecc8db516bb6a295a1b"
}
],
"title": "drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49137",
"datePublished": "2025-02-26T01:55:10.030Z",
"dateReserved": "2025-02-26T01:49:39.268Z",
"dateUpdated": "2025-10-01T19:57:02.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49135 (GCVE-0-2022-49135)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix memory leak
[why]
Resource release is needed on the error handling path
to prevent memory leak.
[how]
Fix this by adding kfree on the error handling path.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:48:09.216128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:02.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7e10369c72db7a0e2f77b2e306aadc07aef6b07a",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "3ce1497add6d17b48cc9df65095bd20202d93994",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "9d0bef3cc22cf250278ed45b829f062a00af9e27",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "5d5c6dba2b43e28845d7d7ed32a36802329a5f52",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix memory leak\n\n[why]\nResource release is needed on the error handling path\nto prevent memory leak.\n\n[how]\nFix this by adding kfree on the error handling path."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:19:07.774Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7e10369c72db7a0e2f77b2e306aadc07aef6b07a"
},
{
"url": "https://git.kernel.org/stable/c/3ce1497add6d17b48cc9df65095bd20202d93994"
},
{
"url": "https://git.kernel.org/stable/c/9d0bef3cc22cf250278ed45b829f062a00af9e27"
},
{
"url": "https://git.kernel.org/stable/c/5d5c6dba2b43e28845d7d7ed32a36802329a5f52"
}
],
"title": "drm/amd/display: Fix memory leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49135",
"datePublished": "2025-02-26T01:55:08.814Z",
"dateReserved": "2025-02-26T01:49:39.268Z",
"dateUpdated": "2025-10-01T19:57:02.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47633 (GCVE-0-2021-47633)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-21 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
The bug was found during fuzzing. Stacktrace locates it in
ath5k_eeprom_convert_pcal_info_5111.
When none of the curve is selected in the loop, idx can go
up to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound.
pd = &chinfo[pier].pd_curves[idx];
There are many OOB writes using pd later in the code. So I
added a sanity check for idx. Checks for other loops involving
AR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not
used outside the loops.
The patch is NOT tested with real device.
The following is the fuzzing report
BUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]
Write of size 1 at addr ffff8880174a4d60 by task modprobe/214
CPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1
Call Trace:
dump_stack+0x76/0xa0
print_address_description.constprop.0+0x16/0x200
? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]
? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]
__kasan_report.cold+0x37/0x7c
? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]
kasan_report+0xe/0x20
ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]
? apic_timer_interrupt+0xa/0x20
? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]
? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k]
ath5k_eeprom_init+0x2513/0x6290 [ath5k]
? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]
? usleep_range+0xb8/0x100
? apic_timer_interrupt+0xa/0x20
? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k]
ath5k_hw_init+0xb60/0x1970 [ath5k]
ath5k_init_ah+0x6fe/0x2530 [ath5k]
? kasprintf+0xa6/0xe0
? ath5k_stop+0x140/0x140 [ath5k]
? _dev_notice+0xf6/0xf6
? apic_timer_interrupt+0xa/0x20
ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k]
? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]
? mutex_lock+0x89/0xd0
? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]
local_pci_probe+0xd3/0x160
pci_device_probe+0x23f/0x3e0
? pci_device_remove+0x280/0x280
? pci_device_remove+0x280/0x280
really_probe+0x209/0x5d0
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8e218fb24faef0bfe95bc91b3c05261e20439527 Version: 8e218fb24faef0bfe95bc91b3c05261e20439527 Version: 8e218fb24faef0bfe95bc91b3c05261e20439527 Version: 8e218fb24faef0bfe95bc91b3c05261e20439527 Version: 8e218fb24faef0bfe95bc91b3c05261e20439527 Version: 8e218fb24faef0bfe95bc91b3c05261e20439527 Version: 8e218fb24faef0bfe95bc91b3c05261e20439527 Version: 8e218fb24faef0bfe95bc91b3c05261e20439527 Version: 8e218fb24faef0bfe95bc91b3c05261e20439527 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath5k/eeprom.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f4de974019a0adf34d0e7de6b86252f1bd266b06",
"status": "affected",
"version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
"versionType": "git"
},
{
"lessThan": "ed3dfdaa8b5f0579eabfc1c5818eed30cfe1fe84",
"status": "affected",
"version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
"versionType": "git"
},
{
"lessThan": "25efc5d03455c3839249bc77fce5e29ecb54677e",
"status": "affected",
"version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
"versionType": "git"
},
{
"lessThan": "c4e2f577271e158d87a916afb4e87415a88ce856",
"status": "affected",
"version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
"versionType": "git"
},
{
"lessThan": "9d7d83d0399e23d66fd431b553842a84ac10398f",
"status": "affected",
"version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
"versionType": "git"
},
{
"lessThan": "be2f81024e7981565d90a4c9ca3067d11b6bca7f",
"status": "affected",
"version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
"versionType": "git"
},
{
"lessThan": "fc8f7752a82f4accb99c0f1a868906ba1eb7b86f",
"status": "affected",
"version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
"versionType": "git"
},
{
"lessThan": "cbd96d6cad6625feba9c8d101ed4977d53e82f8e",
"status": "affected",
"version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
"versionType": "git"
},
{
"lessThan": "564d4eceb97eaf381dd6ef6470b06377bb50c95a",
"status": "affected",
"version": "8e218fb24faef0bfe95bc91b3c05261e20439527",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath5k/eeprom.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111\n\nThe bug was found during fuzzing. Stacktrace locates it in\nath5k_eeprom_convert_pcal_info_5111.\nWhen none of the curve is selected in the loop, idx can go\nup to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound.\npd = \u0026chinfo[pier].pd_curves[idx];\n\nThere are many OOB writes using pd later in the code. So I\nadded a sanity check for idx. Checks for other loops involving\nAR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not\nused outside the loops.\n\nThe patch is NOT tested with real device.\n\nThe following is the fuzzing report\n\nBUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\nWrite of size 1 at addr ffff8880174a4d60 by task modprobe/214\n\nCPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1\nCall Trace:\n dump_stack+0x76/0xa0\n print_address_description.constprop.0+0x16/0x200\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n __kasan_report.cold+0x37/0x7c\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n kasan_report+0xe/0x20\n ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k]\n ath5k_eeprom_init+0x2513/0x6290 [ath5k]\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? usleep_range+0xb8/0x100\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k]\n ath5k_hw_init+0xb60/0x1970 [ath5k]\n ath5k_init_ah+0x6fe/0x2530 [ath5k]\n ? kasprintf+0xa6/0xe0\n ? ath5k_stop+0x140/0x140 [ath5k]\n ? _dev_notice+0xf6/0xf6\n ? apic_timer_interrupt+0xa/0x20\n ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k]\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n ? mutex_lock+0x89/0xd0\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n local_pci_probe+0xd3/0x160\n pci_device_probe+0x23f/0x3e0\n ? pci_device_remove+0x280/0x280\n ? pci_device_remove+0x280/0x280\n really_probe+0x209/0x5d0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:31:54.292Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f4de974019a0adf34d0e7de6b86252f1bd266b06"
},
{
"url": "https://git.kernel.org/stable/c/ed3dfdaa8b5f0579eabfc1c5818eed30cfe1fe84"
},
{
"url": "https://git.kernel.org/stable/c/25efc5d03455c3839249bc77fce5e29ecb54677e"
},
{
"url": "https://git.kernel.org/stable/c/c4e2f577271e158d87a916afb4e87415a88ce856"
},
{
"url": "https://git.kernel.org/stable/c/9d7d83d0399e23d66fd431b553842a84ac10398f"
},
{
"url": "https://git.kernel.org/stable/c/be2f81024e7981565d90a4c9ca3067d11b6bca7f"
},
{
"url": "https://git.kernel.org/stable/c/fc8f7752a82f4accb99c0f1a868906ba1eb7b86f"
},
{
"url": "https://git.kernel.org/stable/c/cbd96d6cad6625feba9c8d101ed4977d53e82f8e"
},
{
"url": "https://git.kernel.org/stable/c/564d4eceb97eaf381dd6ef6470b06377bb50c95a"
}
],
"title": "ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47633",
"datePublished": "2025-02-26T01:54:08.651Z",
"dateReserved": "2025-02-26T01:48:21.518Z",
"dateUpdated": "2025-05-21T08:31:54.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49321 (GCVE-0-2022-49321)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xprtrdma: treat all calls not a bcall when bc_serv is NULL
When a rdma server returns a fault format reply, nfs v3 client may
treats it as a bcall when bc service is not exist.
The debug message at rpcrdma_bc_receive_call are,
[56579.837169] RPC: rpcrdma_bc_receive_call: callback XID
00000001, length=20
[56579.837174] RPC: rpcrdma_bc_receive_call: 00 00 00 01 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 04
After that, rpcrdma_bc_receive_call will meets NULL pointer as,
[ 226.057890] BUG: unable to handle kernel NULL pointer dereference at
00000000000000c8
...
[ 226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20
...
[ 226.059732] Call Trace:
[ 226.059878] rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma]
[ 226.060011] __ib_process_cq+0x89/0x170 [ib_core]
[ 226.060092] ib_cq_poll_work+0x26/0x80 [ib_core]
[ 226.060257] process_one_work+0x1a7/0x360
[ 226.060367] ? create_worker+0x1a0/0x1a0
[ 226.060440] worker_thread+0x30/0x390
[ 226.060500] ? create_worker+0x1a0/0x1a0
[ 226.060574] kthread+0x116/0x130
[ 226.060661] ? kthread_flush_work_fn+0x10/0x10
[ 226.060724] ret_from_fork+0x35/0x40
...
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:43:44.893562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:56.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtrdma/rpc_rdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8e3943c50764dc7c5f25911970c3ff062ec1f18c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "998d35a2aff4b81a1c784f3aa45cd3afff6814c1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "da99331fa62131a38a0947a8204c5208de7b0454",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8dbae5affbdbf524b48000f9d357925bb001e5f4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a3fc8051ee061e31db13e2fe011e8e0b71a7f815",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "90c4f73104016748533a5707ecd15930fbeff402",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "91784f3d77b73885e1b2e6b59d3cbf0de0a1126a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "11270e7ca268e8d61b5d9e5c3a54bd1550642c9c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtrdma/rpc_rdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: treat all calls not a bcall when bc_serv is NULL\n\nWhen a rdma server returns a fault format reply, nfs v3 client may\ntreats it as a bcall when bc service is not exist.\n\nThe debug message at rpcrdma_bc_receive_call are,\n\n[56579.837169] RPC: rpcrdma_bc_receive_call: callback XID\n00000001, length=20\n[56579.837174] RPC: rpcrdma_bc_receive_call: 00 00 00 01 00 00 00\n00 00 00 00 00 00 00 00 00 00 00 00 04\n\nAfter that, rpcrdma_bc_receive_call will meets NULL pointer as,\n\n[ 226.057890] BUG: unable to handle kernel NULL pointer dereference at\n00000000000000c8\n...\n[ 226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20\n...\n[ 226.059732] Call Trace:\n[ 226.059878] rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma]\n[ 226.060011] __ib_process_cq+0x89/0x170 [ib_core]\n[ 226.060092] ib_cq_poll_work+0x26/0x80 [ib_core]\n[ 226.060257] process_one_work+0x1a7/0x360\n[ 226.060367] ? create_worker+0x1a0/0x1a0\n[ 226.060440] worker_thread+0x30/0x390\n[ 226.060500] ? create_worker+0x1a0/0x1a0\n[ 226.060574] kthread+0x116/0x130\n[ 226.060661] ? kthread_flush_work_fn+0x10/0x10\n[ 226.060724] ret_from_fork+0x35/0x40\n..."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:09.386Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8e3943c50764dc7c5f25911970c3ff062ec1f18c"
},
{
"url": "https://git.kernel.org/stable/c/998d35a2aff4b81a1c784f3aa45cd3afff6814c1"
},
{
"url": "https://git.kernel.org/stable/c/da99331fa62131a38a0947a8204c5208de7b0454"
},
{
"url": "https://git.kernel.org/stable/c/8dbae5affbdbf524b48000f9d357925bb001e5f4"
},
{
"url": "https://git.kernel.org/stable/c/a3fc8051ee061e31db13e2fe011e8e0b71a7f815"
},
{
"url": "https://git.kernel.org/stable/c/90c4f73104016748533a5707ecd15930fbeff402"
},
{
"url": "https://git.kernel.org/stable/c/91784f3d77b73885e1b2e6b59d3cbf0de0a1126a"
},
{
"url": "https://git.kernel.org/stable/c/11270e7ca268e8d61b5d9e5c3a54bd1550642c9c"
}
],
"title": "xprtrdma: treat all calls not a bcall when bc_serv is NULL",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49321",
"datePublished": "2025-02-26T02:10:46.186Z",
"dateReserved": "2025-02-26T02:08:31.537Z",
"dateUpdated": "2025-10-01T19:46:56.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49377 (GCVE-0-2022-49377)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx
blk_mq_run_hw_queues() could be run when there isn't queued request and
after queue is cleaned up, at that time tagset is freed, because tagset
lifetime is covered by driver, and often freed after blk_cleanup_queue()
returns.
So don't touch ->tagset for figuring out current default hctx by the mapping
built in request queue, so use-after-free on tagset can be avoided. Meantime
this way should be fast than retrieving mapping from tagset.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:16:30.402440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:33.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "460aa288c5cd0544dcf933a2f0ad0e8c6d2d35ff",
"status": "affected",
"version": "b6e68ee82585f2ee890b0a897a6aacbf49a467bb",
"versionType": "git"
},
{
"lessThan": "b140bac470b4f707cda59c7266214246238661df",
"status": "affected",
"version": "b6e68ee82585f2ee890b0a897a6aacbf49a467bb",
"versionType": "git"
},
{
"lessThan": "70fdd922c7bf8949f8df109cf2635dff64c90392",
"status": "affected",
"version": "b6e68ee82585f2ee890b0a897a6aacbf49a467bb",
"versionType": "git"
},
{
"lessThan": "5d05426e2d5fd7df8afc866b78c36b37b00188b7",
"status": "affected",
"version": "b6e68ee82585f2ee890b0a897a6aacbf49a467bb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: don\u0027t touch -\u003etagset in blk_mq_get_sq_hctx\n\nblk_mq_run_hw_queues() could be run when there isn\u0027t queued request and\nafter queue is cleaned up, at that time tagset is freed, because tagset\nlifetime is covered by driver, and often freed after blk_cleanup_queue()\nreturns.\n\nSo don\u0027t touch -\u003etagset for figuring out current default hctx by the mapping\nbuilt in request queue, so use-after-free on tagset can be avoided. Meantime\nthis way should be fast than retrieving mapping from tagset."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:23.254Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/460aa288c5cd0544dcf933a2f0ad0e8c6d2d35ff"
},
{
"url": "https://git.kernel.org/stable/c/b140bac470b4f707cda59c7266214246238661df"
},
{
"url": "https://git.kernel.org/stable/c/70fdd922c7bf8949f8df109cf2635dff64c90392"
},
{
"url": "https://git.kernel.org/stable/c/5d05426e2d5fd7df8afc866b78c36b37b00188b7"
}
],
"title": "blk-mq: don\u0027t touch -\u003etagset in blk_mq_get_sq_hctx",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49377",
"datePublished": "2025-02-26T02:11:16.607Z",
"dateReserved": "2025-02-26T02:08:31.558Z",
"dateUpdated": "2025-05-04T08:36:23.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49054 (GCVE-0-2022-49054)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests
hv_panic_page might contain guest-sensitive information, do not dump it
over to Hyper-V by default in isolated guests.
While at it, update some comments in hyperv_{panic,die}_event().
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hv/vmbus_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1b576e81d31b56b248316b8ff816b1cc5c4407c7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6230bc50d6d21cae4c084766623d0a6d17958721",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9f8b577f7b43b2170628d6c537252785dcc2dcea",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hv/vmbus_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests\n\nhv_panic_page might contain guest-sensitive information, do not dump it\nover to Hyper-V by default in isolated guests.\n\nWhile at it, update some comments in hyperv_{panic,die}_event()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:45.411Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b576e81d31b56b248316b8ff816b1cc5c4407c7"
},
{
"url": "https://git.kernel.org/stable/c/6230bc50d6d21cae4c084766623d0a6d17958721"
},
{
"url": "https://git.kernel.org/stable/c/9f8b577f7b43b2170628d6c537252785dcc2dcea"
}
],
"title": "Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49054",
"datePublished": "2025-02-26T01:54:27.286Z",
"dateReserved": "2025-02-26T01:49:39.243Z",
"dateUpdated": "2025-05-04T08:28:45.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49336 (GCVE-0-2022-49336)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
When the mapping is already reaped the unmap must be a no-op, as we
would otherwise try to remove the mapping twice, corrupting the involved
data structures.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a8c21a5451d831e67b7a6fb910f9ca8bc7b43554 Version: a8c21a5451d831e67b7a6fb910f9ca8bc7b43554 Version: a8c21a5451d831e67b7a6fb910f9ca8bc7b43554 Version: a8c21a5451d831e67b7a6fb910f9ca8bc7b43554 Version: a8c21a5451d831e67b7a6fb910f9ca8bc7b43554 Version: a8c21a5451d831e67b7a6fb910f9ca8bc7b43554 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/etnaviv/etnaviv_mmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "19323b3671a85788569d15685c8f83a05ec48cbb",
"status": "affected",
"version": "a8c21a5451d831e67b7a6fb910f9ca8bc7b43554",
"versionType": "git"
},
{
"lessThan": "436cff507f2a41230baacc3e2ef1d3b2d2653f40",
"status": "affected",
"version": "a8c21a5451d831e67b7a6fb910f9ca8bc7b43554",
"versionType": "git"
},
{
"lessThan": "03bd455a79f69d97fee3e3b212ab754442f10e5c",
"status": "affected",
"version": "a8c21a5451d831e67b7a6fb910f9ca8bc7b43554",
"versionType": "git"
},
{
"lessThan": "461c0fdf9434188875da9f10cfc86065866bb797",
"status": "affected",
"version": "a8c21a5451d831e67b7a6fb910f9ca8bc7b43554",
"versionType": "git"
},
{
"lessThan": "64f4edec081cb7c97c5e928529d0e1b0dbbffb83",
"status": "affected",
"version": "a8c21a5451d831e67b7a6fb910f9ca8bc7b43554",
"versionType": "git"
},
{
"lessThan": "e168c25526cd0368af098095c2ded4a008007e1b",
"status": "affected",
"version": "a8c21a5451d831e67b7a6fb910f9ca8bc7b43554",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/etnaviv/etnaviv_mmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem\n\nWhen the mapping is already reaped the unmap must be a no-op, as we\nwould otherwise try to remove the mapping twice, corrupting the involved\ndata structures."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:28.578Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/19323b3671a85788569d15685c8f83a05ec48cbb"
},
{
"url": "https://git.kernel.org/stable/c/436cff507f2a41230baacc3e2ef1d3b2d2653f40"
},
{
"url": "https://git.kernel.org/stable/c/03bd455a79f69d97fee3e3b212ab754442f10e5c"
},
{
"url": "https://git.kernel.org/stable/c/461c0fdf9434188875da9f10cfc86065866bb797"
},
{
"url": "https://git.kernel.org/stable/c/64f4edec081cb7c97c5e928529d0e1b0dbbffb83"
},
{
"url": "https://git.kernel.org/stable/c/e168c25526cd0368af098095c2ded4a008007e1b"
}
],
"title": "drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49336",
"datePublished": "2025-02-26T02:10:55.234Z",
"dateReserved": "2025-02-26T02:08:31.539Z",
"dateUpdated": "2025-05-04T08:35:28.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49044 (GCVE-0-2022-49044)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm integrity: fix memory corruption when tag_size is less than digest size
It is possible to set up dm-integrity in such a way that the
"tag_size" parameter is less than the actual digest size. In this
situation, a part of the digest beyond tag_size is ignored.
In this case, dm-integrity would write beyond the end of the
ic->recalc_tags array and corrupt memory. The corruption happened in
integrity_recalc->integrity_sector_checksum->crypto_shash_final.
Fix this corruption by increasing the tags array so that it has enough
padding at the end to accomodate the loop in integrity_recalc() being
able to write a full digest size for the last member of the tags
array.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7eada909bfd7ac90a4522e56aa3179d1fd68cd14 Version: 7eada909bfd7ac90a4522e56aa3179d1fd68cd14 Version: 7eada909bfd7ac90a4522e56aa3179d1fd68cd14 Version: 7eada909bfd7ac90a4522e56aa3179d1fd68cd14 Version: 7eada909bfd7ac90a4522e56aa3179d1fd68cd14 Version: 7eada909bfd7ac90a4522e56aa3179d1fd68cd14 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-integrity.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6a95d91c0b315c965198f6ab7dec7c94129e17e0",
"status": "affected",
"version": "7eada909bfd7ac90a4522e56aa3179d1fd68cd14",
"versionType": "git"
},
{
"lessThan": "7f84c937222944c03f4615ca4742df6bed0e5adf",
"status": "affected",
"version": "7eada909bfd7ac90a4522e56aa3179d1fd68cd14",
"versionType": "git"
},
{
"lessThan": "cd02b2687d66f0a8e716384de4b9a0671331f1dc",
"status": "affected",
"version": "7eada909bfd7ac90a4522e56aa3179d1fd68cd14",
"versionType": "git"
},
{
"lessThan": "6b4bf97587ef6c1927a78934b700204920655123",
"status": "affected",
"version": "7eada909bfd7ac90a4522e56aa3179d1fd68cd14",
"versionType": "git"
},
{
"lessThan": "4d485cf9b609709e45d5113e6e2b1b01254b2fe9",
"status": "affected",
"version": "7eada909bfd7ac90a4522e56aa3179d1fd68cd14",
"versionType": "git"
},
{
"lessThan": "08c1af8f1c13bbf210f1760132f4df24d0ed46d6",
"status": "affected",
"version": "7eada909bfd7ac90a4522e56aa3179d1fd68cd14",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-integrity.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.240",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.240",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.190",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.112",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.35",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm integrity: fix memory corruption when tag_size is less than digest size\n\nIt is possible to set up dm-integrity in such a way that the\n\"tag_size\" parameter is less than the actual digest size. In this\nsituation, a part of the digest beyond tag_size is ignored.\n\nIn this case, dm-integrity would write beyond the end of the\nic-\u003erecalc_tags array and corrupt memory. The corruption happened in\nintegrity_recalc-\u003eintegrity_sector_checksum-\u003ecrypto_shash_final.\n\nFix this corruption by increasing the tags array so that it has enough\npadding at the end to accomodate the loop in integrity_recalc() being\nable to write a full digest size for the last member of the tags\narray."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:33.434Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6a95d91c0b315c965198f6ab7dec7c94129e17e0"
},
{
"url": "https://git.kernel.org/stable/c/7f84c937222944c03f4615ca4742df6bed0e5adf"
},
{
"url": "https://git.kernel.org/stable/c/cd02b2687d66f0a8e716384de4b9a0671331f1dc"
},
{
"url": "https://git.kernel.org/stable/c/6b4bf97587ef6c1927a78934b700204920655123"
},
{
"url": "https://git.kernel.org/stable/c/4d485cf9b609709e45d5113e6e2b1b01254b2fe9"
},
{
"url": "https://git.kernel.org/stable/c/08c1af8f1c13bbf210f1760132f4df24d0ed46d6"
}
],
"title": "dm integrity: fix memory corruption when tag_size is less than digest size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49044",
"datePublished": "2025-02-26T01:54:21.389Z",
"dateReserved": "2025-02-26T01:49:39.241Z",
"dateUpdated": "2025-05-04T08:28:33.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49730 (GCVE-0-2022-49730)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted
A use-after-free crash can occur after an ELS LOGO is aborted.
Specifically, a nodelist structure is freed and then
ndlp->vport->cfg_log_verbose is dereferenced in lpfc_nlp_get() when the
discovery state machine is mistakenly called a second time with
NLP_EVT_DEVICE_RM argument.
Rework lpfc_cmpl_els_logo() to prevent the duplicate calls to release a
nodelist structure.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:14:49.491525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:30.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_els.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5e83869e29448958f8ae2c6911f350318f75e4fc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eea34ce23dc3a595695856dc73bb132a9c5a2902",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b1b3440f437b75fb2a9b0cfe58df461e40eca474",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_els.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted\n\nA use-after-free crash can occur after an ELS LOGO is aborted.\n\nSpecifically, a nodelist structure is freed and then\nndlp-\u003evport-\u003ecfg_log_verbose is dereferenced in lpfc_nlp_get() when the\ndiscovery state machine is mistakenly called a second time with\nNLP_EVT_DEVICE_RM argument.\n\nRework lpfc_cmpl_els_logo() to prevent the duplicate calls to release a\nnodelist structure."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:44:14.341Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5e83869e29448958f8ae2c6911f350318f75e4fc"
},
{
"url": "https://git.kernel.org/stable/c/eea34ce23dc3a595695856dc73bb132a9c5a2902"
},
{
"url": "https://git.kernel.org/stable/c/b1b3440f437b75fb2a9b0cfe58df461e40eca474"
}
],
"title": "scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49730",
"datePublished": "2025-02-26T02:24:40.643Z",
"dateReserved": "2025-02-26T02:21:30.449Z",
"dateUpdated": "2025-05-04T08:44:14.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49224 (GCVE-0-2022-49224)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
kobject_init_and_add() takes reference even when it fails.
According to the doc of kobject_init_and_add():
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object.
Fix memory leak by calling kobject_put().
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8c0984e5a75337df513047ec92a6c09d78e3e5cd Version: 8c0984e5a75337df513047ec92a6c09d78e3e5cd Version: 8c0984e5a75337df513047ec92a6c09d78e3e5cd Version: 8c0984e5a75337df513047ec92a6c09d78e3e5cd Version: 8c0984e5a75337df513047ec92a6c09d78e3e5cd Version: 8c0984e5a75337df513047ec92a6c09d78e3e5cd Version: 8c0984e5a75337df513047ec92a6c09d78e3e5cd Version: 8c0984e5a75337df513047ec92a6c09d78e3e5cd Version: 8c0984e5a75337df513047ec92a6c09d78e3e5cd |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:46:22.689840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:04.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/power/supply/ab8500_fg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "31cdf7897dba1f096b74f69d840f0575b8cdb9ae",
"status": "affected",
"version": "8c0984e5a75337df513047ec92a6c09d78e3e5cd",
"versionType": "git"
},
{
"lessThan": "19aa3c98ed7b2616e105946cec804f897837ab84",
"status": "affected",
"version": "8c0984e5a75337df513047ec92a6c09d78e3e5cd",
"versionType": "git"
},
{
"lessThan": "db3a61ef8e6aef3b888baa6a85926c2230c2cc56",
"status": "affected",
"version": "8c0984e5a75337df513047ec92a6c09d78e3e5cd",
"versionType": "git"
},
{
"lessThan": "41ed61364285ff38bbbe9ca8a45c8372ba72921d",
"status": "affected",
"version": "8c0984e5a75337df513047ec92a6c09d78e3e5cd",
"versionType": "git"
},
{
"lessThan": "879356a6a05559582b0a7895d86d2d4359745c08",
"status": "affected",
"version": "8c0984e5a75337df513047ec92a6c09d78e3e5cd",
"versionType": "git"
},
{
"lessThan": "ffb8e92b4cef92bd25563cf3d8b4489eb22bc61f",
"status": "affected",
"version": "8c0984e5a75337df513047ec92a6c09d78e3e5cd",
"versionType": "git"
},
{
"lessThan": "261041097ab3470f1120b7733cbf472712304d1e",
"status": "affected",
"version": "8c0984e5a75337df513047ec92a6c09d78e3e5cd",
"versionType": "git"
},
{
"lessThan": "c32f6b6196b6efc1c68990dfeaac36fb8eb3b8e1",
"status": "affected",
"version": "8c0984e5a75337df513047ec92a6c09d78e3e5cd",
"versionType": "git"
},
{
"lessThan": "6a4760463dbc6b603690938c468839985189ce0a",
"status": "affected",
"version": "8c0984e5a75337df513047ec92a6c09d78e3e5cd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/power/supply/ab8500_fg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init\n\nkobject_init_and_add() takes reference even when it fails.\nAccording to the doc of kobject_init_and_add()\uff1a\n\n If this function returns an error, kobject_put() must be called to\n properly clean up the memory associated with the object.\n\nFix memory leak by calling kobject_put()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:48.944Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/31cdf7897dba1f096b74f69d840f0575b8cdb9ae"
},
{
"url": "https://git.kernel.org/stable/c/19aa3c98ed7b2616e105946cec804f897837ab84"
},
{
"url": "https://git.kernel.org/stable/c/db3a61ef8e6aef3b888baa6a85926c2230c2cc56"
},
{
"url": "https://git.kernel.org/stable/c/41ed61364285ff38bbbe9ca8a45c8372ba72921d"
},
{
"url": "https://git.kernel.org/stable/c/879356a6a05559582b0a7895d86d2d4359745c08"
},
{
"url": "https://git.kernel.org/stable/c/ffb8e92b4cef92bd25563cf3d8b4489eb22bc61f"
},
{
"url": "https://git.kernel.org/stable/c/261041097ab3470f1120b7733cbf472712304d1e"
},
{
"url": "https://git.kernel.org/stable/c/c32f6b6196b6efc1c68990dfeaac36fb8eb3b8e1"
},
{
"url": "https://git.kernel.org/stable/c/6a4760463dbc6b603690938c468839985189ce0a"
}
],
"title": "power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49224",
"datePublished": "2025-02-26T01:55:54.755Z",
"dateReserved": "2025-02-26T01:49:39.293Z",
"dateUpdated": "2025-10-01T19:47:04.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49711 (GCVE-0-2022-49711)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()
In fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to
fsl_destroy_mc_io(). However, mc->root_mc_bus_dev is already freed in
fsl_mc_device_remove(). Then reference to mc->root_mc_bus_dev->mc_io
triggers KASAN use-after-free. To avoid the use-after-free, keep the
reference to mc->root_mc_bus_dev->mc_io in a local variable and pass to
fsl_destroy_mc_io().
This patch needs rework to apply to kernels older than v5.15.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:14:53.258258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:30.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bus/fsl-mc/fsl-mc-bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ccd1751092341ac120a961835211f9f2e3735963",
"status": "affected",
"version": "f93627146f0e371093966ed3d44c065aa077cfb1",
"versionType": "git"
},
{
"lessThan": "161b68b0a728377aaa10a8e14c70e7734f3c9ff7",
"status": "affected",
"version": "f93627146f0e371093966ed3d44c065aa077cfb1",
"versionType": "git"
},
{
"lessThan": "928ea98252ad75118950941683893cf904541da9",
"status": "affected",
"version": "f93627146f0e371093966ed3d44c065aa077cfb1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bus/fsl-mc/fsl-mc-bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()\n\nIn fsl_mc_bus_remove(), mc-\u003eroot_mc_bus_dev-\u003emc_io is passed to\nfsl_destroy_mc_io(). However, mc-\u003eroot_mc_bus_dev is already freed in\nfsl_mc_device_remove(). Then reference to mc-\u003eroot_mc_bus_dev-\u003emc_io\ntriggers KASAN use-after-free. To avoid the use-after-free, keep the\nreference to mc-\u003eroot_mc_bus_dev-\u003emc_io in a local variable and pass to\nfsl_destroy_mc_io().\n\nThis patch needs rework to apply to kernels older than v5.15."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:51.419Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ccd1751092341ac120a961835211f9f2e3735963"
},
{
"url": "https://git.kernel.org/stable/c/161b68b0a728377aaa10a8e14c70e7734f3c9ff7"
},
{
"url": "https://git.kernel.org/stable/c/928ea98252ad75118950941683893cf904541da9"
}
],
"title": "bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49711",
"datePublished": "2025-02-26T02:24:28.224Z",
"dateReserved": "2025-02-26T02:21:30.444Z",
"dateUpdated": "2025-05-04T08:43:51.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49407 (GCVE-0-2022-49407)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dlm: fix plock invalid read
This patch fixes an invalid read showed by KASAN. A unlock will allocate a
"struct plock_op" and a followed send_op() will append it to a global
send_list data structure. In some cases a followed dev_read() moves it
to recv_list and dev_write() will cast it to "struct plock_xop" and access
fields which are only available in those structures. At this point an
invalid read happens by accessing those fields.
To fix this issue the "callback" field is moved to "struct plock_op" to
indicate that a cast to "plock_xop" is allowed and does the additional
"plock_xop" handling if set.
Example of the KASAN output which showed the invalid read:
[ 2064.296453] ==================================================================
[ 2064.304852] BUG: KASAN: slab-out-of-bounds in dev_write+0x52b/0x5a0 [dlm]
[ 2064.306491] Read of size 8 at addr ffff88800ef227d8 by task dlm_controld/7484
[ 2064.308168]
[ 2064.308575] CPU: 0 PID: 7484 Comm: dlm_controld Kdump: loaded Not tainted 5.14.0+ #9
[ 2064.310292] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2064.311618] Call Trace:
[ 2064.312218] dump_stack_lvl+0x56/0x7b
[ 2064.313150] print_address_description.constprop.8+0x21/0x150
[ 2064.314578] ? dev_write+0x52b/0x5a0 [dlm]
[ 2064.315610] ? dev_write+0x52b/0x5a0 [dlm]
[ 2064.316595] kasan_report.cold.14+0x7f/0x11b
[ 2064.317674] ? dev_write+0x52b/0x5a0 [dlm]
[ 2064.318687] dev_write+0x52b/0x5a0 [dlm]
[ 2064.319629] ? dev_read+0x4a0/0x4a0 [dlm]
[ 2064.320713] ? bpf_lsm_kernfs_init_security+0x10/0x10
[ 2064.321926] vfs_write+0x17e/0x930
[ 2064.322769] ? __fget_light+0x1aa/0x220
[ 2064.323753] ksys_write+0xf1/0x1c0
[ 2064.324548] ? __ia32_sys_read+0xb0/0xb0
[ 2064.325464] do_syscall_64+0x3a/0x80
[ 2064.326387] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2064.327606] RIP: 0033:0x7f807e4ba96f
[ 2064.328470] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 39 87 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 87 f8 ff 48
[ 2064.332902] RSP: 002b:00007ffd50cfe6e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 2064.334658] RAX: ffffffffffffffda RBX: 000055cc3886eb30 RCX: 00007f807e4ba96f
[ 2064.336275] RDX: 0000000000000040 RSI: 00007ffd50cfe7e0 RDI: 0000000000000010
[ 2064.337980] RBP: 00007ffd50cfe7e0 R08: 0000000000000000 R09: 0000000000000001
[ 2064.339560] R10: 000055cc3886eb30 R11: 0000000000000293 R12: 000055cc3886eb80
[ 2064.341237] R13: 000055cc3886eb00 R14: 000055cc3886f590 R15: 0000000000000001
[ 2064.342857]
[ 2064.343226] Allocated by task 12438:
[ 2064.344057] kasan_save_stack+0x1c/0x40
[ 2064.345079] __kasan_kmalloc+0x84/0xa0
[ 2064.345933] kmem_cache_alloc_trace+0x13b/0x220
[ 2064.346953] dlm_posix_unlock+0xec/0x720 [dlm]
[ 2064.348811] do_lock_file_wait.part.32+0xca/0x1d0
[ 2064.351070] fcntl_setlk+0x281/0xbc0
[ 2064.352879] do_fcntl+0x5e4/0xfe0
[ 2064.354657] __x64_sys_fcntl+0x11f/0x170
[ 2064.356550] do_syscall_64+0x3a/0x80
[ 2064.358259] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2064.360745]
[ 2064.361511] Last potentially related work creation:
[ 2064.363957] kasan_save_stack+0x1c/0x40
[ 2064.365811] __kasan_record_aux_stack+0xaf/0xc0
[ 2064.368100] call_rcu+0x11b/0xf70
[ 2064.369785] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]
[ 2064.372404] receive_from_sock+0x290/0x770 [dlm]
[ 2064.374607] process_recv_sockets+0x32/0x40 [dlm]
[ 2064.377290] process_one_work+0x9a8/0x16e0
[ 2064.379357] worker_thread+0x87/0xbf0
[ 2064.381188] kthread+0x3ac/0x490
[ 2064.383460] ret_from_fork+0x22/0x30
[ 2064.385588]
[ 2064.386518] Second to last potentially related work creation:
[ 2064.389219] kasan_save_stack+0x1c/0x40
[ 2064.391043] __kasan_record_aux_stack+0xaf/0xc0
[ 2064.393303] call_rcu+0x11b/0xf70
[ 2064.394885] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]
[ 2064.397694] receive_from_sock+0x290/0x770
---truncated---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 586759f03e2e9031ac5589912a51a909ed53c30a Version: 586759f03e2e9031ac5589912a51a909ed53c30a Version: 586759f03e2e9031ac5589912a51a909ed53c30a Version: 586759f03e2e9031ac5589912a51a909ed53c30a Version: 586759f03e2e9031ac5589912a51a909ed53c30a Version: 586759f03e2e9031ac5589912a51a909ed53c30a Version: 586759f03e2e9031ac5589912a51a909ed53c30a Version: 586759f03e2e9031ac5589912a51a909ed53c30a Version: 586759f03e2e9031ac5589912a51a909ed53c30a |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/dlm/plock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2c55155cc365861044d9e6e80e342693e8805e33",
"status": "affected",
"version": "586759f03e2e9031ac5589912a51a909ed53c30a",
"versionType": "git"
},
{
"lessThan": "72f2f68970f9bdc252d59e119b385a6441b0b155",
"status": "affected",
"version": "586759f03e2e9031ac5589912a51a909ed53c30a",
"versionType": "git"
},
{
"lessThan": "5a1765adf9855cf0f6d3f7e0eb4b78ca66f70dee",
"status": "affected",
"version": "586759f03e2e9031ac5589912a51a909ed53c30a",
"versionType": "git"
},
{
"lessThan": "49cd9eb7b9a7b88124b31e31f8e539acaf1b3a6d",
"status": "affected",
"version": "586759f03e2e9031ac5589912a51a909ed53c30a",
"versionType": "git"
},
{
"lessThan": "899bc4429174861122f0c236588700a4710c1fec",
"status": "affected",
"version": "586759f03e2e9031ac5589912a51a909ed53c30a",
"versionType": "git"
},
{
"lessThan": "acdad5bc9827922ec2f2e84fd198718aa8e8ab92",
"status": "affected",
"version": "586759f03e2e9031ac5589912a51a909ed53c30a",
"versionType": "git"
},
{
"lessThan": "56aa8d1fbd02357f3bf81bdfba1cde87ce8402fc",
"status": "affected",
"version": "586759f03e2e9031ac5589912a51a909ed53c30a",
"versionType": "git"
},
{
"lessThan": "e421872fa17542cf33747071fb141b0130ce9ef7",
"status": "affected",
"version": "586759f03e2e9031ac5589912a51a909ed53c30a",
"versionType": "git"
},
{
"lessThan": "42252d0d2aa9b94d168241710a761588b3959019",
"status": "affected",
"version": "586759f03e2e9031ac5589912a51a909ed53c30a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/dlm/plock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.22"
},
{
"lessThan": "2.6.22",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "2.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "2.6.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: fix plock invalid read\n\nThis patch fixes an invalid read showed by KASAN. A unlock will allocate a\n\"struct plock_op\" and a followed send_op() will append it to a global\nsend_list data structure. In some cases a followed dev_read() moves it\nto recv_list and dev_write() will cast it to \"struct plock_xop\" and access\nfields which are only available in those structures. At this point an\ninvalid read happens by accessing those fields.\n\nTo fix this issue the \"callback\" field is moved to \"struct plock_op\" to\nindicate that a cast to \"plock_xop\" is allowed and does the additional\n\"plock_xop\" handling if set.\n\nExample of the KASAN output which showed the invalid read:\n\n[ 2064.296453] ==================================================================\n[ 2064.304852] BUG: KASAN: slab-out-of-bounds in dev_write+0x52b/0x5a0 [dlm]\n[ 2064.306491] Read of size 8 at addr ffff88800ef227d8 by task dlm_controld/7484\n[ 2064.308168]\n[ 2064.308575] CPU: 0 PID: 7484 Comm: dlm_controld Kdump: loaded Not tainted 5.14.0+ #9\n[ 2064.310292] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n[ 2064.311618] Call Trace:\n[ 2064.312218] dump_stack_lvl+0x56/0x7b\n[ 2064.313150] print_address_description.constprop.8+0x21/0x150\n[ 2064.314578] ? dev_write+0x52b/0x5a0 [dlm]\n[ 2064.315610] ? dev_write+0x52b/0x5a0 [dlm]\n[ 2064.316595] kasan_report.cold.14+0x7f/0x11b\n[ 2064.317674] ? dev_write+0x52b/0x5a0 [dlm]\n[ 2064.318687] dev_write+0x52b/0x5a0 [dlm]\n[ 2064.319629] ? dev_read+0x4a0/0x4a0 [dlm]\n[ 2064.320713] ? bpf_lsm_kernfs_init_security+0x10/0x10\n[ 2064.321926] vfs_write+0x17e/0x930\n[ 2064.322769] ? __fget_light+0x1aa/0x220\n[ 2064.323753] ksys_write+0xf1/0x1c0\n[ 2064.324548] ? __ia32_sys_read+0xb0/0xb0\n[ 2064.325464] do_syscall_64+0x3a/0x80\n[ 2064.326387] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 2064.327606] RIP: 0033:0x7f807e4ba96f\n[ 2064.328470] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 39 87 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 87 f8 ff 48\n[ 2064.332902] RSP: 002b:00007ffd50cfe6e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\n[ 2064.334658] RAX: ffffffffffffffda RBX: 000055cc3886eb30 RCX: 00007f807e4ba96f\n[ 2064.336275] RDX: 0000000000000040 RSI: 00007ffd50cfe7e0 RDI: 0000000000000010\n[ 2064.337980] RBP: 00007ffd50cfe7e0 R08: 0000000000000000 R09: 0000000000000001\n[ 2064.339560] R10: 000055cc3886eb30 R11: 0000000000000293 R12: 000055cc3886eb80\n[ 2064.341237] R13: 000055cc3886eb00 R14: 000055cc3886f590 R15: 0000000000000001\n[ 2064.342857]\n[ 2064.343226] Allocated by task 12438:\n[ 2064.344057] kasan_save_stack+0x1c/0x40\n[ 2064.345079] __kasan_kmalloc+0x84/0xa0\n[ 2064.345933] kmem_cache_alloc_trace+0x13b/0x220\n[ 2064.346953] dlm_posix_unlock+0xec/0x720 [dlm]\n[ 2064.348811] do_lock_file_wait.part.32+0xca/0x1d0\n[ 2064.351070] fcntl_setlk+0x281/0xbc0\n[ 2064.352879] do_fcntl+0x5e4/0xfe0\n[ 2064.354657] __x64_sys_fcntl+0x11f/0x170\n[ 2064.356550] do_syscall_64+0x3a/0x80\n[ 2064.358259] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 2064.360745]\n[ 2064.361511] Last potentially related work creation:\n[ 2064.363957] kasan_save_stack+0x1c/0x40\n[ 2064.365811] __kasan_record_aux_stack+0xaf/0xc0\n[ 2064.368100] call_rcu+0x11b/0xf70\n[ 2064.369785] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]\n[ 2064.372404] receive_from_sock+0x290/0x770 [dlm]\n[ 2064.374607] process_recv_sockets+0x32/0x40 [dlm]\n[ 2064.377290] process_one_work+0x9a8/0x16e0\n[ 2064.379357] worker_thread+0x87/0xbf0\n[ 2064.381188] kthread+0x3ac/0x490\n[ 2064.383460] ret_from_fork+0x22/0x30\n[ 2064.385588]\n[ 2064.386518] Second to last potentially related work creation:\n[ 2064.389219] kasan_save_stack+0x1c/0x40\n[ 2064.391043] __kasan_record_aux_stack+0xaf/0xc0\n[ 2064.393303] call_rcu+0x11b/0xf70\n[ 2064.394885] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]\n[ 2064.397694] receive_from_sock+0x290/0x770 \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:01.165Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2c55155cc365861044d9e6e80e342693e8805e33"
},
{
"url": "https://git.kernel.org/stable/c/72f2f68970f9bdc252d59e119b385a6441b0b155"
},
{
"url": "https://git.kernel.org/stable/c/5a1765adf9855cf0f6d3f7e0eb4b78ca66f70dee"
},
{
"url": "https://git.kernel.org/stable/c/49cd9eb7b9a7b88124b31e31f8e539acaf1b3a6d"
},
{
"url": "https://git.kernel.org/stable/c/899bc4429174861122f0c236588700a4710c1fec"
},
{
"url": "https://git.kernel.org/stable/c/acdad5bc9827922ec2f2e84fd198718aa8e8ab92"
},
{
"url": "https://git.kernel.org/stable/c/56aa8d1fbd02357f3bf81bdfba1cde87ce8402fc"
},
{
"url": "https://git.kernel.org/stable/c/e421872fa17542cf33747071fb141b0130ce9ef7"
},
{
"url": "https://git.kernel.org/stable/c/42252d0d2aa9b94d168241710a761588b3959019"
}
],
"title": "dlm: fix plock invalid read",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49407",
"datePublished": "2025-02-26T02:12:31.562Z",
"dateReserved": "2025-02-26T02:08:31.566Z",
"dateUpdated": "2025-05-04T08:37:01.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49591 (GCVE-0-2022-49591)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: microchip: ksz_common: Fix refcount leak bug
In ksz_switch_register(), we should call of_node_put() for the
reference returned by of_get_child_by_name() which has increased
the refcount.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:35:47.908060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:53.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/microchip/ksz_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "88ec2ff42da3ac93b2437dc52fe25cd4372148e6",
"status": "affected",
"version": "912aae27c6af6605eae967ab540c5e26bd76d421",
"versionType": "git"
},
{
"lessThan": "4165e02716518bbbe9c9104b39530d40928bc7ce",
"status": "affected",
"version": "912aae27c6af6605eae967ab540c5e26bd76d421",
"versionType": "git"
},
{
"lessThan": "a14bd7475452c51835dd5a0cee4c8fa48dd0b539",
"status": "affected",
"version": "912aae27c6af6605eae967ab540c5e26bd76d421",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/microchip/ksz_common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: microchip: ksz_common: Fix refcount leak bug\n\nIn ksz_switch_register(), we should call of_node_put() for the\nreference returned by of_get_child_by_name() which has increased\nthe refcount."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:20.097Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/88ec2ff42da3ac93b2437dc52fe25cd4372148e6"
},
{
"url": "https://git.kernel.org/stable/c/4165e02716518bbbe9c9104b39530d40928bc7ce"
},
{
"url": "https://git.kernel.org/stable/c/a14bd7475452c51835dd5a0cee4c8fa48dd0b539"
}
],
"title": "net: dsa: microchip: ksz_common: Fix refcount leak bug",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49591",
"datePublished": "2025-02-26T02:23:24.078Z",
"dateReserved": "2025-02-26T02:21:30.412Z",
"dateUpdated": "2025-10-01T19:36:53.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47632 (GCVE-0-2021-47632)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/set_memory: Avoid spinlock recursion in change_page_attr()
Commit 1f9ad21c3b38 ("powerpc/mm: Implement set_memory() routines")
included a spin_lock() to change_page_attr() in order to
safely perform the three step operations. But then
commit 9f7853d7609d ("powerpc/mm: Fix set_memory_*() against
concurrent accesses") modify it to use pte_update() and do
the operation safely against concurrent access.
In the meantime, Maxime reported some spinlock recursion.
[ 15.351649] BUG: spinlock recursion on CPU#0, kworker/0:2/217
[ 15.357540] lock: init_mm+0x3c/0x420, .magic: dead4ead, .owner: kworker/0:2/217, .owner_cpu: 0
[ 15.366563] CPU: 0 PID: 217 Comm: kworker/0:2 Not tainted 5.15.0+ #523
[ 15.373350] Workqueue: events do_free_init
[ 15.377615] Call Trace:
[ 15.380232] [e4105ac0] [800946a4] do_raw_spin_lock+0xf8/0x120 (unreliable)
[ 15.387340] [e4105ae0] [8001f4ec] change_page_attr+0x40/0x1d4
[ 15.393413] [e4105b10] [801424e0] __apply_to_page_range+0x164/0x310
[ 15.400009] [e4105b60] [80169620] free_pcp_prepare+0x1e4/0x4a0
[ 15.406045] [e4105ba0] [8016c5a0] free_unref_page+0x40/0x2b8
[ 15.411979] [e4105be0] [8018724c] kasan_depopulate_vmalloc_pte+0x6c/0x94
[ 15.418989] [e4105c00] [801424e0] __apply_to_page_range+0x164/0x310
[ 15.425451] [e4105c50] [80187834] kasan_release_vmalloc+0xbc/0x134
[ 15.431898] [e4105c70] [8015f7a8] __purge_vmap_area_lazy+0x4e4/0xdd8
[ 15.438560] [e4105d30] [80160d10] _vm_unmap_aliases.part.0+0x17c/0x24c
[ 15.445283] [e4105d60] [801642d0] __vunmap+0x2f0/0x5c8
[ 15.450684] [e4105db0] [800e32d0] do_free_init+0x68/0x94
[ 15.456181] [e4105dd0] [8005d094] process_one_work+0x4bc/0x7b8
[ 15.462283] [e4105e90] [8005d614] worker_thread+0x284/0x6e8
[ 15.468227] [e4105f00] [8006aaec] kthread+0x1f0/0x210
[ 15.473489] [e4105f40] [80017148] ret_from_kernel_thread+0x14/0x1c
Remove the read / modify / write sequence to make the operation atomic
and remove the spin_lock() in change_page_attr().
To do the operation atomically, we can't use pte modification helpers
anymore. Because all platforms have different combination of bits, it
is not easy to use those bits directly. But all have the
_PAGE_KERNEL_{RO/ROX/RW/RWX} set of flags. All we need it to compare
two sets to know which bits are set or cleared.
For instance, by comparing _PAGE_KERNEL_ROX and _PAGE_KERNEL_RO you
know which bit gets cleared and which bit get set when changing exec
permission.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47632",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:57.835061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:08.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/mm/pageattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6def4eaf0391f24be541633a954c0e4876858b1e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "96917107e67846f1d959ed03be281048efad14c5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6ebe5ca2cbe438a688f2ae238ef5a0b0b5f3468a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a4c182ecf33584b9b2d1aa9dad073014a504c01f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/mm/pageattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/set_memory: Avoid spinlock recursion in change_page_attr()\n\nCommit 1f9ad21c3b38 (\"powerpc/mm: Implement set_memory() routines\")\nincluded a spin_lock() to change_page_attr() in order to\nsafely perform the three step operations. But then\ncommit 9f7853d7609d (\"powerpc/mm: Fix set_memory_*() against\nconcurrent accesses\") modify it to use pte_update() and do\nthe operation safely against concurrent access.\n\nIn the meantime, Maxime reported some spinlock recursion.\n\n[ 15.351649] BUG: spinlock recursion on CPU#0, kworker/0:2/217\n[ 15.357540] lock: init_mm+0x3c/0x420, .magic: dead4ead, .owner: kworker/0:2/217, .owner_cpu: 0\n[ 15.366563] CPU: 0 PID: 217 Comm: kworker/0:2 Not tainted 5.15.0+ #523\n[ 15.373350] Workqueue: events do_free_init\n[ 15.377615] Call Trace:\n[ 15.380232] [e4105ac0] [800946a4] do_raw_spin_lock+0xf8/0x120 (unreliable)\n[ 15.387340] [e4105ae0] [8001f4ec] change_page_attr+0x40/0x1d4\n[ 15.393413] [e4105b10] [801424e0] __apply_to_page_range+0x164/0x310\n[ 15.400009] [e4105b60] [80169620] free_pcp_prepare+0x1e4/0x4a0\n[ 15.406045] [e4105ba0] [8016c5a0] free_unref_page+0x40/0x2b8\n[ 15.411979] [e4105be0] [8018724c] kasan_depopulate_vmalloc_pte+0x6c/0x94\n[ 15.418989] [e4105c00] [801424e0] __apply_to_page_range+0x164/0x310\n[ 15.425451] [e4105c50] [80187834] kasan_release_vmalloc+0xbc/0x134\n[ 15.431898] [e4105c70] [8015f7a8] __purge_vmap_area_lazy+0x4e4/0xdd8\n[ 15.438560] [e4105d30] [80160d10] _vm_unmap_aliases.part.0+0x17c/0x24c\n[ 15.445283] [e4105d60] [801642d0] __vunmap+0x2f0/0x5c8\n[ 15.450684] [e4105db0] [800e32d0] do_free_init+0x68/0x94\n[ 15.456181] [e4105dd0] [8005d094] process_one_work+0x4bc/0x7b8\n[ 15.462283] [e4105e90] [8005d614] worker_thread+0x284/0x6e8\n[ 15.468227] [e4105f00] [8006aaec] kthread+0x1f0/0x210\n[ 15.473489] [e4105f40] [80017148] ret_from_kernel_thread+0x14/0x1c\n\nRemove the read / modify / write sequence to make the operation atomic\nand remove the spin_lock() in change_page_attr().\n\nTo do the operation atomically, we can\u0027t use pte modification helpers\nanymore. Because all platforms have different combination of bits, it\nis not easy to use those bits directly. But all have the\n_PAGE_KERNEL_{RO/ROX/RW/RWX} set of flags. All we need it to compare\ntwo sets to know which bits are set or cleared.\n\nFor instance, by comparing _PAGE_KERNEL_ROX and _PAGE_KERNEL_RO you\nknow which bit gets cleared and which bit get set when changing exec\npermission."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:11.017Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6def4eaf0391f24be541633a954c0e4876858b1e"
},
{
"url": "https://git.kernel.org/stable/c/96917107e67846f1d959ed03be281048efad14c5"
},
{
"url": "https://git.kernel.org/stable/c/6ebe5ca2cbe438a688f2ae238ef5a0b0b5f3468a"
},
{
"url": "https://git.kernel.org/stable/c/a4c182ecf33584b9b2d1aa9dad073014a504c01f"
}
],
"title": "powerpc/set_memory: Avoid spinlock recursion in change_page_attr()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47632",
"datePublished": "2025-02-26T01:54:08.162Z",
"dateReserved": "2025-02-26T01:48:21.518Z",
"dateUpdated": "2025-10-01T19:57:08.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47637 (GCVE-0-2021-47637)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
Following hung tasks:
[ 77.028764] task:kworker/u8:4 state:D stack: 0 pid: 132
[ 77.028820] Call Trace:
[ 77.029027] schedule+0x8c/0x1b0
[ 77.029067] mutex_lock+0x50/0x60
[ 77.029074] ubifs_write_inode+0x68/0x1f0 [ubifs]
[ 77.029117] __writeback_single_inode+0x43c/0x570
[ 77.029128] writeback_sb_inodes+0x259/0x740
[ 77.029148] wb_writeback+0x107/0x4d0
[ 77.029163] wb_workfn+0x162/0x7b0
[ 92.390442] task:aa state:D stack: 0 pid: 1506
[ 92.390448] Call Trace:
[ 92.390458] schedule+0x8c/0x1b0
[ 92.390461] wb_wait_for_completion+0x82/0xd0
[ 92.390469] __writeback_inodes_sb_nr+0xb2/0x110
[ 92.390472] writeback_inodes_sb_nr+0x14/0x20
[ 92.390476] ubifs_budget_space+0x705/0xdd0 [ubifs]
[ 92.390503] do_rename.cold+0x7f/0x187 [ubifs]
[ 92.390549] ubifs_rename+0x8b/0x180 [ubifs]
[ 92.390571] vfs_rename+0xdb2/0x1170
[ 92.390580] do_renameat2+0x554/0x770
, are caused by concurrent rename whiteout and inode writeback processes:
rename_whiteout(Thread 1) wb_workfn(Thread2)
ubifs_rename
do_rename
lock_4_inodes (Hold ui_mutex)
ubifs_budget_space
make_free_space
shrink_liability
__writeback_inodes_sb_nr
bdi_split_work_to_wbs (Queue new wb work)
wb_do_writeback(wb work)
__writeback_single_inode
ubifs_write_inode
LOCK(ui_mutex)
↑
wb_wait_for_completion (Wait wb work) <-- deadlock!
Reproducer (Detail program in [Link]):
1. SYS_renameat2("/mp/dir/file", "/mp/dir/whiteout", RENAME_WHITEOUT)
2. Consume out of space before kernel(mdelay) doing budget for whiteout
Fix it by doing whiteout space budget before locking ubifs inodes.
BTW, it also fixes wrong goto tag 'out_release' in whiteout budget
error handling path(It should at least recover dir i_size and unlock
4 ubifs inodes).
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 Version: 9e0a1fff8db56eaaebb74b4a3ef65f86811c4798 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:51.071622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:08.665Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ubifs/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9dddc8211430fb851ddf0b168e3a00c6f66cc185",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "37bdf1ad592555ecda1d55b89f6e393e4c0589d1",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "83e42a78428fc354f5e2049935b84c8d8d29b787",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "c58af8564a7b08757173009030b74baf4b2b762b",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "70e9090acc32348cedc5def0cd6d5c126efc97b9",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "8b278c8dcfb565cb65eceb62a38cbf7a7c326db5",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
},
{
"lessThan": "afd427048047e8efdedab30e8888044e2be5aa9c",
"status": "affected",
"version": "9e0a1fff8db56eaaebb74b4a3ef65f86811c4798",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ubifs/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix deadlock in concurrent rename whiteout and inode writeback\n\nFollowing hung tasks:\n[ 77.028764] task:kworker/u8:4 state:D stack: 0 pid: 132\n[ 77.028820] Call Trace:\n[ 77.029027] schedule+0x8c/0x1b0\n[ 77.029067] mutex_lock+0x50/0x60\n[ 77.029074] ubifs_write_inode+0x68/0x1f0 [ubifs]\n[ 77.029117] __writeback_single_inode+0x43c/0x570\n[ 77.029128] writeback_sb_inodes+0x259/0x740\n[ 77.029148] wb_writeback+0x107/0x4d0\n[ 77.029163] wb_workfn+0x162/0x7b0\n\n[ 92.390442] task:aa state:D stack: 0 pid: 1506\n[ 92.390448] Call Trace:\n[ 92.390458] schedule+0x8c/0x1b0\n[ 92.390461] wb_wait_for_completion+0x82/0xd0\n[ 92.390469] __writeback_inodes_sb_nr+0xb2/0x110\n[ 92.390472] writeback_inodes_sb_nr+0x14/0x20\n[ 92.390476] ubifs_budget_space+0x705/0xdd0 [ubifs]\n[ 92.390503] do_rename.cold+0x7f/0x187 [ubifs]\n[ 92.390549] ubifs_rename+0x8b/0x180 [ubifs]\n[ 92.390571] vfs_rename+0xdb2/0x1170\n[ 92.390580] do_renameat2+0x554/0x770\n\n, are caused by concurrent rename whiteout and inode writeback processes:\n\trename_whiteout(Thread 1)\t wb_workfn(Thread2)\nubifs_rename\n do_rename\n lock_4_inodes (Hold ui_mutex)\n ubifs_budget_space\n make_free_space\n shrink_liability\n\t __writeback_inodes_sb_nr\n\t bdi_split_work_to_wbs (Queue new wb work)\n\t\t\t\t\t wb_do_writeback(wb work)\n\t\t\t\t\t\t__writeback_single_inode\n\t\t\t\t\t ubifs_write_inode\n\t\t\t\t\t LOCK(ui_mutex)\n\t\t\t\t\t\t\t \u2191\n\t wb_wait_for_completion (Wait wb work) \u003c-- deadlock!\n\nReproducer (Detail program in [Link]):\n 1. SYS_renameat2(\"/mp/dir/file\", \"/mp/dir/whiteout\", RENAME_WHITEOUT)\n 2. Consume out of space before kernel(mdelay) doing budget for whiteout\n\nFix it by doing whiteout space budget before locking ubifs inodes.\nBTW, it also fixes wrong goto tag \u0027out_release\u0027 in whiteout budget\nerror handling path(It should at least recover dir i_size and unlock\n4 ubifs inodes)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:16.452Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9dddc8211430fb851ddf0b168e3a00c6f66cc185"
},
{
"url": "https://git.kernel.org/stable/c/37bdf1ad592555ecda1d55b89f6e393e4c0589d1"
},
{
"url": "https://git.kernel.org/stable/c/83e42a78428fc354f5e2049935b84c8d8d29b787"
},
{
"url": "https://git.kernel.org/stable/c/c58af8564a7b08757173009030b74baf4b2b762b"
},
{
"url": "https://git.kernel.org/stable/c/70e9090acc32348cedc5def0cd6d5c126efc97b9"
},
{
"url": "https://git.kernel.org/stable/c/8b278c8dcfb565cb65eceb62a38cbf7a7c326db5"
},
{
"url": "https://git.kernel.org/stable/c/afd427048047e8efdedab30e8888044e2be5aa9c"
}
],
"title": "ubifs: Fix deadlock in concurrent rename whiteout and inode writeback",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47637",
"datePublished": "2025-02-26T01:54:10.709Z",
"dateReserved": "2025-02-26T01:48:21.519Z",
"dateUpdated": "2025-10-01T19:57:08.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49076 (GCVE-0-2022-49076)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hfi1: Fix use-after-free bug for mm struct
Under certain conditions, such as MPI_Abort, the hfi1 cleanup code may
represent the last reference held on the task mm.
hfi1_mmu_rb_unregister() then drops the last reference and the mm is freed
before the final use in hfi1_release_user_pages(). A new task may
allocate the mm structure while it is still being used, resulting in
problems. One manifestation is corruption of the mmap_sem counter leading
to a hang in down_write(). Another is corruption of an mm struct that is
in use by another task.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3d2a9d642512c21a12d19b9250e7a835dcb41a79 Version: 3d2a9d642512c21a12d19b9250e7a835dcb41a79 Version: 3d2a9d642512c21a12d19b9250e7a835dcb41a79 Version: 3d2a9d642512c21a12d19b9250e7a835dcb41a79 Version: 3d2a9d642512c21a12d19b9250e7a835dcb41a79 Version: 5732f83596f8a573f2cde814cc76a54e1a8995c7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:17:39.018953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:35.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/mmu_rb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5f54364ff6cfcd14cddf5441c4a490bb28dd69f7",
"status": "affected",
"version": "3d2a9d642512c21a12d19b9250e7a835dcb41a79",
"versionType": "git"
},
{
"lessThan": "9ca11bd8222a612de0d2f54d050bfcf61ae2883f",
"status": "affected",
"version": "3d2a9d642512c21a12d19b9250e7a835dcb41a79",
"versionType": "git"
},
{
"lessThan": "0b7186d657ee55e2cdefae498f07d5c1961e8023",
"status": "affected",
"version": "3d2a9d642512c21a12d19b9250e7a835dcb41a79",
"versionType": "git"
},
{
"lessThan": "5a9a1b24ddb510715f8f621263938186579a965c",
"status": "affected",
"version": "3d2a9d642512c21a12d19b9250e7a835dcb41a79",
"versionType": "git"
},
{
"lessThan": "2bbac98d0930e8161b1957dc0ec99de39ade1b3c",
"status": "affected",
"version": "3d2a9d642512c21a12d19b9250e7a835dcb41a79",
"versionType": "git"
},
{
"status": "affected",
"version": "5732f83596f8a573f2cde814cc76a54e1a8995c7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/mmu_rb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.9.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Fix use-after-free bug for mm struct\n\nUnder certain conditions, such as MPI_Abort, the hfi1 cleanup code may\nrepresent the last reference held on the task mm.\nhfi1_mmu_rb_unregister() then drops the last reference and the mm is freed\nbefore the final use in hfi1_release_user_pages(). A new task may\nallocate the mm structure while it is still being used, resulting in\nproblems. One manifestation is corruption of the mmap_sem counter leading\nto a hang in down_write(). Another is corruption of an mm struct that is\nin use by another task."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:15.733Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5f54364ff6cfcd14cddf5441c4a490bb28dd69f7"
},
{
"url": "https://git.kernel.org/stable/c/9ca11bd8222a612de0d2f54d050bfcf61ae2883f"
},
{
"url": "https://git.kernel.org/stable/c/0b7186d657ee55e2cdefae498f07d5c1961e8023"
},
{
"url": "https://git.kernel.org/stable/c/5a9a1b24ddb510715f8f621263938186579a965c"
},
{
"url": "https://git.kernel.org/stable/c/2bbac98d0930e8161b1957dc0ec99de39ade1b3c"
}
],
"title": "RDMA/hfi1: Fix use-after-free bug for mm struct",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49076",
"datePublished": "2025-02-26T01:54:39.251Z",
"dateReserved": "2025-02-26T01:49:39.246Z",
"dateUpdated": "2025-05-04T12:44:15.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49505 (GCVE-0-2022-49505)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFC: NULL out the dev->rfkill to prevent UAF
Commit 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register_device")
assumes the device_is_registered() in function nfc_dev_up() will help
to check when the rfkill is unregistered. However, this check only
take effect when device_del(&dev->dev) is done in nfc_unregister_device().
Hence, the rfkill object is still possible be dereferenced.
The crash trace in latest kernel (5.18-rc2):
[ 68.760105] ==================================================================
[ 68.760330] BUG: KASAN: use-after-free in __lock_acquire+0x3ec1/0x6750
[ 68.760756] Read of size 8 at addr ffff888009c93018 by task fuzz/313
[ 68.760756]
[ 68.760756] CPU: 0 PID: 313 Comm: fuzz Not tainted 5.18.0-rc2 #4
[ 68.760756] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 68.760756] Call Trace:
[ 68.760756] <TASK>
[ 68.760756] dump_stack_lvl+0x57/0x7d
[ 68.760756] print_report.cold+0x5e/0x5db
[ 68.760756] ? __lock_acquire+0x3ec1/0x6750
[ 68.760756] kasan_report+0xbe/0x1c0
[ 68.760756] ? __lock_acquire+0x3ec1/0x6750
[ 68.760756] __lock_acquire+0x3ec1/0x6750
[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 68.760756] ? register_lock_class+0x18d0/0x18d0
[ 68.760756] lock_acquire+0x1ac/0x4f0
[ 68.760756] ? rfkill_blocked+0xe/0x60
[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 68.760756] ? mutex_lock_io_nested+0x12c0/0x12c0
[ 68.760756] ? nla_get_range_signed+0x540/0x540
[ 68.760756] ? _raw_spin_lock_irqsave+0x4e/0x50
[ 68.760756] _raw_spin_lock_irqsave+0x39/0x50
[ 68.760756] ? rfkill_blocked+0xe/0x60
[ 68.760756] rfkill_blocked+0xe/0x60
[ 68.760756] nfc_dev_up+0x84/0x260
[ 68.760756] nfc_genl_dev_up+0x90/0xe0
[ 68.760756] genl_family_rcv_msg_doit+0x1f4/0x2f0
[ 68.760756] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x230/0x230
[ 68.760756] ? security_capable+0x51/0x90
[ 68.760756] genl_rcv_msg+0x280/0x500
[ 68.760756] ? genl_get_cmd+0x3c0/0x3c0
[ 68.760756] ? lock_acquire+0x1ac/0x4f0
[ 68.760756] ? nfc_genl_dev_down+0xe0/0xe0
[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 68.760756] netlink_rcv_skb+0x11b/0x340
[ 68.760756] ? genl_get_cmd+0x3c0/0x3c0
[ 68.760756] ? netlink_ack+0x9c0/0x9c0
[ 68.760756] ? netlink_deliver_tap+0x136/0xb00
[ 68.760756] genl_rcv+0x1f/0x30
[ 68.760756] netlink_unicast+0x430/0x710
[ 68.760756] ? memset+0x20/0x40
[ 68.760756] ? netlink_attachskb+0x740/0x740
[ 68.760756] ? __build_skb_around+0x1f4/0x2a0
[ 68.760756] netlink_sendmsg+0x75d/0xc00
[ 68.760756] ? netlink_unicast+0x710/0x710
[ 68.760756] ? netlink_unicast+0x710/0x710
[ 68.760756] sock_sendmsg+0xdf/0x110
[ 68.760756] __sys_sendto+0x19e/0x270
[ 68.760756] ? __ia32_sys_getpeername+0xa0/0xa0
[ 68.760756] ? fd_install+0x178/0x4c0
[ 68.760756] ? fd_install+0x195/0x4c0
[ 68.760756] ? kernel_fpu_begin_mask+0x1c0/0x1c0
[ 68.760756] __x64_sys_sendto+0xd8/0x1b0
[ 68.760756] ? lockdep_hardirqs_on+0xbf/0x130
[ 68.760756] ? syscall_enter_from_user_mode+0x1d/0x50
[ 68.760756] do_syscall_64+0x3b/0x90
[ 68.760756] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.760756] RIP: 0033:0x7f67fb50e6b3
...
[ 68.760756] RSP: 002b:00007f67fa91fe90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 68.760756] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67fb50e6b3
[ 68.760756] RDX: 000000000000001c RSI: 0000559354603090 RDI: 0000000000000003
[ 68.760756] RBP: 00007f67fa91ff00 R08: 00007f67fa91fedc R09: 000000000000000c
[ 68.760756] R10: 0000000000000000 R11: 0000000000000293 R12: 00007ffe824d496e
[ 68.760756] R13: 00007ffe824d496f R14: 00007f67fa120000 R15: 0000000000000003
[ 68.760756] </TASK>
[ 68.760756]
[ 68.760756] Allocated by task 279:
[ 68.760756] kasan_save_stack+0x1e/0x40
[
---truncated---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ff169909eac9e00bf1aa0af739ba6ddfb1b1d135 Version: 47244ac0b65bd74cc70007d8e1bac68bd2baad19 Version: c45cea83e13699bdfd47842e04d09dd43af4c371 Version: 307d2e6cebfca9d92f86c8e2c8e3dd4a8be46ba6 Version: 73a0d12114b4bc1a9def79a623264754b9df698e Version: 8a9c61c3ef187d8891225f9b932390670a43a0d3 Version: 3e3b5dfcd16a3e254aab61bd1e8c417dd4503102 Version: 3e3b5dfcd16a3e254aab61bd1e8c417dd4503102 Version: 3e3b5dfcd16a3e254aab61bd1e8c417dd4503102 Version: 5ef16d2d172ee56714cff37cd005b98aba08ef5a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:58:28.672028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:28.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a8e03bcad52dc9afabf650fdbad84f739cec9efa",
"status": "affected",
"version": "ff169909eac9e00bf1aa0af739ba6ddfb1b1d135",
"versionType": "git"
},
{
"lessThan": "f81270125b50532624400063281e6611ecd61ddf",
"status": "affected",
"version": "47244ac0b65bd74cc70007d8e1bac68bd2baad19",
"versionType": "git"
},
{
"lessThan": "6abfaca8711803d0d7cc8c0fac1070a88509d463",
"status": "affected",
"version": "c45cea83e13699bdfd47842e04d09dd43af4c371",
"versionType": "git"
},
{
"lessThan": "fbf9c4c714d3cdeb98b6a18e4d057f931cad1d81",
"status": "affected",
"version": "307d2e6cebfca9d92f86c8e2c8e3dd4a8be46ba6",
"versionType": "git"
},
{
"lessThan": "2a1b5110c95e4d49c8c3906270dfcde680a5a7be",
"status": "affected",
"version": "73a0d12114b4bc1a9def79a623264754b9df698e",
"versionType": "git"
},
{
"lessThan": "1632be63862f183cd5cf1cc094e698e6ec005dfd",
"status": "affected",
"version": "8a9c61c3ef187d8891225f9b932390670a43a0d3",
"versionType": "git"
},
{
"lessThan": "4a68938f43b7c2663e4c90bb9bbe29ac8b9a42a0",
"status": "affected",
"version": "3e3b5dfcd16a3e254aab61bd1e8c417dd4503102",
"versionType": "git"
},
{
"lessThan": "4f5d71930f41be78557f9714393179025baacd65",
"status": "affected",
"version": "3e3b5dfcd16a3e254aab61bd1e8c417dd4503102",
"versionType": "git"
},
{
"lessThan": "1b0e81416a24d6e9b8c2341e22e8bf48f8b8bfc9",
"status": "affected",
"version": "3e3b5dfcd16a3e254aab61bd1e8c417dd4503102",
"versionType": "git"
},
{
"status": "affected",
"version": "5ef16d2d172ee56714cff37cd005b98aba08ef5a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "4.9.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.14.256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.19.218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "5.4.162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.10.82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.293",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: NULL out the dev-\u003erfkill to prevent UAF\n\nCommit 3e3b5dfcd16a (\"NFC: reorder the logic in nfc_{un,}register_device\")\nassumes the device_is_registered() in function nfc_dev_up() will help\nto check when the rfkill is unregistered. However, this check only\ntake effect when device_del(\u0026dev-\u003edev) is done in nfc_unregister_device().\nHence, the rfkill object is still possible be dereferenced.\n\nThe crash trace in latest kernel (5.18-rc2):\n\n[ 68.760105] ==================================================================\n[ 68.760330] BUG: KASAN: use-after-free in __lock_acquire+0x3ec1/0x6750\n[ 68.760756] Read of size 8 at addr ffff888009c93018 by task fuzz/313\n[ 68.760756]\n[ 68.760756] CPU: 0 PID: 313 Comm: fuzz Not tainted 5.18.0-rc2 #4\n[ 68.760756] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[ 68.760756] Call Trace:\n[ 68.760756] \u003cTASK\u003e\n[ 68.760756] dump_stack_lvl+0x57/0x7d\n[ 68.760756] print_report.cold+0x5e/0x5db\n[ 68.760756] ? __lock_acquire+0x3ec1/0x6750\n[ 68.760756] kasan_report+0xbe/0x1c0\n[ 68.760756] ? __lock_acquire+0x3ec1/0x6750\n[ 68.760756] __lock_acquire+0x3ec1/0x6750\n[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410\n[ 68.760756] ? register_lock_class+0x18d0/0x18d0\n[ 68.760756] lock_acquire+0x1ac/0x4f0\n[ 68.760756] ? rfkill_blocked+0xe/0x60\n[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410\n[ 68.760756] ? mutex_lock_io_nested+0x12c0/0x12c0\n[ 68.760756] ? nla_get_range_signed+0x540/0x540\n[ 68.760756] ? _raw_spin_lock_irqsave+0x4e/0x50\n[ 68.760756] _raw_spin_lock_irqsave+0x39/0x50\n[ 68.760756] ? rfkill_blocked+0xe/0x60\n[ 68.760756] rfkill_blocked+0xe/0x60\n[ 68.760756] nfc_dev_up+0x84/0x260\n[ 68.760756] nfc_genl_dev_up+0x90/0xe0\n[ 68.760756] genl_family_rcv_msg_doit+0x1f4/0x2f0\n[ 68.760756] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x230/0x230\n[ 68.760756] ? security_capable+0x51/0x90\n[ 68.760756] genl_rcv_msg+0x280/0x500\n[ 68.760756] ? genl_get_cmd+0x3c0/0x3c0\n[ 68.760756] ? lock_acquire+0x1ac/0x4f0\n[ 68.760756] ? nfc_genl_dev_down+0xe0/0xe0\n[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410\n[ 68.760756] netlink_rcv_skb+0x11b/0x340\n[ 68.760756] ? genl_get_cmd+0x3c0/0x3c0\n[ 68.760756] ? netlink_ack+0x9c0/0x9c0\n[ 68.760756] ? netlink_deliver_tap+0x136/0xb00\n[ 68.760756] genl_rcv+0x1f/0x30\n[ 68.760756] netlink_unicast+0x430/0x710\n[ 68.760756] ? memset+0x20/0x40\n[ 68.760756] ? netlink_attachskb+0x740/0x740\n[ 68.760756] ? __build_skb_around+0x1f4/0x2a0\n[ 68.760756] netlink_sendmsg+0x75d/0xc00\n[ 68.760756] ? netlink_unicast+0x710/0x710\n[ 68.760756] ? netlink_unicast+0x710/0x710\n[ 68.760756] sock_sendmsg+0xdf/0x110\n[ 68.760756] __sys_sendto+0x19e/0x270\n[ 68.760756] ? __ia32_sys_getpeername+0xa0/0xa0\n[ 68.760756] ? fd_install+0x178/0x4c0\n[ 68.760756] ? fd_install+0x195/0x4c0\n[ 68.760756] ? kernel_fpu_begin_mask+0x1c0/0x1c0\n[ 68.760756] __x64_sys_sendto+0xd8/0x1b0\n[ 68.760756] ? lockdep_hardirqs_on+0xbf/0x130\n[ 68.760756] ? syscall_enter_from_user_mode+0x1d/0x50\n[ 68.760756] do_syscall_64+0x3b/0x90\n[ 68.760756] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 68.760756] RIP: 0033:0x7f67fb50e6b3\n...\n[ 68.760756] RSP: 002b:00007f67fa91fe90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c\n[ 68.760756] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67fb50e6b3\n[ 68.760756] RDX: 000000000000001c RSI: 0000559354603090 RDI: 0000000000000003\n[ 68.760756] RBP: 00007f67fa91ff00 R08: 00007f67fa91fedc R09: 000000000000000c\n[ 68.760756] R10: 0000000000000000 R11: 0000000000000293 R12: 00007ffe824d496e\n[ 68.760756] R13: 00007ffe824d496f R14: 00007f67fa120000 R15: 0000000000000003\n\n[ 68.760756] \u003c/TASK\u003e\n[ 68.760756]\n[ 68.760756] Allocated by task 279:\n[ 68.760756] kasan_save_stack+0x1e/0x40\n[\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:52.412Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a8e03bcad52dc9afabf650fdbad84f739cec9efa"
},
{
"url": "https://git.kernel.org/stable/c/f81270125b50532624400063281e6611ecd61ddf"
},
{
"url": "https://git.kernel.org/stable/c/6abfaca8711803d0d7cc8c0fac1070a88509d463"
},
{
"url": "https://git.kernel.org/stable/c/fbf9c4c714d3cdeb98b6a18e4d057f931cad1d81"
},
{
"url": "https://git.kernel.org/stable/c/2a1b5110c95e4d49c8c3906270dfcde680a5a7be"
},
{
"url": "https://git.kernel.org/stable/c/1632be63862f183cd5cf1cc094e698e6ec005dfd"
},
{
"url": "https://git.kernel.org/stable/c/4a68938f43b7c2663e4c90bb9bbe29ac8b9a42a0"
},
{
"url": "https://git.kernel.org/stable/c/4f5d71930f41be78557f9714393179025baacd65"
},
{
"url": "https://git.kernel.org/stable/c/1b0e81416a24d6e9b8c2341e22e8bf48f8b8bfc9"
}
],
"title": "NFC: NULL out the dev-\u003erfkill to prevent UAF",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49505",
"datePublished": "2025-02-26T02:13:37.496Z",
"dateReserved": "2025-02-26T02:08:31.586Z",
"dateUpdated": "2025-05-04T12:44:52.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49707 (GCVE-0-2022-49707)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: add reserved GDT blocks check
We capture a NULL pointer issue when resizing a corrupt ext4 image which
is freshly clear resize_inode feature (not run e2fsck). It could be
simply reproduced by following steps. The problem is because of the
resize_inode feature was cleared, and it will convert the filesystem to
meta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was
not reduced to zero, so could we mistakenly call reserve_backup_gdb()
and passing an uninitialized resize_inode to it when adding new group
descriptors.
mkfs.ext4 /dev/sda 3G
tune2fs -O ^resize_inode /dev/sda #forget to run requested e2fsck
mount /dev/sda /mnt
resize2fs /dev/sda 8G
========
BUG: kernel NULL pointer dereference, address: 0000000000000028
CPU: 19 PID: 3243 Comm: resize2fs Not tainted 5.18.0-rc7-00001-gfde086c5ebfd #748
...
RIP: 0010:ext4_flex_group_add+0xe08/0x2570
...
Call Trace:
<TASK>
ext4_resize_fs+0xbec/0x1660
__ext4_ioctl+0x1749/0x24e0
ext4_ioctl+0x12/0x20
__x64_sys_ioctl+0xa6/0x110
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f2dd739617b
========
The fix is simple, add a check in ext4_resize_begin() to make sure that
the es->s_reserved_gdt_blocks is zero when the resize_inode feature is
disabled.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:32:29.329505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:45.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/resize.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0dc2fca8e4f9ac4a40e8424a10163369cca0cc06",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7c921328ac760bba780bdace41f4cd045f7f1405",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b9747263b13e5290ac4d63bec47e38f701303cad",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fba54289176702a7caac0b64738406775817f451",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bfd004a1d3a062aac300523d406ac1f3e5f1a82c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "33b1bba31f4c784d33d2c2517964bdccdc9204cd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "af75c481a2e45e70f62f5942c93695e95bf7bd21",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b55c3cd102a6f48b90e61c44f7f3dda8c290c694",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/resize.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: add reserved GDT blocks check\n\nWe capture a NULL pointer issue when resizing a corrupt ext4 image which\nis freshly clear resize_inode feature (not run e2fsck). It could be\nsimply reproduced by following steps. The problem is because of the\nresize_inode feature was cleared, and it will convert the filesystem to\nmeta_bg mode in ext4_resize_fs(), but the es-\u003es_reserved_gdt_blocks was\nnot reduced to zero, so could we mistakenly call reserve_backup_gdb()\nand passing an uninitialized resize_inode to it when adding new group\ndescriptors.\n\n mkfs.ext4 /dev/sda 3G\n tune2fs -O ^resize_inode /dev/sda #forget to run requested e2fsck\n mount /dev/sda /mnt\n resize2fs /dev/sda 8G\n\n ========\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n CPU: 19 PID: 3243 Comm: resize2fs Not tainted 5.18.0-rc7-00001-gfde086c5ebfd #748\n ...\n RIP: 0010:ext4_flex_group_add+0xe08/0x2570\n ...\n Call Trace:\n \u003cTASK\u003e\n ext4_resize_fs+0xbec/0x1660\n __ext4_ioctl+0x1749/0x24e0\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0xa6/0x110\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f2dd739617b\n ========\n\nThe fix is simple, add a check in ext4_resize_begin() to make sure that\nthe es-\u003es_reserved_gdt_blocks is zero when the resize_inode feature is\ndisabled."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:46.588Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0dc2fca8e4f9ac4a40e8424a10163369cca0cc06"
},
{
"url": "https://git.kernel.org/stable/c/7c921328ac760bba780bdace41f4cd045f7f1405"
},
{
"url": "https://git.kernel.org/stable/c/b9747263b13e5290ac4d63bec47e38f701303cad"
},
{
"url": "https://git.kernel.org/stable/c/fba54289176702a7caac0b64738406775817f451"
},
{
"url": "https://git.kernel.org/stable/c/bfd004a1d3a062aac300523d406ac1f3e5f1a82c"
},
{
"url": "https://git.kernel.org/stable/c/33b1bba31f4c784d33d2c2517964bdccdc9204cd"
},
{
"url": "https://git.kernel.org/stable/c/af75c481a2e45e70f62f5942c93695e95bf7bd21"
},
{
"url": "https://git.kernel.org/stable/c/b55c3cd102a6f48b90e61c44f7f3dda8c290c694"
}
],
"title": "ext4: add reserved GDT blocks check",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49707",
"datePublished": "2025-02-26T02:24:25.441Z",
"dateReserved": "2025-02-26T02:21:30.444Z",
"dateUpdated": "2025-10-01T19:36:45.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49253 (GCVE-0-2022-49253)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: usb: go7007: s2250-board: fix leak in probe()
Call i2c_unregister_device(audio) on this error path.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2 Version: d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2 Version: d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2 Version: d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2 Version: d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2 Version: d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2 Version: d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2 Version: d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2 Version: d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/go7007/s2250-board.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bbdd0e15738336e6b1208304ae98525117877bbd",
"status": "affected",
"version": "d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2",
"versionType": "git"
},
{
"lessThan": "a97130cd5b0c00eec169b10a16d922b9ea67324a",
"status": "affected",
"version": "d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2",
"versionType": "git"
},
{
"lessThan": "b7dd177225355da55f8d80d8e568928e0eec3608",
"status": "affected",
"version": "d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2",
"versionType": "git"
},
{
"lessThan": "14cd5a8e61c654828a1f1056d56f0b0a524d2c69",
"status": "affected",
"version": "d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2",
"versionType": "git"
},
{
"lessThan": "44973633b0064c46083833b55dd0a45e6235f8ca",
"status": "affected",
"version": "d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2",
"versionType": "git"
},
{
"lessThan": "895364fa97e60749855f789bc4568883fc7a8b39",
"status": "affected",
"version": "d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2",
"versionType": "git"
},
{
"lessThan": "b5470f3efa530b10296257bb578ce4b1769e9a04",
"status": "affected",
"version": "d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2",
"versionType": "git"
},
{
"lessThan": "948ad5e5624487079c24cb5c81c74ddd02832440",
"status": "affected",
"version": "d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2",
"versionType": "git"
},
{
"lessThan": "67e4550ecd6164bfbdff54c169e5bbf9ccfaf14d",
"status": "affected",
"version": "d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/go7007/s2250-board.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usb: go7007: s2250-board: fix leak in probe()\n\nCall i2c_unregister_device(audio) on this error path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:26.109Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bbdd0e15738336e6b1208304ae98525117877bbd"
},
{
"url": "https://git.kernel.org/stable/c/a97130cd5b0c00eec169b10a16d922b9ea67324a"
},
{
"url": "https://git.kernel.org/stable/c/b7dd177225355da55f8d80d8e568928e0eec3608"
},
{
"url": "https://git.kernel.org/stable/c/14cd5a8e61c654828a1f1056d56f0b0a524d2c69"
},
{
"url": "https://git.kernel.org/stable/c/44973633b0064c46083833b55dd0a45e6235f8ca"
},
{
"url": "https://git.kernel.org/stable/c/895364fa97e60749855f789bc4568883fc7a8b39"
},
{
"url": "https://git.kernel.org/stable/c/b5470f3efa530b10296257bb578ce4b1769e9a04"
},
{
"url": "https://git.kernel.org/stable/c/948ad5e5624487079c24cb5c81c74ddd02832440"
},
{
"url": "https://git.kernel.org/stable/c/67e4550ecd6164bfbdff54c169e5bbf9ccfaf14d"
}
],
"title": "media: usb: go7007: s2250-board: fix leak in probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49253",
"datePublished": "2025-02-26T01:56:09.146Z",
"dateReserved": "2025-02-26T01:49:39.295Z",
"dateUpdated": "2025-05-04T08:33:26.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49236 (GCVE-0-2022-49236)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix UAF due to race between btf_try_get_module and load_module
While working on code to populate kfunc BTF ID sets for module BTF from
its initcall, I noticed that by the time the initcall is invoked, the
module BTF can already be seen by userspace (and the BPF verifier). The
existing btf_try_get_module calls try_module_get which only fails if
mod->state == MODULE_STATE_GOING, i.e. it can increment module reference
when module initcall is happening in parallel.
Currently, BTF parsing happens from MODULE_STATE_COMING notifier
callback. At this point, the module initcalls have not been invoked.
The notifier callback parses and prepares the module BTF, allocates an
ID, which publishes it to userspace, and then adds it to the btf_modules
list allowing the kernel to invoke btf_try_get_module for the BTF.
However, at this point, the module has not been fully initialized (i.e.
its initcalls have not finished). The code in module.c can still fail
and free the module, without caring for other users. However, nothing
stops btf_try_get_module from succeeding between the state transition
from MODULE_STATE_COMING to MODULE_STATE_LIVE.
This leads to a use-after-free issue when BPF program loads
successfully in the state transition, load_module's do_init_module call
fails and frees the module, and BPF program fd on close calls module_put
for the freed module. Future patch has test case to verify we don't
regress in this area in future.
There are multiple points after prepare_coming_module (in load_module)
where failure can occur and module loading can return error. We
illustrate and test for the race using the last point where it can
practically occur (in module __init function).
An illustration of the race:
CPU 0 CPU 1
load_module
notifier_call(MODULE_STATE_COMING)
btf_parse_module
btf_alloc_id // Published to userspace
list_add(&btf_mod->list, btf_modules)
mod->init(...)
... ^
bpf_check |
check_pseudo_btf_id |
btf_try_get_module |
returns true | ...
... | module __init in progress
return prog_fd | ...
... V
if (ret < 0)
free_module(mod)
...
close(prog_fd)
...
bpf_prog_free_deferred
module_put(used_btf.mod) // use-after-free
We fix this issue by setting a flag BTF_MODULE_F_LIVE, from the notifier
callback when MODULE_STATE_LIVE state is reached for the module, so that
we return NULL from btf_try_get_module for modules that are not fully
formed. Since try_module_get already checks that module is not in
MODULE_STATE_GOING state, and that is the only transition a live module
can make before being removed from btf_modules list, this is enough to
close the race and prevent the bug.
A later selftest patch crafts the race condition artifically to verify
that it has been fixed, and that verifier fails to load program (with
ENXIO).
Lastly, a couple of comments:
1. Even if this race didn't exist, it seems more appropriate to only
access resources (ksyms and kfuncs) of a fully formed module which
has been initialized completely.
2. This patch was born out of need for synchronization against module
initcall for the next patch, so it is needed for correctness even
without the aforementioned race condition. The BTF resources
initialized by module initcall are set up once and then only looked
up, so just waiting until the initcall has finished ensures correct
behavior.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:58:59.008541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:29.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/btf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "51b82141fffa454abf937a8ff0b8af89e4fd0c8f",
"status": "affected",
"version": "541c3bad8dc51b253ba8686d0cd7628e6b9b5f4c",
"versionType": "git"
},
{
"lessThan": "d7fccf264b1a785525b366a5b7f8113c756187ad",
"status": "affected",
"version": "541c3bad8dc51b253ba8686d0cd7628e6b9b5f4c",
"versionType": "git"
},
{
"lessThan": "0481baa2318cb1ab13277715da6cdbb657807b3f",
"status": "affected",
"version": "541c3bad8dc51b253ba8686d0cd7628e6b9b5f4c",
"versionType": "git"
},
{
"lessThan": "18688de203b47e5d8d9d0953385bf30b5949324f",
"status": "affected",
"version": "541c3bad8dc51b253ba8686d0cd7628e6b9b5f4c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/btf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix UAF due to race between btf_try_get_module and load_module\n\nWhile working on code to populate kfunc BTF ID sets for module BTF from\nits initcall, I noticed that by the time the initcall is invoked, the\nmodule BTF can already be seen by userspace (and the BPF verifier). The\nexisting btf_try_get_module calls try_module_get which only fails if\nmod-\u003estate == MODULE_STATE_GOING, i.e. it can increment module reference\nwhen module initcall is happening in parallel.\n\nCurrently, BTF parsing happens from MODULE_STATE_COMING notifier\ncallback. At this point, the module initcalls have not been invoked.\nThe notifier callback parses and prepares the module BTF, allocates an\nID, which publishes it to userspace, and then adds it to the btf_modules\nlist allowing the kernel to invoke btf_try_get_module for the BTF.\n\nHowever, at this point, the module has not been fully initialized (i.e.\nits initcalls have not finished). The code in module.c can still fail\nand free the module, without caring for other users. However, nothing\nstops btf_try_get_module from succeeding between the state transition\nfrom MODULE_STATE_COMING to MODULE_STATE_LIVE.\n\nThis leads to a use-after-free issue when BPF program loads\nsuccessfully in the state transition, load_module\u0027s do_init_module call\nfails and frees the module, and BPF program fd on close calls module_put\nfor the freed module. Future patch has test case to verify we don\u0027t\nregress in this area in future.\n\nThere are multiple points after prepare_coming_module (in load_module)\nwhere failure can occur and module loading can return error. We\nillustrate and test for the race using the last point where it can\npractically occur (in module __init function).\n\nAn illustration of the race:\n\nCPU 0 CPU 1\n\t\t\t load_module\n\t\t\t notifier_call(MODULE_STATE_COMING)\n\t\t\t btf_parse_module\n\t\t\t btf_alloc_id\t// Published to userspace\n\t\t\t list_add(\u0026btf_mod-\u003elist, btf_modules)\n\t\t\t mod-\u003einit(...)\n...\t\t\t\t^\nbpf_check\t\t |\ncheck_pseudo_btf_id |\n btf_try_get_module |\n returns true | ...\n... | module __init in progress\nreturn prog_fd | ...\n... V\n\t\t\t if (ret \u003c 0)\n\t\t\t free_module(mod)\n\t\t\t ...\nclose(prog_fd)\n ...\n bpf_prog_free_deferred\n module_put(used_btf.mod) // use-after-free\n\nWe fix this issue by setting a flag BTF_MODULE_F_LIVE, from the notifier\ncallback when MODULE_STATE_LIVE state is reached for the module, so that\nwe return NULL from btf_try_get_module for modules that are not fully\nformed. Since try_module_get already checks that module is not in\nMODULE_STATE_GOING state, and that is the only transition a live module\ncan make before being removed from btf_modules list, this is enough to\nclose the race and prevent the bug.\n\nA later selftest patch crafts the race condition artifically to verify\nthat it has been fixed, and that verifier fails to load program (with\nENXIO).\n\nLastly, a couple of comments:\n\n 1. Even if this race didn\u0027t exist, it seems more appropriate to only\n access resources (ksyms and kfuncs) of a fully formed module which\n has been initialized completely.\n\n 2. This patch was born out of need for synchronization against module\n initcall for the next patch, so it is needed for correctness even\n without the aforementioned race condition. The BTF resources\n initialized by module initcall are set up once and then only looked\n up, so just waiting until the initcall has finished ensures correct\n behavior."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:04.114Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/51b82141fffa454abf937a8ff0b8af89e4fd0c8f"
},
{
"url": "https://git.kernel.org/stable/c/d7fccf264b1a785525b366a5b7f8113c756187ad"
},
{
"url": "https://git.kernel.org/stable/c/0481baa2318cb1ab13277715da6cdbb657807b3f"
},
{
"url": "https://git.kernel.org/stable/c/18688de203b47e5d8d9d0953385bf30b5949324f"
}
],
"title": "bpf: Fix UAF due to race between btf_try_get_module and load_module",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49236",
"datePublished": "2025-02-26T01:56:00.689Z",
"dateReserved": "2025-02-26T01:49:39.294Z",
"dateUpdated": "2025-05-04T08:33:04.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49610 (GCVE-0-2022-49610)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: VMX: Prevent RSB underflow before vmenter
On VMX, there are some balanced returns between the time the guest's
SPEC_CTRL value is written, and the vmenter.
Balanced returns (matched by a preceding call) are usually ok, but it's
at least theoretically possible an NMI with a deep call stack could
empty the RSB before one of the returns.
For maximum paranoia, don't allow *any* returns (balanced or otherwise)
between the SPEC_CTRL write and the vmenter.
[ bp: Fix 32-bit build. ]
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/asm-offsets.c",
"arch/x86/kernel/cpu/bugs.c",
"arch/x86/kvm/vmx/capabilities.h",
"arch/x86/kvm/vmx/vmenter.S",
"arch/x86/kvm/vmx/vmx.c",
"arch/x86/kvm/vmx/vmx.h",
"arch/x86/kvm/vmx/vmx_ops.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "afd743f6dde87296c6f3414706964c491bb85862",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "07853adc29a058c5fd143c14e5ac528448a72ed9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/asm-offsets.c",
"arch/x86/kernel/cpu/bugs.c",
"arch/x86/kvm/vmx/capabilities.h",
"arch/x86/kvm/vmx/vmenter.S",
"arch/x86/kvm/vmx/vmx.c",
"arch/x86/kvm/vmx/vmx.h",
"arch/x86/kvm/vmx/vmx_ops.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Prevent RSB underflow before vmenter\n\nOn VMX, there are some balanced returns between the time the guest\u0027s\nSPEC_CTRL value is written, and the vmenter.\n\nBalanced returns (matched by a preceding call) are usually ok, but it\u0027s\nat least theoretically possible an NMI with a deep call stack could\nempty the RSB before one of the returns.\n\nFor maximum paranoia, don\u0027t allow *any* returns (balanced or otherwise)\nbetween the SPEC_CTRL write and the vmenter.\n\n [ bp: Fix 32-bit build. ]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:44.644Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/afd743f6dde87296c6f3414706964c491bb85862"
},
{
"url": "https://git.kernel.org/stable/c/07853adc29a058c5fd143c14e5ac528448a72ed9"
}
],
"title": "KVM: VMX: Prevent RSB underflow before vmenter",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49610",
"datePublished": "2025-02-26T02:23:33.299Z",
"dateReserved": "2025-02-26T02:21:30.417Z",
"dateUpdated": "2025-05-04T08:41:44.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49235 (GCVE-0-2022-49235)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ath9k_htc: fix uninit value bugs
Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing
field initialization.
In htc_connect_service() svc_meta_len and pad are not initialized. Based
on code it looks like in current skb there is no service data, so simply
initialize svc_meta_len to 0.
htc_issue_send() does not initialize htc_frame_hdr::control array. Based
on firmware code, it will initialize it by itself, so simply zero whole
array to make KMSAN happy
Fail logs:
BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430
usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430
hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]
hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479
htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]
htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275
...
Uninit was created at:
slab_post_alloc_hook mm/slab.h:524 [inline]
slab_alloc_node mm/slub.c:3251 [inline]
__kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974
kmalloc_reserve net/core/skbuff.c:354 [inline]
__alloc_skb+0x545/0xf90 net/core/skbuff.c:426
alloc_skb include/linux/skbuff.h:1126 [inline]
htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258
...
Bytes 4-7 of 18 are uninitialized
Memory access of size 18 starts at ffff888027377e00
BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430
usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430
hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]
hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479
htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]
htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275
...
Uninit was created at:
slab_post_alloc_hook mm/slab.h:524 [inline]
slab_alloc_node mm/slub.c:3251 [inline]
__kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974
kmalloc_reserve net/core/skbuff.c:354 [inline]
__alloc_skb+0x545/0xf90 net/core/skbuff.c:426
alloc_skb include/linux/skbuff.h:1126 [inline]
htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258
...
Bytes 16-17 of 18 are uninitialized
Memory access of size 18 starts at ffff888027377e00
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 Version: fb9987d0f748c983bb795a86f47522313f701a08 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:46:00.525917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:03.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/htc_hst.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5c2a6a8daa17a3f65b38b9a5574bb362c13fa1d9",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "e352acdd378e9263cc4c6018e588f2dac7161d07",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "ee4222052a76559c20e821bc3519cefb58b6d3e9",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "4d244b731188e0b63fc40a9d2dec72e9181fb37c",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "11f11ac281f0c0b363d2940204f28bae0422ed71",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "0b700f7d06492de34964b6f414120043364f8191",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "7da6169b6ebb75816b57be3beb829afa74f3b4b6",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "5abf2b761b998063f5e2bae93fd4ab10e2a80f10",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
},
{
"lessThan": "d1e0df1c57bd30871dd1c855742a7c346dbca853",
"status": "affected",
"version": "fb9987d0f748c983bb795a86f47522313f701a08",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/htc_hst.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath9k_htc: fix uninit value bugs\n\nSyzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing\nfield initialization.\n\nIn htc_connect_service() svc_meta_len and pad are not initialized. Based\non code it looks like in current skb there is no service data, so simply\ninitialize svc_meta_len to 0.\n\nhtc_issue_send() does not initialize htc_frame_hdr::control array. Based\non firmware code, it will initialize it by itself, so simply zero whole\narray to make KMSAN happy\n\nFail logs:\n\nBUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430\n usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430\n hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]\n hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479\n htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]\n htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275\n...\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:524 [inline]\n slab_alloc_node mm/slub.c:3251 [inline]\n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974\n kmalloc_reserve net/core/skbuff.c:354 [inline]\n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426\n alloc_skb include/linux/skbuff.h:1126 [inline]\n htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258\n...\n\nBytes 4-7 of 18 are uninitialized\nMemory access of size 18 starts at ffff888027377e00\n\nBUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430\n usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430\n hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]\n hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479\n htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]\n htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275\n...\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:524 [inline]\n slab_alloc_node mm/slub.c:3251 [inline]\n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974\n kmalloc_reserve net/core/skbuff.c:354 [inline]\n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426\n alloc_skb include/linux/skbuff.h:1126 [inline]\n htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258\n...\n\nBytes 16-17 of 18 are uninitialized\nMemory access of size 18 starts at ffff888027377e00"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:02.591Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5c2a6a8daa17a3f65b38b9a5574bb362c13fa1d9"
},
{
"url": "https://git.kernel.org/stable/c/e352acdd378e9263cc4c6018e588f2dac7161d07"
},
{
"url": "https://git.kernel.org/stable/c/ee4222052a76559c20e821bc3519cefb58b6d3e9"
},
{
"url": "https://git.kernel.org/stable/c/4d244b731188e0b63fc40a9d2dec72e9181fb37c"
},
{
"url": "https://git.kernel.org/stable/c/11f11ac281f0c0b363d2940204f28bae0422ed71"
},
{
"url": "https://git.kernel.org/stable/c/0b700f7d06492de34964b6f414120043364f8191"
},
{
"url": "https://git.kernel.org/stable/c/7da6169b6ebb75816b57be3beb829afa74f3b4b6"
},
{
"url": "https://git.kernel.org/stable/c/5abf2b761b998063f5e2bae93fd4ab10e2a80f10"
},
{
"url": "https://git.kernel.org/stable/c/d1e0df1c57bd30871dd1c855742a7c346dbca853"
}
],
"title": "ath9k_htc: fix uninit value bugs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49235",
"datePublished": "2025-02-26T01:56:00.212Z",
"dateReserved": "2025-02-26T01:49:39.294Z",
"dateUpdated": "2025-10-01T19:47:03.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49536 (GCVE-0-2022-49536)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
During stress I/O tests with 500+ vports, hard LOCKUP call traces are
observed.
CPU A:
native_queued_spin_lock_slowpath+0x192
_raw_spin_lock_irqsave+0x32
lpfc_handle_fcp_err+0x4c6
lpfc_fcp_io_cmd_wqe_cmpl+0x964
lpfc_sli4_fp_handle_cqe+0x266
__lpfc_sli4_process_cq+0x105
__lpfc_sli4_hba_process_cq+0x3c
lpfc_cq_poll_hdler+0x16
irq_poll_softirq+0x76
__softirqentry_text_start+0xe4
irq_exit+0xf7
do_IRQ+0x7f
CPU B:
native_queued_spin_lock_slowpath+0x5b
_raw_spin_lock+0x1c
lpfc_abort_handler+0x13e
scmd_eh_abort_handler+0x85
process_one_work+0x1a7
worker_thread+0x30
kthread+0x112
ret_from_fork+0x1f
Diagram of lockup:
CPUA CPUB
---- ----
lpfc_cmd->buf_lock
phba->hbalock
lpfc_cmd->buf_lock
phba->hbalock
Fix by reordering the taking of the lpfc_cmd->buf_lock and phba->hbalock in
lpfc_abort_handler routine so that it tries to take the lpfc_cmd->buf_lock
first before phba->hbalock.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:37:45.898747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:40.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_scsi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7625e81de2164a082810e1f27547d388406da610",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "21c0d469349957b5dc811c41200a2a998996ca8d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0c4eed901285b9cae36a622f32bea3e92490da6c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "03cbbd7c2f5ee288f648f4aeedc765a181188553",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_scsi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix SCSI I/O completion and abort handler deadlock\n\nDuring stress I/O tests with 500+ vports, hard LOCKUP call traces are\nobserved.\n\nCPU A:\n native_queued_spin_lock_slowpath+0x192\n _raw_spin_lock_irqsave+0x32\n lpfc_handle_fcp_err+0x4c6\n lpfc_fcp_io_cmd_wqe_cmpl+0x964\n lpfc_sli4_fp_handle_cqe+0x266\n __lpfc_sli4_process_cq+0x105\n __lpfc_sli4_hba_process_cq+0x3c\n lpfc_cq_poll_hdler+0x16\n irq_poll_softirq+0x76\n __softirqentry_text_start+0xe4\n irq_exit+0xf7\n do_IRQ+0x7f\n\nCPU B:\n native_queued_spin_lock_slowpath+0x5b\n _raw_spin_lock+0x1c\n lpfc_abort_handler+0x13e\n scmd_eh_abort_handler+0x85\n process_one_work+0x1a7\n worker_thread+0x30\n kthread+0x112\n ret_from_fork+0x1f\n\nDiagram of lockup:\n\nCPUA CPUB\n---- ----\nlpfc_cmd-\u003ebuf_lock\n phba-\u003ehbalock\n lpfc_cmd-\u003ebuf_lock\nphba-\u003ehbalock\n\nFix by reordering the taking of the lpfc_cmd-\u003ebuf_lock and phba-\u003ehbalock in\nlpfc_abort_handler routine so that it tries to take the lpfc_cmd-\u003ebuf_lock\nfirst before phba-\u003ehbalock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:02.936Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7625e81de2164a082810e1f27547d388406da610"
},
{
"url": "https://git.kernel.org/stable/c/21c0d469349957b5dc811c41200a2a998996ca8d"
},
{
"url": "https://git.kernel.org/stable/c/0c4eed901285b9cae36a622f32bea3e92490da6c"
},
{
"url": "https://git.kernel.org/stable/c/03cbbd7c2f5ee288f648f4aeedc765a181188553"
}
],
"title": "scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49536",
"datePublished": "2025-02-26T02:13:54.014Z",
"dateReserved": "2025-02-26T02:08:31.589Z",
"dateUpdated": "2025-10-01T19:46:40.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49182 (GCVE-0-2022-49182)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: add vlan list lock to protect vlan list
When adding port base VLAN, vf VLAN need to remove from HW and modify
the vlan state in vf VLAN list as false. If the periodicity task is
freeing the same node, it may cause "use after free" error.
This patch adds a vlan list lock to protect the vlan list.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T18:04:19.985508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T18:07:17.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c",
"drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "30f0ff7176efe8ac6c55f85bce26ed58bb608758",
"status": "affected",
"version": "c6075b193462d9a3930fb41f587f94720658752a",
"versionType": "git"
},
{
"lessThan": "09e383ca97e798f9954189b741af54b5c51e7a97",
"status": "affected",
"version": "c6075b193462d9a3930fb41f587f94720658752a",
"versionType": "git"
},
{
"lessThan": "f58af41deeab0f45c9c80adf5f2de489ebbac3dd",
"status": "affected",
"version": "c6075b193462d9a3930fb41f587f94720658752a",
"versionType": "git"
},
{
"lessThan": "1932a624ab88ff407d1a1d567fe581faa15dc725",
"status": "affected",
"version": "c6075b193462d9a3930fb41f587f94720658752a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c",
"drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: add vlan list lock to protect vlan list\n\nWhen adding port base VLAN, vf VLAN need to remove from HW and modify\nthe vlan state in vf VLAN list as false. If the periodicity task is\nfreeing the same node, it may cause \"use after free\" error.\nThis patch adds a vlan list lock to protect the vlan list."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:45.489Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/30f0ff7176efe8ac6c55f85bce26ed58bb608758"
},
{
"url": "https://git.kernel.org/stable/c/09e383ca97e798f9954189b741af54b5c51e7a97"
},
{
"url": "https://git.kernel.org/stable/c/f58af41deeab0f45c9c80adf5f2de489ebbac3dd"
},
{
"url": "https://git.kernel.org/stable/c/1932a624ab88ff407d1a1d567fe581faa15dc725"
}
],
"title": "net: hns3: add vlan list lock to protect vlan list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49182",
"datePublished": "2025-02-26T01:55:33.574Z",
"dateReserved": "2025-02-26T01:49:39.283Z",
"dateUpdated": "2025-05-04T08:31:45.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49583 (GCVE-0-2022-49583)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iavf: Fix handling of dummy receive descriptors
Fix memory leak caused by not handling dummy receive descriptor properly.
iavf_get_rx_buffer now sets the rx_buffer return value for dummy receive
descriptors. Without this patch, when the hardware writes a dummy
descriptor, iavf would not free the page allocated for the previous receive
buffer. This is an unlikely event but can still happen.
[Jesse: massaged commit message]
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: efa14c3985828da3163f5372137cb64d992b0f79 Version: efa14c3985828da3163f5372137cb64d992b0f79 Version: efa14c3985828da3163f5372137cb64d992b0f79 Version: efa14c3985828da3163f5372137cb64d992b0f79 Version: efa14c3985828da3163f5372137cb64d992b0f79 Version: 2a51e334a0ade539e5b0fcfdbd8b43acb9c7547d Version: 833577ecf3451c7306abb48f221d365c2ee4cc1b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:36:11.477451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:54.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/iavf/iavf_txrx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d88d59faf4e6f9cc4767664206afdb999b10ec77",
"status": "affected",
"version": "efa14c3985828da3163f5372137cb64d992b0f79",
"versionType": "git"
},
{
"lessThan": "c6af94324911ef0846af1a5ce5e049ca736db34b",
"status": "affected",
"version": "efa14c3985828da3163f5372137cb64d992b0f79",
"versionType": "git"
},
{
"lessThan": "2918419c06088f6709ceb543feb01752779ade4c",
"status": "affected",
"version": "efa14c3985828da3163f5372137cb64d992b0f79",
"versionType": "git"
},
{
"lessThan": "6edb818732fc05fda495f5b3a749bd1cee01398b",
"status": "affected",
"version": "efa14c3985828da3163f5372137cb64d992b0f79",
"versionType": "git"
},
{
"lessThan": "a9f49e0060301a9bfebeca76739158d0cf91cdf6",
"status": "affected",
"version": "efa14c3985828da3163f5372137cb64d992b0f79",
"versionType": "git"
},
{
"status": "affected",
"version": "2a51e334a0ade539e5b0fcfdbd8b43acb9c7547d",
"versionType": "git"
},
{
"status": "affected",
"version": "833577ecf3451c7306abb48f221d365c2ee4cc1b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/iavf/iavf_txrx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.208",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.208",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.134",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix handling of dummy receive descriptors\n\nFix memory leak caused by not handling dummy receive descriptor properly.\niavf_get_rx_buffer now sets the rx_buffer return value for dummy receive\ndescriptors. Without this patch, when the hardware writes a dummy\ndescriptor, iavf would not free the page allocated for the previous receive\nbuffer. This is an unlikely event but can still happen.\n\n[Jesse: massaged commit message]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:54.823Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d88d59faf4e6f9cc4767664206afdb999b10ec77"
},
{
"url": "https://git.kernel.org/stable/c/c6af94324911ef0846af1a5ce5e049ca736db34b"
},
{
"url": "https://git.kernel.org/stable/c/2918419c06088f6709ceb543feb01752779ade4c"
},
{
"url": "https://git.kernel.org/stable/c/6edb818732fc05fda495f5b3a749bd1cee01398b"
},
{
"url": "https://git.kernel.org/stable/c/a9f49e0060301a9bfebeca76739158d0cf91cdf6"
}
],
"title": "iavf: Fix handling of dummy receive descriptors",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49583",
"datePublished": "2025-02-26T02:23:20.108Z",
"dateReserved": "2025-02-26T02:21:30.412Z",
"dateUpdated": "2025-10-01T19:36:54.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49398 (GCVE-0-2022-49398)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback
The list_for_each_entry_safe() macro saves the current item (n) and
the item after (n+1), so that n can be safely removed without
corrupting the list. However, when traversing the list and removing
items using gadget giveback, the DWC3 lock is briefly released,
allowing other routines to execute. There is a situation where, while
items are being removed from the cancelled_list using
dwc3_gadget_ep_cleanup_cancelled_requests(), the pullup disable
routine is running in parallel (due to UDC unbind). As the cleanup
routine removes n, and the pullup disable removes n+1, once the
cleanup retakes the DWC3 lock, it references a request who was already
removed/handled. With list debug enabled, this leads to a panic.
Ensure all instances of the macro are replaced where gadget giveback
is used.
Example call stack:
Thread#1:
__dwc3_gadget_ep_set_halt() - CLEAR HALT
-> dwc3_gadget_ep_cleanup_cancelled_requests()
->list_for_each_entry_safe()
->dwc3_gadget_giveback(n)
->dwc3_gadget_del_and_unmap_request()- n deleted[cancelled_list]
->spin_unlock
->Thread#2 executes
...
->dwc3_gadget_giveback(n+1)
->Already removed!
Thread#2:
dwc3_gadget_pullup()
->waiting for dwc3 spin_lock
...
->Thread#1 released lock
->dwc3_stop_active_transfers()
->dwc3_remove_requests()
->fetches n+1 item from cancelled_list (n removed by Thread#1)
->dwc3_gadget_giveback()
->dwc3_gadget_del_and_unmap_request()- n+1 deleted[cancelled_list]
->spin_unlock
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc3/gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1c6e5dc3b639c96e6839a8d1b8e951923fdfd34a",
"status": "affected",
"version": "d4f1afe5e896c18ae01099a85dab5e1a198bd2a8",
"versionType": "git"
},
{
"lessThan": "2424307cdf421ac72075a1384eae4e4199ab6457",
"status": "affected",
"version": "d4f1afe5e896c18ae01099a85dab5e1a198bd2a8",
"versionType": "git"
},
{
"lessThan": "26a7e6832afe9d9a991cfd9015177f083cf959cc",
"status": "affected",
"version": "d4f1afe5e896c18ae01099a85dab5e1a198bd2a8",
"versionType": "git"
},
{
"lessThan": "bf594d1d0c1d7b895954018043536ffd327844f9",
"status": "affected",
"version": "d4f1afe5e896c18ae01099a85dab5e1a198bd2a8",
"versionType": "git"
},
{
"status": "affected",
"version": "d7ff2e3ff0e09d57b43014fe26b13bb3c9677254",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc3/gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback\n\nThe list_for_each_entry_safe() macro saves the current item (n) and\nthe item after (n+1), so that n can be safely removed without\ncorrupting the list. However, when traversing the list and removing\nitems using gadget giveback, the DWC3 lock is briefly released,\nallowing other routines to execute. There is a situation where, while\nitems are being removed from the cancelled_list using\ndwc3_gadget_ep_cleanup_cancelled_requests(), the pullup disable\nroutine is running in parallel (due to UDC unbind). As the cleanup\nroutine removes n, and the pullup disable removes n+1, once the\ncleanup retakes the DWC3 lock, it references a request who was already\nremoved/handled. With list debug enabled, this leads to a panic.\nEnsure all instances of the macro are replaced where gadget giveback\nis used.\n\nExample call stack:\n\nThread#1:\n__dwc3_gadget_ep_set_halt() - CLEAR HALT\n -\u003e dwc3_gadget_ep_cleanup_cancelled_requests()\n -\u003elist_for_each_entry_safe()\n -\u003edwc3_gadget_giveback(n)\n -\u003edwc3_gadget_del_and_unmap_request()- n deleted[cancelled_list]\n -\u003espin_unlock\n -\u003eThread#2 executes\n ...\n -\u003edwc3_gadget_giveback(n+1)\n -\u003eAlready removed!\n\nThread#2:\ndwc3_gadget_pullup()\n -\u003ewaiting for dwc3 spin_lock\n ...\n -\u003eThread#1 released lock\n -\u003edwc3_stop_active_transfers()\n -\u003edwc3_remove_requests()\n -\u003efetches n+1 item from cancelled_list (n removed by Thread#1)\n -\u003edwc3_gadget_giveback()\n -\u003edwc3_gadget_del_and_unmap_request()- n+1 deleted[cancelled_list]\n -\u003espin_unlock"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:36.334Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c6e5dc3b639c96e6839a8d1b8e951923fdfd34a"
},
{
"url": "https://git.kernel.org/stable/c/2424307cdf421ac72075a1384eae4e4199ab6457"
},
{
"url": "https://git.kernel.org/stable/c/26a7e6832afe9d9a991cfd9015177f083cf959cc"
},
{
"url": "https://git.kernel.org/stable/c/bf594d1d0c1d7b895954018043536ffd327844f9"
}
],
"title": "usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49398",
"datePublished": "2025-02-26T02:12:27.141Z",
"dateReserved": "2025-02-26T02:08:31.563Z",
"dateUpdated": "2025-05-04T12:44:36.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49295 (GCVE-0-2022-49295)
Vulnerability from cvelistv5
Published
2025-02-26 02:01
Modified
2025-10-29 10:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nbd: call genl_unregister_family() first in nbd_cleanup()
Otherwise there may be race between module removal and the handling of
netlink command, which can lead to the oops as shown below:
BUG: kernel NULL pointer dereference, address: 0000000000000098
Oops: 0002 [#1] SMP PTI
CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
RIP: 0010:down_write+0x1a/0x50
Call Trace:
start_creating+0x89/0x130
debugfs_create_dir+0x1b/0x130
nbd_start_device+0x13d/0x390 [nbd]
nbd_genl_connect+0x42f/0x748 [nbd]
genl_family_rcv_msg_doit.isra.0+0xec/0x150
genl_rcv_msg+0xe5/0x1e0
netlink_rcv_skb+0x55/0x100
genl_rcv+0x29/0x40
netlink_unicast+0x1a8/0x250
netlink_sendmsg+0x21b/0x430
____sys_sendmsg+0x2a4/0x2d0
___sys_sendmsg+0x81/0xc0
__sys_sendmsg+0x62/0xb0
__x64_sys_sendmsg+0x1f/0x30
do_syscall_64+0x3b/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xae
Modules linked in: nbd(E-)
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e46c7287b1c27683a8e30ca825fb98e2b97f1099 Version: e46c7287b1c27683a8e30ca825fb98e2b97f1099 Version: e46c7287b1c27683a8e30ca825fb98e2b97f1099 Version: e46c7287b1c27683a8e30ca825fb98e2b97f1099 Version: e46c7287b1c27683a8e30ca825fb98e2b97f1099 Version: e46c7287b1c27683a8e30ca825fb98e2b97f1099 Version: e46c7287b1c27683a8e30ca825fb98e2b97f1099 Version: e46c7287b1c27683a8e30ca825fb98e2b97f1099 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:45:04.172443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:59.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8a1435c862ea09b06be7acda325128dc08458e25",
"status": "affected",
"version": "e46c7287b1c27683a8e30ca825fb98e2b97f1099",
"versionType": "git"
},
{
"lessThan": "013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c",
"status": "affected",
"version": "e46c7287b1c27683a8e30ca825fb98e2b97f1099",
"versionType": "git"
},
{
"lessThan": "1be608e1ee1f222464b2856bda9b85ab5184a33e",
"status": "affected",
"version": "e46c7287b1c27683a8e30ca825fb98e2b97f1099",
"versionType": "git"
},
{
"lessThan": "c0868f6e728c3c28bef0e8bee89d2daf86a8bbca",
"status": "affected",
"version": "e46c7287b1c27683a8e30ca825fb98e2b97f1099",
"versionType": "git"
},
{
"lessThan": "cbeafa7a79d08ecdb55f8f1d41a11323d0f709db",
"status": "affected",
"version": "e46c7287b1c27683a8e30ca825fb98e2b97f1099",
"versionType": "git"
},
{
"lessThan": "6f505bbb8063fd3a238a4239d2d8c165e5279f6f",
"status": "affected",
"version": "e46c7287b1c27683a8e30ca825fb98e2b97f1099",
"versionType": "git"
},
{
"lessThan": "3d5da1ffba3388c2ae2e6c598855a4d887d3bf79",
"status": "affected",
"version": "e46c7287b1c27683a8e30ca825fb98e2b97f1099",
"versionType": "git"
},
{
"lessThan": "06c4da89c24e7023ea448cadf8e9daf06a0aae6e",
"status": "affected",
"version": "e46c7287b1c27683a8e30ca825fb98e2b97f1099",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: call genl_unregister_family() first in nbd_cleanup()\n\nOtherwise there may be race between module removal and the handling of\nnetlink command, which can lead to the oops as shown below:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000098\n Oops: 0002 [#1] SMP PTI\n CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n RIP: 0010:down_write+0x1a/0x50\n Call Trace:\n start_creating+0x89/0x130\n debugfs_create_dir+0x1b/0x130\n nbd_start_device+0x13d/0x390 [nbd]\n nbd_genl_connect+0x42f/0x748 [nbd]\n genl_family_rcv_msg_doit.isra.0+0xec/0x150\n genl_rcv_msg+0xe5/0x1e0\n netlink_rcv_skb+0x55/0x100\n genl_rcv+0x29/0x40\n netlink_unicast+0x1a8/0x250\n netlink_sendmsg+0x21b/0x430\n ____sys_sendmsg+0x2a4/0x2d0\n ___sys_sendmsg+0x81/0xc0\n __sys_sendmsg+0x62/0xb0\n __x64_sys_sendmsg+0x1f/0x30\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n Modules linked in: nbd(E-)"
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T10:49:58.050Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8a1435c862ea09b06be7acda325128dc08458e25"
},
{
"url": "https://git.kernel.org/stable/c/013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c"
},
{
"url": "https://git.kernel.org/stable/c/1be608e1ee1f222464b2856bda9b85ab5184a33e"
},
{
"url": "https://git.kernel.org/stable/c/c0868f6e728c3c28bef0e8bee89d2daf86a8bbca"
},
{
"url": "https://git.kernel.org/stable/c/cbeafa7a79d08ecdb55f8f1d41a11323d0f709db"
},
{
"url": "https://git.kernel.org/stable/c/6f505bbb8063fd3a238a4239d2d8c165e5279f6f"
},
{
"url": "https://git.kernel.org/stable/c/3d5da1ffba3388c2ae2e6c598855a4d887d3bf79"
},
{
"url": "https://git.kernel.org/stable/c/06c4da89c24e7023ea448cadf8e9daf06a0aae6e"
}
],
"title": "nbd: call genl_unregister_family() first in nbd_cleanup()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49295",
"datePublished": "2025-02-26T02:01:25.659Z",
"dateReserved": "2025-02-26T01:49:39.302Z",
"dateUpdated": "2025-10-29T10:49:58.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49504 (GCVE-0-2022-49504)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Inhibit aborts if external loopback plug is inserted
After running a short external loopback test, when the external loopback is
removed and a normal cable inserted that is directly connected to a target
device, the system oops in the llpfc_set_rrq_active() routine.
When the loopback was inserted an FLOGI was transmit. As we're looped back,
we receive the FLOGI request. The FLOGI is ABTS'd as we recognize the same
wppn thus understand it's a loopback. However, as the ABTS sends address
information the port is not set to (fffffe), the ABTS is dropped on the
wire. A short 1 frame loopback test is run and completes before the ABTS
times out. The looback is unplugged and the new cable plugged in, and the
an FLOGI to the new device occurs and completes. Due to a mixup in ref
counting the completion of the new FLOGI releases the fabric ndlp. Then the
original ABTS completes and references the released ndlp generating the
oops.
Correct by no-op'ing the ABTS when in loopback mode (it will be dropped
anyway). Added a flag to track the mode to recognize when it should be
no-op'd.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc.h",
"drivers/scsi/lpfc/lpfc_els.c",
"drivers/scsi/lpfc/lpfc_hbadisc.c",
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a1516930cb605caee3bc7b4f3b7994b88c0b8505",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ead76d4c09b89f4c8d632648026a476a5a34fde8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc.h",
"drivers/scsi/lpfc/lpfc_els.c",
"drivers/scsi/lpfc/lpfc_hbadisc.c",
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Inhibit aborts if external loopback plug is inserted\n\nAfter running a short external loopback test, when the external loopback is\nremoved and a normal cable inserted that is directly connected to a target\ndevice, the system oops in the llpfc_set_rrq_active() routine.\n\nWhen the loopback was inserted an FLOGI was transmit. As we\u0027re looped back,\nwe receive the FLOGI request. The FLOGI is ABTS\u0027d as we recognize the same\nwppn thus understand it\u0027s a loopback. However, as the ABTS sends address\ninformation the port is not set to (fffffe), the ABTS is dropped on the\nwire. A short 1 frame loopback test is run and completes before the ABTS\ntimes out. The looback is unplugged and the new cable plugged in, and the\nan FLOGI to the new device occurs and completes. Due to a mixup in ref\ncounting the completion of the new FLOGI releases the fabric ndlp. Then the\noriginal ABTS completes and references the released ndlp generating the\noops.\n\nCorrect by no-op\u0027ing the ABTS when in loopback mode (it will be dropped\nanyway). Added a flag to track the mode to recognize when it should be\nno-op\u0027d."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:21.409Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a1516930cb605caee3bc7b4f3b7994b88c0b8505"
},
{
"url": "https://git.kernel.org/stable/c/ead76d4c09b89f4c8d632648026a476a5a34fde8"
}
],
"title": "scsi: lpfc: Inhibit aborts if external loopback plug is inserted",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49504",
"datePublished": "2025-02-26T02:13:36.829Z",
"dateReserved": "2025-02-26T02:08:31.586Z",
"dateUpdated": "2025-05-04T08:39:21.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21780 (GCVE-0-2025-21780)
Vulnerability from cvelistv5
Published
2025-02-27 02:18
Modified
2025-11-03 20:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
It malicious user provides a small pptable through sysfs and then
a bigger pptable, it may cause buffer overflow attack in function
smu_sys_set_pp_table().
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-21780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:30:25.628048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:40.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:59:26.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3484ea33157bc7334f57e64826ec5a4bf992151a",
"status": "affected",
"version": "137d63abbf6a0859e79b662e81d21170ecb75e59",
"versionType": "git"
},
{
"lessThan": "e43a8b9c4d700ffec819c5043a48769b3e7d9cab",
"status": "affected",
"version": "137d63abbf6a0859e79b662e81d21170ecb75e59",
"versionType": "git"
},
{
"lessThan": "2498d2db1d35e88a2060ea191ae75dce853dd084",
"status": "affected",
"version": "137d63abbf6a0859e79b662e81d21170ecb75e59",
"versionType": "git"
},
{
"lessThan": "231075c5a8ea54f34b7c4794687baa980814e6de",
"status": "affected",
"version": "137d63abbf6a0859e79b662e81d21170ecb75e59",
"versionType": "git"
},
{
"lessThan": "1abb2648698bf10783d2236a6b4a7ca5e8021699",
"status": "affected",
"version": "137d63abbf6a0859e79b662e81d21170ecb75e59",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.79",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.16",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.4",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:21:06.464Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a"
},
{
"url": "https://git.kernel.org/stable/c/e43a8b9c4d700ffec819c5043a48769b3e7d9cab"
},
{
"url": "https://git.kernel.org/stable/c/2498d2db1d35e88a2060ea191ae75dce853dd084"
},
{
"url": "https://git.kernel.org/stable/c/231075c5a8ea54f34b7c4794687baa980814e6de"
},
{
"url": "https://git.kernel.org/stable/c/1abb2648698bf10783d2236a6b4a7ca5e8021699"
}
],
"title": "drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21780",
"datePublished": "2025-02-27T02:18:23.543Z",
"dateReserved": "2024-12-29T08:45:45.764Z",
"dateUpdated": "2025-11-03T20:59:26.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49106 (GCVE-0-2022-49106)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances
vchiq_get_state() can return a NULL pointer. So handle this cases and
avoid a NULL pointer derefence in vchiq_dump_platform_instances.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:49:08.108427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:04.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "176df12b38c70b0a45e6392a0ee5bc83489dfc29",
"status": "affected",
"version": "71bad7f086419dc674244b91ca35a12bfa4cb597",
"versionType": "git"
},
{
"lessThan": "4627250cabaa80278d3ab01ad107893cea83799f",
"status": "affected",
"version": "71bad7f086419dc674244b91ca35a12bfa4cb597",
"versionType": "git"
},
{
"lessThan": "51e5e5c34c22c0bfec0808d8c33e0b2fcf4c7c89",
"status": "affected",
"version": "71bad7f086419dc674244b91ca35a12bfa4cb597",
"versionType": "git"
},
{
"lessThan": "aa899e686d442c63d50f4d369cc02dbbf0941cb0",
"status": "affected",
"version": "71bad7f086419dc674244b91ca35a12bfa4cb597",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances\n\nvchiq_get_state() can return a NULL pointer. So handle this cases and\navoid a NULL pointer derefence in vchiq_dump_platform_instances."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:59.296Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/176df12b38c70b0a45e6392a0ee5bc83489dfc29"
},
{
"url": "https://git.kernel.org/stable/c/4627250cabaa80278d3ab01ad107893cea83799f"
},
{
"url": "https://git.kernel.org/stable/c/51e5e5c34c22c0bfec0808d8c33e0b2fcf4c7c89"
},
{
"url": "https://git.kernel.org/stable/c/aa899e686d442c63d50f4d369cc02dbbf0941cb0"
}
],
"title": "staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49106",
"datePublished": "2025-02-26T01:54:53.985Z",
"dateReserved": "2025-02-26T01:49:39.251Z",
"dateUpdated": "2025-10-01T19:57:04.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49346 (GCVE-0-2022-49346)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
Every iteration of for_each_available_child_of_node() decrements
the reference count of the previous node.
when breaking early from a for_each_available_child_of_node() loop,
we need to explicitly call of_node_put() on the gphy_fw_np.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 14fceff4771e51b23b4485b575cf9e5b3414b89b Version: 14fceff4771e51b23b4485b575cf9e5b3414b89b Version: 14fceff4771e51b23b4485b575cf9e5b3414b89b Version: 14fceff4771e51b23b4485b575cf9e5b3414b89b Version: 14fceff4771e51b23b4485b575cf9e5b3414b89b Version: 14fceff4771e51b23b4485b575cf9e5b3414b89b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:55.975462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:54.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/lantiq_gswip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7c8df6fad43d9d5d77f281f794b2a93cd02fd1a9",
"status": "affected",
"version": "14fceff4771e51b23b4485b575cf9e5b3414b89b",
"versionType": "git"
},
{
"lessThan": "c2ae49a113a5344232f1ebb93bcf18bbd11e9c39",
"status": "affected",
"version": "14fceff4771e51b23b4485b575cf9e5b3414b89b",
"versionType": "git"
},
{
"lessThan": "54d6802c4d83fa8de7696cfec06f475d5fd92d27",
"status": "affected",
"version": "14fceff4771e51b23b4485b575cf9e5b3414b89b",
"versionType": "git"
},
{
"lessThan": "32cd78c5610f02a929f63cac985e73692d05f33e",
"status": "affected",
"version": "14fceff4771e51b23b4485b575cf9e5b3414b89b",
"versionType": "git"
},
{
"lessThan": "2e007ac6fa7c9c94ad84da075c5c504afad690a0",
"status": "affected",
"version": "14fceff4771e51b23b4485b575cf9e5b3414b89b",
"versionType": "git"
},
{
"lessThan": "0737e018a05e2aa352828c52bdeed3b02cff2930",
"status": "affected",
"version": "14fceff4771e51b23b4485b575cf9e5b3414b89b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/dsa/lantiq_gswip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list\n\nEvery iteration of for_each_available_child_of_node() decrements\nthe reference count of the previous node.\nwhen breaking early from a for_each_available_child_of_node() loop,\nwe need to explicitly call of_node_put() on the gphy_fw_np.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:46.258Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7c8df6fad43d9d5d77f281f794b2a93cd02fd1a9"
},
{
"url": "https://git.kernel.org/stable/c/c2ae49a113a5344232f1ebb93bcf18bbd11e9c39"
},
{
"url": "https://git.kernel.org/stable/c/54d6802c4d83fa8de7696cfec06f475d5fd92d27"
},
{
"url": "https://git.kernel.org/stable/c/32cd78c5610f02a929f63cac985e73692d05f33e"
},
{
"url": "https://git.kernel.org/stable/c/2e007ac6fa7c9c94ad84da075c5c504afad690a0"
},
{
"url": "https://git.kernel.org/stable/c/0737e018a05e2aa352828c52bdeed3b02cff2930"
}
],
"title": "net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49346",
"datePublished": "2025-02-26T02:11:01.485Z",
"dateReserved": "2025-02-26T02:08:31.543Z",
"dateUpdated": "2025-10-01T19:46:54.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47635 (GCVE-0-2021-47635)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 07:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ubifs: Fix to add refcount once page is set private
MM defined the rule [1] very clearly that once page was set with PG_private
flag, we should increment the refcount in that page, also main flows like
pageout(), migrate_page() will assume there is one additional page
reference count if page_has_private() returns true. Otherwise, we may
get a BUG in page migration:
page:0000000080d05b9d refcount:-1 mapcount:0 mapping:000000005f4d82a8
index:0xe2 pfn:0x14c12
aops:ubifs_file_address_operations [ubifs] ino:8f1 dentry name:"f30e"
flags: 0x1fffff80002405(locked|uptodate|owner_priv_1|private|node=0|
zone=1|lastcpupid=0x1fffff)
page dumped because: VM_BUG_ON_PAGE(page_count(page) != 0)
------------[ cut here ]------------
kernel BUG at include/linux/page_ref.h:184!
invalid opcode: 0000 [#1] SMP
CPU: 3 PID: 38 Comm: kcompactd0 Not tainted 5.15.0-rc5
RIP: 0010:migrate_page_move_mapping+0xac3/0xe70
Call Trace:
ubifs_migrate_page+0x22/0xc0 [ubifs]
move_to_new_page+0xb4/0x600
migrate_pages+0x1523/0x1cc0
compact_zone+0x8c5/0x14b0
kcompactd+0x2bc/0x560
kthread+0x18c/0x1e0
ret_from_fork+0x1f/0x30
Before the time, we should make clean a concept, what does refcount means
in page gotten from grab_cache_page_write_begin(). There are 2 situations:
Situation 1: refcount is 3, page is created by __page_cache_alloc.
TYPE_A - the write process is using this page
TYPE_B - page is assigned to one certain mapping by calling
__add_to_page_cache_locked()
TYPE_C - page is added into pagevec list corresponding current cpu by
calling lru_cache_add()
Situation 2: refcount is 2, page is gotten from the mapping's tree
TYPE_B - page has been assigned to one certain mapping
TYPE_A - the write process is using this page (by calling
page_cache_get_speculative())
Filesystem releases one refcount by calling put_page() in xxx_write_end(),
the released refcount corresponds to TYPE_A (write task is using it). If
there are any processes using a page, page migration process will skip the
page by judging whether expected_page_refs() equals to page refcount.
The BUG is caused by following process:
PA(cpu 0) kcompactd(cpu 1)
compact_zone
ubifs_write_begin
page_a = grab_cache_page_write_begin
add_to_page_cache_lru
lru_cache_add
pagevec_add // put page into cpu 0's pagevec
(refcnf = 3, for page creation process)
ubifs_write_end
SetPagePrivate(page_a) // doesn't increase page count !
unlock_page(page_a)
put_page(page_a) // refcnt = 2
[...]
PB(cpu 0)
filemap_read
filemap_get_pages
add_to_page_cache_lru
lru_cache_add
__pagevec_lru_add // traverse all pages in cpu 0's pagevec
__pagevec_lru_add_fn
SetPageLRU(page_a)
isolate_migratepages
isolate_migratepages_block
get_page_unless_zero(page_a)
// refcnt = 3
list_add(page_a, from_list)
migrate_pages(from_list)
__unmap_and_move
move_to_new_page
ubifs_migrate_page(page_a)
migrate_page_move_mapping
expected_page_refs get 3
(migration[1] + mapping[1] + private[1])
release_pages
put_page_testzero(page_a) // refcnt = 3
page_ref_freeze // refcnt = 0
page_ref_dec_and_test(0 - 1 = -1)
page_ref_unfreeze
VM_BUG_ON_PAGE(-1 != 0, page)
UBIFS doesn't increase the page refcount after setting private flag, which
leads to page migration task believes the page is not used by any other
processes, so the page is migrated. This causes concurrent accessing on
page refcount between put_page() called by other process(eg. read process
calls lru_cache_add) and page_ref_unfreeze() called by mi
---truncated---
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ubifs/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c34ae24a2590fee96a3a7735ba2fa6cc52306221",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "4f75bab98565afd4f905059c56ec4caba88a7eec",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "5aaa2c0f0052b02c4a982993d4c5bb68fb7cbe22",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "fbeb2139eed65e929ce806c6468e6601ade01b1b",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "3b67db8a6ca83e6ff90b756d3da0c966f61cd37b",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ubifs/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix to add refcount once page is set private\n\nMM defined the rule [1] very clearly that once page was set with PG_private\nflag, we should increment the refcount in that page, also main flows like\npageout(), migrate_page() will assume there is one additional page\nreference count if page_has_private() returns true. Otherwise, we may\nget a BUG in page migration:\n\n page:0000000080d05b9d refcount:-1 mapcount:0 mapping:000000005f4d82a8\n index:0xe2 pfn:0x14c12\n aops:ubifs_file_address_operations [ubifs] ino:8f1 dentry name:\"f30e\"\n flags: 0x1fffff80002405(locked|uptodate|owner_priv_1|private|node=0|\n zone=1|lastcpupid=0x1fffff)\n page dumped because: VM_BUG_ON_PAGE(page_count(page) != 0)\n ------------[ cut here ]------------\n kernel BUG at include/linux/page_ref.h:184!\n invalid opcode: 0000 [#1] SMP\n CPU: 3 PID: 38 Comm: kcompactd0 Not tainted 5.15.0-rc5\n RIP: 0010:migrate_page_move_mapping+0xac3/0xe70\n Call Trace:\n ubifs_migrate_page+0x22/0xc0 [ubifs]\n move_to_new_page+0xb4/0x600\n migrate_pages+0x1523/0x1cc0\n compact_zone+0x8c5/0x14b0\n kcompactd+0x2bc/0x560\n kthread+0x18c/0x1e0\n ret_from_fork+0x1f/0x30\n\nBefore the time, we should make clean a concept, what does refcount means\nin page gotten from grab_cache_page_write_begin(). There are 2 situations:\nSituation 1: refcount is 3, page is created by __page_cache_alloc.\n TYPE_A - the write process is using this page\n TYPE_B - page is assigned to one certain mapping by calling\n\t __add_to_page_cache_locked()\n TYPE_C - page is added into pagevec list corresponding current cpu by\n\t calling lru_cache_add()\nSituation 2: refcount is 2, page is gotten from the mapping\u0027s tree\n TYPE_B - page has been assigned to one certain mapping\n TYPE_A - the write process is using this page (by calling\n\t page_cache_get_speculative())\nFilesystem releases one refcount by calling put_page() in xxx_write_end(),\nthe released refcount corresponds to TYPE_A (write task is using it). If\nthere are any processes using a page, page migration process will skip the\npage by judging whether expected_page_refs() equals to page refcount.\n\nThe BUG is caused by following process:\n PA(cpu 0) kcompactd(cpu 1)\n\t\t\t\tcompact_zone\nubifs_write_begin\n page_a = grab_cache_page_write_begin\n add_to_page_cache_lru\n lru_cache_add\n pagevec_add // put page into cpu 0\u0027s pagevec\n (refcnf = 3, for page creation process)\nubifs_write_end\n SetPagePrivate(page_a) // doesn\u0027t increase page count !\n unlock_page(page_a)\n put_page(page_a) // refcnt = 2\n\t\t\t\t[...]\n\n PB(cpu 0)\nfilemap_read\n filemap_get_pages\n add_to_page_cache_lru\n lru_cache_add\n __pagevec_lru_add // traverse all pages in cpu 0\u0027s pagevec\n\t __pagevec_lru_add_fn\n\t SetPageLRU(page_a)\n\t\t\t\tisolate_migratepages\n isolate_migratepages_block\n\t\t\t\t get_page_unless_zero(page_a)\n\t\t\t\t // refcnt = 3\n list_add(page_a, from_list)\n\t\t\t\tmigrate_pages(from_list)\n\t\t\t\t __unmap_and_move\n\t\t\t\t move_to_new_page\n\t\t\t\t ubifs_migrate_page(page_a)\n\t\t\t\t migrate_page_move_mapping\n\t\t\t\t\t expected_page_refs get 3\n (migration[1] + mapping[1] + private[1])\n\t release_pages\n\t put_page_testzero(page_a) // refcnt = 3\n page_ref_freeze // refcnt = 0\n\t page_ref_dec_and_test(0 - 1 = -1)\n page_ref_unfreeze\n VM_BUG_ON_PAGE(-1 != 0, page)\n\nUBIFS doesn\u0027t increase the page refcount after setting private flag, which\nleads to page migration task believes the page is not used by any other\nprocesses, so the page is migrated. This causes concurrent accessing on\npage refcount between put_page() called by other process(eg. read process\ncalls lru_cache_add) and page_ref_unfreeze() called by mi\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:14.250Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c34ae24a2590fee96a3a7735ba2fa6cc52306221"
},
{
"url": "https://git.kernel.org/stable/c/4f75bab98565afd4f905059c56ec4caba88a7eec"
},
{
"url": "https://git.kernel.org/stable/c/5aaa2c0f0052b02c4a982993d4c5bb68fb7cbe22"
},
{
"url": "https://git.kernel.org/stable/c/fbeb2139eed65e929ce806c6468e6601ade01b1b"
},
{
"url": "https://git.kernel.org/stable/c/3b67db8a6ca83e6ff90b756d3da0c966f61cd37b"
}
],
"title": "ubifs: Fix to add refcount once page is set private",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47635",
"datePublished": "2025-02-26T01:54:09.701Z",
"dateReserved": "2025-02-26T01:48:21.518Z",
"dateUpdated": "2025-05-04T07:15:14.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49667 (GCVE-0-2022-49667)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: bonding: fix use-after-free after 802.3ad slave unbind
commit 0622cab0341c ("bonding: fix 802.3ad aggregator reselection"),
resolve case, when there is several aggregation groups in the same bond.
bond_3ad_unbind_slave will invalidate (clear) aggregator when
__agg_active_ports return zero. So, ad_clear_agg can be executed even, when
num_of_ports!=0. Than bond_3ad_unbind_slave can be executed again for,
previously cleared aggregator. NOTE: at this time bond_3ad_unbind_slave
will not update slave ports list, because lag_ports==NULL. So, here we
got slave ports, pointing to freed aggregator memory.
Fix with checking actual number of ports in group (as was before
commit 0622cab0341c ("bonding: fix 802.3ad aggregator reselection") ),
before ad_clear_agg().
The KASAN logs are as follows:
[ 767.617392] ==================================================================
[ 767.630776] BUG: KASAN: use-after-free in bond_3ad_state_machine_handler+0x13dc/0x1470
[ 767.638764] Read of size 2 at addr ffff00011ba9d430 by task kworker/u8:7/767
[ 767.647361] CPU: 3 PID: 767 Comm: kworker/u8:7 Tainted: G O 5.15.11 #15
[ 767.655329] Hardware name: DNI AmazonGo1 A7040 board (DT)
[ 767.660760] Workqueue: lacp_1 bond_3ad_state_machine_handler
[ 767.666468] Call trace:
[ 767.668930] dump_backtrace+0x0/0x2d0
[ 767.672625] show_stack+0x24/0x30
[ 767.675965] dump_stack_lvl+0x68/0x84
[ 767.679659] print_address_description.constprop.0+0x74/0x2b8
[ 767.685451] kasan_report+0x1f0/0x260
[ 767.689148] __asan_load2+0x94/0xd0
[ 767.692667] bond_3ad_state_machine_handler+0x13dc/0x1470
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0622cab0341cac6b30da177b0faa39fae0680e71 Version: 0622cab0341cac6b30da177b0faa39fae0680e71 Version: 0622cab0341cac6b30da177b0faa39fae0680e71 Version: 0622cab0341cac6b30da177b0faa39fae0680e71 Version: 0622cab0341cac6b30da177b0faa39fae0680e71 Version: 0622cab0341cac6b30da177b0faa39fae0680e71 Version: 0622cab0341cac6b30da177b0faa39fae0680e71 Version: 0622cab0341cac6b30da177b0faa39fae0680e71 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:15:14.271545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:31.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_3ad.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a853b7a3a9fd1d74a4ccdd9cd73512b7dace2f1e",
"status": "affected",
"version": "0622cab0341cac6b30da177b0faa39fae0680e71",
"versionType": "git"
},
{
"lessThan": "b90ac60303063a43e17dd4aec159067599d255e6",
"status": "affected",
"version": "0622cab0341cac6b30da177b0faa39fae0680e71",
"versionType": "git"
},
{
"lessThan": "f162f7c348fa2a5555bafdb5cc890b89b221e69c",
"status": "affected",
"version": "0622cab0341cac6b30da177b0faa39fae0680e71",
"versionType": "git"
},
{
"lessThan": "893825289ba840afd86bfffcb6f7f363c73efff8",
"status": "affected",
"version": "0622cab0341cac6b30da177b0faa39fae0680e71",
"versionType": "git"
},
{
"lessThan": "63b2fe509f69b90168a75e04e14573dccf7984e6",
"status": "affected",
"version": "0622cab0341cac6b30da177b0faa39fae0680e71",
"versionType": "git"
},
{
"lessThan": "ef0af7d08d26c5333ff4944a559279464edf6f15",
"status": "affected",
"version": "0622cab0341cac6b30da177b0faa39fae0680e71",
"versionType": "git"
},
{
"lessThan": "2765749def4765c5052a4c66445cf4c96fcccdbc",
"status": "affected",
"version": "0622cab0341cac6b30da177b0faa39fae0680e71",
"versionType": "git"
},
{
"lessThan": "050133e1aa2cb49bb17be847d48a4431598ef562",
"status": "affected",
"version": "0622cab0341cac6b30da177b0faa39fae0680e71",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_3ad.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.251",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.204",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.322",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.287",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.251",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.204",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.129",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.53",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.10",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bonding: fix use-after-free after 802.3ad slave unbind\n\ncommit 0622cab0341c (\"bonding: fix 802.3ad aggregator reselection\"),\nresolve case, when there is several aggregation groups in the same bond.\nbond_3ad_unbind_slave will invalidate (clear) aggregator when\n__agg_active_ports return zero. So, ad_clear_agg can be executed even, when\nnum_of_ports!=0. Than bond_3ad_unbind_slave can be executed again for,\npreviously cleared aggregator. NOTE: at this time bond_3ad_unbind_slave\nwill not update slave ports list, because lag_ports==NULL. So, here we\ngot slave ports, pointing to freed aggregator memory.\n\nFix with checking actual number of ports in group (as was before\ncommit 0622cab0341c (\"bonding: fix 802.3ad aggregator reselection\") ),\nbefore ad_clear_agg().\n\nThe KASAN logs are as follows:\n\n[ 767.617392] ==================================================================\n[ 767.630776] BUG: KASAN: use-after-free in bond_3ad_state_machine_handler+0x13dc/0x1470\n[ 767.638764] Read of size 2 at addr ffff00011ba9d430 by task kworker/u8:7/767\n[ 767.647361] CPU: 3 PID: 767 Comm: kworker/u8:7 Tainted: G O 5.15.11 #15\n[ 767.655329] Hardware name: DNI AmazonGo1 A7040 board (DT)\n[ 767.660760] Workqueue: lacp_1 bond_3ad_state_machine_handler\n[ 767.666468] Call trace:\n[ 767.668930] dump_backtrace+0x0/0x2d0\n[ 767.672625] show_stack+0x24/0x30\n[ 767.675965] dump_stack_lvl+0x68/0x84\n[ 767.679659] print_address_description.constprop.0+0x74/0x2b8\n[ 767.685451] kasan_report+0x1f0/0x260\n[ 767.689148] __asan_load2+0x94/0xd0\n[ 767.692667] bond_3ad_state_machine_handler+0x13dc/0x1470"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:54.979Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a853b7a3a9fd1d74a4ccdd9cd73512b7dace2f1e"
},
{
"url": "https://git.kernel.org/stable/c/b90ac60303063a43e17dd4aec159067599d255e6"
},
{
"url": "https://git.kernel.org/stable/c/f162f7c348fa2a5555bafdb5cc890b89b221e69c"
},
{
"url": "https://git.kernel.org/stable/c/893825289ba840afd86bfffcb6f7f363c73efff8"
},
{
"url": "https://git.kernel.org/stable/c/63b2fe509f69b90168a75e04e14573dccf7984e6"
},
{
"url": "https://git.kernel.org/stable/c/ef0af7d08d26c5333ff4944a559279464edf6f15"
},
{
"url": "https://git.kernel.org/stable/c/2765749def4765c5052a4c66445cf4c96fcccdbc"
},
{
"url": "https://git.kernel.org/stable/c/050133e1aa2cb49bb17be847d48a4431598ef562"
}
],
"title": "net: bonding: fix use-after-free after 802.3ad slave unbind",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49667",
"datePublished": "2025-02-26T02:24:01.818Z",
"dateReserved": "2025-02-26T02:21:30.436Z",
"dateUpdated": "2025-05-04T08:42:54.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49396 (GCVE-0-2022-49396)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom-qmp: fix reset-controller leak on probe errors
Make sure to release the lane reset controller in case of a late probe
error (e.g. probe deferral).
Note that due to the reset controller being defined in devicetree in
"lane" child nodes, devm_reset_control_get_exclusive() cannot be used
directly.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/phy/qualcomm/phy-qcom-qmp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b7b5fbcaac5355e2e695dc0c08a0fcf248250388",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "a39d9eccb333b8c07c43ebea1c6dfda122378a0f",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "7ac21b24af859c097eb4034e93430056068f8f31",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "2156dc390402043ba5982489c6625adcb0b0975c",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "ba173a6f8d8dffed64bb13ab23081bdddfb464f0",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "feb05b10b3ed3ae21b851520a0d0b71685439517",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "8c03eb0c8982677b4e17174073a011788891304d",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "4d2900f20edfe541f75756a00deeb2ffe7c66bc1",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/phy/qualcomm/phy-qcom-qmp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp: fix reset-controller leak on probe errors\n\nMake sure to release the lane reset controller in case of a late probe\nerror (e.g. probe deferral).\n\nNote that due to the reset controller being defined in devicetree in\n\"lane\" child nodes, devm_reset_control_get_exclusive() cannot be used\ndirectly."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:47.558Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b7b5fbcaac5355e2e695dc0c08a0fcf248250388"
},
{
"url": "https://git.kernel.org/stable/c/a39d9eccb333b8c07c43ebea1c6dfda122378a0f"
},
{
"url": "https://git.kernel.org/stable/c/7ac21b24af859c097eb4034e93430056068f8f31"
},
{
"url": "https://git.kernel.org/stable/c/2156dc390402043ba5982489c6625adcb0b0975c"
},
{
"url": "https://git.kernel.org/stable/c/ba173a6f8d8dffed64bb13ab23081bdddfb464f0"
},
{
"url": "https://git.kernel.org/stable/c/feb05b10b3ed3ae21b851520a0d0b71685439517"
},
{
"url": "https://git.kernel.org/stable/c/8c03eb0c8982677b4e17174073a011788891304d"
},
{
"url": "https://git.kernel.org/stable/c/4d2900f20edfe541f75756a00deeb2ffe7c66bc1"
}
],
"title": "phy: qcom-qmp: fix reset-controller leak on probe errors",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49396",
"datePublished": "2025-02-26T02:11:26.145Z",
"dateReserved": "2025-02-26T02:08:31.563Z",
"dateUpdated": "2025-05-04T08:36:47.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49644 (GCVE-0-2022-49644)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
If drm_connector_init fails, intel_connector_free will be called to take
care of proper free. So it is necessary to drop the refcount of port
before intel_connector_free.
(cherry picked from commit cea9ed611e85d36a05db52b6457bf584b7d969e2)
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:51.519733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:48.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/display/intel_dp_mst.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "72f231b9a88abcfac9f5ddaa1a0aacb3f9f87ba5",
"status": "affected",
"version": "091a4f91942a4396c67e5747f5cb38c6396d1fc5",
"versionType": "git"
},
{
"lessThan": "592f3bad00b7e2a95a6fb7a4f9e742c061c9c3c1",
"status": "affected",
"version": "091a4f91942a4396c67e5747f5cb38c6396d1fc5",
"versionType": "git"
},
{
"lessThan": "505114dda5bbfd07f4ce9a2df5b7d8ef5f2a1218",
"status": "affected",
"version": "091a4f91942a4396c67e5747f5cb38c6396d1fc5",
"versionType": "git"
},
{
"lessThan": "a91522b4279bebb098106a19b91f82b9c3213be9",
"status": "affected",
"version": "091a4f91942a4396c67e5747f5cb38c6396d1fc5",
"versionType": "git"
},
{
"lessThan": "85144df9ff4652816448369de76897c57cbb1b93",
"status": "affected",
"version": "091a4f91942a4396c67e5747f5cb38c6396d1fc5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/display/intel_dp_mst.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()\n\nIf drm_connector_init fails, intel_connector_free will be called to take\ncare of proper free. So it is necessary to drop the refcount of port\nbefore intel_connector_free.\n\n(cherry picked from commit cea9ed611e85d36a05db52b6457bf584b7d969e2)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:27.608Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/72f231b9a88abcfac9f5ddaa1a0aacb3f9f87ba5"
},
{
"url": "https://git.kernel.org/stable/c/592f3bad00b7e2a95a6fb7a4f9e742c061c9c3c1"
},
{
"url": "https://git.kernel.org/stable/c/505114dda5bbfd07f4ce9a2df5b7d8ef5f2a1218"
},
{
"url": "https://git.kernel.org/stable/c/a91522b4279bebb098106a19b91f82b9c3213be9"
},
{
"url": "https://git.kernel.org/stable/c/85144df9ff4652816448369de76897c57cbb1b93"
}
],
"title": "drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49644",
"datePublished": "2025-02-26T02:23:50.134Z",
"dateReserved": "2025-02-26T02:21:30.432Z",
"dateUpdated": "2025-10-01T19:36:48.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49679 (GCVE-0-2022-49679)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: Fix refcount leak in axxia_boot_secondary
of_find_compatible_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1d22924e1c4e299337e86e290c02c3e3eb43b608 Version: 1d22924e1c4e299337e86e290c02c3e3eb43b608 Version: 1d22924e1c4e299337e86e290c02c3e3eb43b608 Version: 1d22924e1c4e299337e86e290c02c3e3eb43b608 Version: 1d22924e1c4e299337e86e290c02c3e3eb43b608 Version: 1d22924e1c4e299337e86e290c02c3e3eb43b608 Version: 1d22924e1c4e299337e86e290c02c3e3eb43b608 Version: 1d22924e1c4e299337e86e290c02c3e3eb43b608 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:05.829477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:46.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-axxia/platsmp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a9b76c232a1ce4cbf27862097f7eb634dcc779eb",
"status": "affected",
"version": "1d22924e1c4e299337e86e290c02c3e3eb43b608",
"versionType": "git"
},
{
"lessThan": "b385cb59aac8d61c29bc72ebf3d19a536914af96",
"status": "affected",
"version": "1d22924e1c4e299337e86e290c02c3e3eb43b608",
"versionType": "git"
},
{
"lessThan": "71e12e5b02674459a24f16e965255d63b31fe049",
"status": "affected",
"version": "1d22924e1c4e299337e86e290c02c3e3eb43b608",
"versionType": "git"
},
{
"lessThan": "29ca9c4efacccdc15104a8d4bf10b5183fc92840",
"status": "affected",
"version": "1d22924e1c4e299337e86e290c02c3e3eb43b608",
"versionType": "git"
},
{
"lessThan": "44a5b3a073e5aaa5720929dba95b2725eb32bb65",
"status": "affected",
"version": "1d22924e1c4e299337e86e290c02c3e3eb43b608",
"versionType": "git"
},
{
"lessThan": "4d9c60e868f7cf8e09956e7d5bb44d807d712699",
"status": "affected",
"version": "1d22924e1c4e299337e86e290c02c3e3eb43b608",
"versionType": "git"
},
{
"lessThan": "3c19fe3f04f4f4e7a2b722c2fd3c98356fc1d72b",
"status": "affected",
"version": "1d22924e1c4e299337e86e290c02c3e3eb43b608",
"versionType": "git"
},
{
"lessThan": "7c7ff68daa93d8c4cdea482da4f2429c0398fcde",
"status": "affected",
"version": "1d22924e1c4e299337e86e290c02c3e3eb43b608",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-axxia/platsmp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.250",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.321",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.286",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.250",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.202",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: Fix refcount leak in axxia_boot_secondary\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:09.809Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a9b76c232a1ce4cbf27862097f7eb634dcc779eb"
},
{
"url": "https://git.kernel.org/stable/c/b385cb59aac8d61c29bc72ebf3d19a536914af96"
},
{
"url": "https://git.kernel.org/stable/c/71e12e5b02674459a24f16e965255d63b31fe049"
},
{
"url": "https://git.kernel.org/stable/c/29ca9c4efacccdc15104a8d4bf10b5183fc92840"
},
{
"url": "https://git.kernel.org/stable/c/44a5b3a073e5aaa5720929dba95b2725eb32bb65"
},
{
"url": "https://git.kernel.org/stable/c/4d9c60e868f7cf8e09956e7d5bb44d807d712699"
},
{
"url": "https://git.kernel.org/stable/c/3c19fe3f04f4f4e7a2b722c2fd3c98356fc1d72b"
},
{
"url": "https://git.kernel.org/stable/c/7c7ff68daa93d8c4cdea482da4f2429c0398fcde"
}
],
"title": "ARM: Fix refcount leak in axxia_boot_secondary",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49679",
"datePublished": "2025-02-26T02:24:09.299Z",
"dateReserved": "2025-02-26T02:21:30.439Z",
"dateUpdated": "2025-10-01T19:36:46.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49703 (GCVE-0-2022-49703)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: ibmvfc: Store vhost pointer during subcrq allocation
Currently the back pointer from a queue to the vhost adapter isn't set
until after subcrq interrupt registration. The value is available when a
queue is first allocated and can/should be also set for primary and async
queues as well as subcrqs.
This fixes a crash observed during kexec/kdump on Power 9 with legacy XICS
interrupt controller where a pending subcrq interrupt from the previous
kernel can be replayed immediately upon IRQ registration resulting in
dereference of a garbage backpointer in ibmvfc_interrupt_scsi().
Kernel attempted to read user page (58) - exploit attempt? (uid: 0)
BUG: Kernel NULL pointer dereference on read at 0x00000058
Faulting instruction address: 0xc008000003216a08
Oops: Kernel access of bad area, sig: 11 [#1]
...
NIP [c008000003216a08] ibmvfc_interrupt_scsi+0x40/0xb0 [ibmvfc]
LR [c0000000082079e8] __handle_irq_event_percpu+0x98/0x270
Call Trace:
[c000000047fa3d80] [c0000000123e6180] 0xc0000000123e6180 (unreliable)
[c000000047fa3df0] [c0000000082079e8] __handle_irq_event_percpu+0x98/0x270
[c000000047fa3ea0] [c000000008207d18] handle_irq_event+0x98/0x188
[c000000047fa3ef0] [c00000000820f564] handle_fasteoi_irq+0xc4/0x310
[c000000047fa3f40] [c000000008205c60] generic_handle_irq+0x50/0x80
[c000000047fa3f60] [c000000008015c40] __do_irq+0x70/0x1a0
[c000000047fa3f90] [c000000008016d7c] __do_IRQ+0x9c/0x130
[c000000014622f60] [0000000020000000] 0x20000000
[c000000014622ff0] [c000000008016e50] do_IRQ+0x40/0xa0
[c000000014623020] [c000000008017044] replay_soft_interrupts+0x194/0x2f0
[c000000014623210] [c0000000080172a8] arch_local_irq_restore+0x108/0x170
[c000000014623240] [c000000008eb1008] _raw_spin_unlock_irqrestore+0x58/0xb0
[c000000014623270] [c00000000820b12c] __setup_irq+0x49c/0x9f0
[c000000014623310] [c00000000820b7c0] request_threaded_irq+0x140/0x230
[c000000014623380] [c008000003212a50] ibmvfc_register_scsi_channel+0x1e8/0x2f0 [ibmvfc]
[c000000014623450] [c008000003213d1c] ibmvfc_init_sub_crqs+0xc4/0x1f0 [ibmvfc]
[c0000000146234d0] [c0080000032145a8] ibmvfc_reset_crq+0x150/0x210 [ibmvfc]
[c000000014623550] [c0080000032147c8] ibmvfc_init_crq+0x160/0x280 [ibmvfc]
[c0000000146235f0] [c00800000321a9cc] ibmvfc_probe+0x2a4/0x530 [ibmvfc]
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:32:39.217289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:45.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/ibmvscsi/ibmvfc.c",
"drivers/scsi/ibmvscsi/ibmvfc.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8540f66196ca35b7b5e902932571c18b9fde0cd1",
"status": "affected",
"version": "3034ebe26389740bb6b4a463e05afb51dc93c336",
"versionType": "git"
},
{
"lessThan": "6d38e3b614ded59da8b95377a98df969a5a5627a",
"status": "affected",
"version": "3034ebe26389740bb6b4a463e05afb51dc93c336",
"versionType": "git"
},
{
"lessThan": "aeaadcde1a60138bceb65de3cdaeec78170b4459",
"status": "affected",
"version": "3034ebe26389740bb6b4a463e05afb51dc93c336",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/ibmvscsi/ibmvfc.c",
"drivers/scsi/ibmvscsi/ibmvfc.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ibmvfc: Store vhost pointer during subcrq allocation\n\nCurrently the back pointer from a queue to the vhost adapter isn\u0027t set\nuntil after subcrq interrupt registration. The value is available when a\nqueue is first allocated and can/should be also set for primary and async\nqueues as well as subcrqs.\n\nThis fixes a crash observed during kexec/kdump on Power 9 with legacy XICS\ninterrupt controller where a pending subcrq interrupt from the previous\nkernel can be replayed immediately upon IRQ registration resulting in\ndereference of a garbage backpointer in ibmvfc_interrupt_scsi().\n\nKernel attempted to read user page (58) - exploit attempt? (uid: 0)\nBUG: Kernel NULL pointer dereference on read at 0x00000058\nFaulting instruction address: 0xc008000003216a08\nOops: Kernel access of bad area, sig: 11 [#1]\n...\nNIP [c008000003216a08] ibmvfc_interrupt_scsi+0x40/0xb0 [ibmvfc]\nLR [c0000000082079e8] __handle_irq_event_percpu+0x98/0x270\nCall Trace:\n[c000000047fa3d80] [c0000000123e6180] 0xc0000000123e6180 (unreliable)\n[c000000047fa3df0] [c0000000082079e8] __handle_irq_event_percpu+0x98/0x270\n[c000000047fa3ea0] [c000000008207d18] handle_irq_event+0x98/0x188\n[c000000047fa3ef0] [c00000000820f564] handle_fasteoi_irq+0xc4/0x310\n[c000000047fa3f40] [c000000008205c60] generic_handle_irq+0x50/0x80\n[c000000047fa3f60] [c000000008015c40] __do_irq+0x70/0x1a0\n[c000000047fa3f90] [c000000008016d7c] __do_IRQ+0x9c/0x130\n[c000000014622f60] [0000000020000000] 0x20000000\n[c000000014622ff0] [c000000008016e50] do_IRQ+0x40/0xa0\n[c000000014623020] [c000000008017044] replay_soft_interrupts+0x194/0x2f0\n[c000000014623210] [c0000000080172a8] arch_local_irq_restore+0x108/0x170\n[c000000014623240] [c000000008eb1008] _raw_spin_unlock_irqrestore+0x58/0xb0\n[c000000014623270] [c00000000820b12c] __setup_irq+0x49c/0x9f0\n[c000000014623310] [c00000000820b7c0] request_threaded_irq+0x140/0x230\n[c000000014623380] [c008000003212a50] ibmvfc_register_scsi_channel+0x1e8/0x2f0 [ibmvfc]\n[c000000014623450] [c008000003213d1c] ibmvfc_init_sub_crqs+0xc4/0x1f0 [ibmvfc]\n[c0000000146234d0] [c0080000032145a8] ibmvfc_reset_crq+0x150/0x210 [ibmvfc]\n[c000000014623550] [c0080000032147c8] ibmvfc_init_crq+0x160/0x280 [ibmvfc]\n[c0000000146235f0] [c00800000321a9cc] ibmvfc_probe+0x2a4/0x530 [ibmvfc]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:36.625Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8540f66196ca35b7b5e902932571c18b9fde0cd1"
},
{
"url": "https://git.kernel.org/stable/c/6d38e3b614ded59da8b95377a98df969a5a5627a"
},
{
"url": "https://git.kernel.org/stable/c/aeaadcde1a60138bceb65de3cdaeec78170b4459"
}
],
"title": "scsi: ibmvfc: Store vhost pointer during subcrq allocation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49703",
"datePublished": "2025-02-26T02:24:22.700Z",
"dateReserved": "2025-02-26T02:21:30.443Z",
"dateUpdated": "2025-10-01T19:36:45.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49093 (GCVE-0-2022-49093)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
skbuff: fix coalescing for page_pool fragment recycling
Fix a use-after-free when using page_pool with page fragments. We
encountered this problem during normal RX in the hns3 driver:
(1) Initially we have three descriptors in the RX queue. The first one
allocates PAGE1 through page_pool, and the other two allocate one
half of PAGE2 each. Page references look like this:
RX_BD1 _______ PAGE1
RX_BD2 _______ PAGE2
RX_BD3 _________/
(2) Handle RX on the first descriptor. Allocate SKB1, eventually added
to the receive queue by tcp_queue_rcv().
(3) Handle RX on the second descriptor. Allocate SKB2 and pass it to
netif_receive_skb():
netif_receive_skb(SKB2)
ip_rcv(SKB2)
SKB3 = skb_clone(SKB2)
SKB2 and SKB3 share a reference to PAGE2 through
skb_shinfo()->dataref. The other ref to PAGE2 is still held by
RX_BD3:
SKB2 ---+- PAGE2
SKB3 __/ /
RX_BD3 _________/
(3b) Now while handling TCP, coalesce SKB3 with SKB1:
tcp_v4_rcv(SKB3)
tcp_try_coalesce(to=SKB1, from=SKB3) // succeeds
kfree_skb_partial(SKB3)
skb_release_data(SKB3) // drops one dataref
SKB1 _____ PAGE1
\____
SKB2 _____ PAGE2
/
RX_BD3 _________/
In skb_try_coalesce(), __skb_frag_ref() takes a page reference to
PAGE2, where it should instead have increased the page_pool frag
reference, pp_frag_count. Without coalescing, when releasing both
SKB2 and SKB3, a single reference to PAGE2 would be dropped. Now
when releasing SKB1 and SKB2, two references to PAGE2 will be
dropped, resulting in underflow.
(3c) Drop SKB2:
af_packet_rcv(SKB2)
consume_skb(SKB2)
skb_release_data(SKB2) // drops second dataref
page_pool_return_skb_page(PAGE2) // drops one pp_frag_count
SKB1 _____ PAGE1
\____
PAGE2
/
RX_BD3 _________/
(4) Userspace calls recvmsg()
Copies SKB1 and releases it. Since SKB3 was coalesced with SKB1, we
release the SKB3 page as well:
tcp_eat_recv_skb(SKB1)
skb_release_data(SKB1)
page_pool_return_skb_page(PAGE1)
page_pool_return_skb_page(PAGE2) // drops second pp_frag_count
(5) PAGE2 is freed, but the third RX descriptor was still using it!
In our case this causes IOMMU faults, but it would silently corrupt
memory if the IOMMU was disabled.
Change the logic that checks whether pp_recycle SKBs can be coalesced.
We still reject differing pp_recycle between 'from' and 'to' SKBs, but
in order to avoid the situation described above, we also reject
coalescing when both 'from' and 'to' are pp_recycled and 'from' is
cloned.
The new logic allows coalescing a cloned pp_recycle SKB into a page
refcounted one, because in this case the release (4) will drop the right
reference, the one taken by skb_try_coalesce().
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:17:26.547109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:35.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ba965e8605aee5387cecaa28fcf7ee9f61779a49",
"status": "affected",
"version": "53e0961da1c7bbdabd1abebb20de403ec237ec09",
"versionType": "git"
},
{
"lessThan": "c4fa19615806a9a7e518c295b39175aa47a685ac",
"status": "affected",
"version": "53e0961da1c7bbdabd1abebb20de403ec237ec09",
"versionType": "git"
},
{
"lessThan": "72bb856d16e883437023ff2ff77d0c498018728a",
"status": "affected",
"version": "53e0961da1c7bbdabd1abebb20de403ec237ec09",
"versionType": "git"
},
{
"lessThan": "1effe8ca4e34c34cdd9318436a4232dcb582ebf4",
"status": "affected",
"version": "53e0961da1c7bbdabd1abebb20de403ec237ec09",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nskbuff: fix coalescing for page_pool fragment recycling\n\nFix a use-after-free when using page_pool with page fragments. We\nencountered this problem during normal RX in the hns3 driver:\n\n(1) Initially we have three descriptors in the RX queue. The first one\n allocates PAGE1 through page_pool, and the other two allocate one\n half of PAGE2 each. Page references look like this:\n\n RX_BD1 _______ PAGE1\n RX_BD2 _______ PAGE2\n RX_BD3 _________/\n\n(2) Handle RX on the first descriptor. Allocate SKB1, eventually added\n to the receive queue by tcp_queue_rcv().\n\n(3) Handle RX on the second descriptor. Allocate SKB2 and pass it to\n netif_receive_skb():\n\n netif_receive_skb(SKB2)\n ip_rcv(SKB2)\n SKB3 = skb_clone(SKB2)\n\n SKB2 and SKB3 share a reference to PAGE2 through\n skb_shinfo()-\u003edataref. The other ref to PAGE2 is still held by\n RX_BD3:\n\n SKB2 ---+- PAGE2\n SKB3 __/ /\n RX_BD3 _________/\n\n (3b) Now while handling TCP, coalesce SKB3 with SKB1:\n\n tcp_v4_rcv(SKB3)\n tcp_try_coalesce(to=SKB1, from=SKB3) // succeeds\n kfree_skb_partial(SKB3)\n skb_release_data(SKB3) // drops one dataref\n\n SKB1 _____ PAGE1\n \\____\n SKB2 _____ PAGE2\n /\n RX_BD3 _________/\n\n In skb_try_coalesce(), __skb_frag_ref() takes a page reference to\n PAGE2, where it should instead have increased the page_pool frag\n reference, pp_frag_count. Without coalescing, when releasing both\n SKB2 and SKB3, a single reference to PAGE2 would be dropped. Now\n when releasing SKB1 and SKB2, two references to PAGE2 will be\n dropped, resulting in underflow.\n\n (3c) Drop SKB2:\n\n af_packet_rcv(SKB2)\n consume_skb(SKB2)\n skb_release_data(SKB2) // drops second dataref\n page_pool_return_skb_page(PAGE2) // drops one pp_frag_count\n\n SKB1 _____ PAGE1\n \\____\n PAGE2\n /\n RX_BD3 _________/\n\n(4) Userspace calls recvmsg()\n Copies SKB1 and releases it. Since SKB3 was coalesced with SKB1, we\n release the SKB3 page as well:\n\n tcp_eat_recv_skb(SKB1)\n skb_release_data(SKB1)\n page_pool_return_skb_page(PAGE1)\n page_pool_return_skb_page(PAGE2) // drops second pp_frag_count\n\n(5) PAGE2 is freed, but the third RX descriptor was still using it!\n In our case this causes IOMMU faults, but it would silently corrupt\n memory if the IOMMU was disabled.\n\nChange the logic that checks whether pp_recycle SKBs can be coalesced.\nWe still reject differing pp_recycle between \u0027from\u0027 and \u0027to\u0027 SKBs, but\nin order to avoid the situation described above, we also reject\ncoalescing when both \u0027from\u0027 and \u0027to\u0027 are pp_recycled and \u0027from\u0027 is\ncloned.\n\nThe new logic allows coalescing a cloned pp_recycle SKB into a page\nrefcounted one, because in this case the release (4) will drop the right\nreference, the one taken by skb_try_coalesce()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:44.316Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ba965e8605aee5387cecaa28fcf7ee9f61779a49"
},
{
"url": "https://git.kernel.org/stable/c/c4fa19615806a9a7e518c295b39175aa47a685ac"
},
{
"url": "https://git.kernel.org/stable/c/72bb856d16e883437023ff2ff77d0c498018728a"
},
{
"url": "https://git.kernel.org/stable/c/1effe8ca4e34c34cdd9318436a4232dcb582ebf4"
}
],
"title": "skbuff: fix coalescing for page_pool fragment recycling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49093",
"datePublished": "2025-02-26T01:54:47.669Z",
"dateReserved": "2025-02-26T01:49:39.249Z",
"dateUpdated": "2025-05-04T08:29:44.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49468 (GCVE-0-2022-49468)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal/core: Fix memory leak in __thermal_cooling_device_register()
I got memory leak as follows when doing fault injection test:
unreferenced object 0xffff888010080000 (size 264312):
comm "182", pid 102533, jiffies 4296434960 (age 10.100s)
hex dump (first 32 bytes):
00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
ff ff ff ff ff ff ff ff 40 7f 1f b9 ff ff ff ff ........@.......
backtrace:
[<0000000038b2f4fc>] kmalloc_order_trace+0x1d/0x110 mm/slab_common.c:969
[<00000000ebcb8da5>] __kmalloc+0x373/0x420 include/linux/slab.h:510
[<0000000084137f13>] thermal_cooling_device_setup_sysfs+0x15d/0x2d0 include/linux/slab.h:586
[<00000000352b8755>] __thermal_cooling_device_register+0x332/0xa60 drivers/thermal/thermal_core.c:927
[<00000000fb9f331b>] devm_thermal_of_cooling_device_register+0x6b/0xf0 drivers/thermal/thermal_core.c:1041
[<000000009b8012d2>] max6650_probe.cold+0x557/0x6aa drivers/hwmon/max6650.c:211
[<00000000da0b7e04>] i2c_device_probe+0x472/0xac0 drivers/i2c/i2c-core-base.c:561
If device_register() fails, thermal_cooling_device_destroy_sysfs() need be called
to free the memory allocated in thermal_cooling_device_setup_sysfs().
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:52.745332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:46.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "18530bedd221160823f63ccc20dd55c7a03edbcf",
"status": "affected",
"version": "8ea229511e06f9635ecc338dcbe0db41a73623f0",
"versionType": "git"
},
{
"lessThan": "21ccc58b671aea924f2481cf5c1cf0ebbfd3552d",
"status": "affected",
"version": "8ea229511e06f9635ecc338dcbe0db41a73623f0",
"versionType": "git"
},
{
"lessThan": "3802171f0b5b8b831f4ade5c827547cb323a5bb2",
"status": "affected",
"version": "8ea229511e06f9635ecc338dcbe0db41a73623f0",
"versionType": "git"
},
{
"lessThan": "9abdf0c0184230f0cb5c6685aabf33dda89aa9fb",
"status": "affected",
"version": "8ea229511e06f9635ecc338dcbe0db41a73623f0",
"versionType": "git"
},
{
"lessThan": "98a160e898c0f4a979af9de3ab48b4b1d42d1dbb",
"status": "affected",
"version": "8ea229511e06f9635ecc338dcbe0db41a73623f0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/core: Fix memory leak in __thermal_cooling_device_register()\n\nI got memory leak as follows when doing fault injection test:\n\nunreferenced object 0xffff888010080000 (size 264312):\n comm \"182\", pid 102533, jiffies 4296434960 (age 10.100s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 40 7f 1f b9 ff ff ff ff ........@.......\n backtrace:\n [\u003c0000000038b2f4fc\u003e] kmalloc_order_trace+0x1d/0x110 mm/slab_common.c:969\n [\u003c00000000ebcb8da5\u003e] __kmalloc+0x373/0x420 include/linux/slab.h:510\n [\u003c0000000084137f13\u003e] thermal_cooling_device_setup_sysfs+0x15d/0x2d0 include/linux/slab.h:586\n [\u003c00000000352b8755\u003e] __thermal_cooling_device_register+0x332/0xa60 drivers/thermal/thermal_core.c:927\n [\u003c00000000fb9f331b\u003e] devm_thermal_of_cooling_device_register+0x6b/0xf0 drivers/thermal/thermal_core.c:1041\n [\u003c000000009b8012d2\u003e] max6650_probe.cold+0x557/0x6aa drivers/hwmon/max6650.c:211\n [\u003c00000000da0b7e04\u003e] i2c_device_probe+0x472/0xac0 drivers/i2c/i2c-core-base.c:561\n\nIf device_register() fails, thermal_cooling_device_destroy_sysfs() need be called\nto free the memory allocated in thermal_cooling_device_setup_sysfs()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:23.159Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/18530bedd221160823f63ccc20dd55c7a03edbcf"
},
{
"url": "https://git.kernel.org/stable/c/21ccc58b671aea924f2481cf5c1cf0ebbfd3552d"
},
{
"url": "https://git.kernel.org/stable/c/3802171f0b5b8b831f4ade5c827547cb323a5bb2"
},
{
"url": "https://git.kernel.org/stable/c/9abdf0c0184230f0cb5c6685aabf33dda89aa9fb"
},
{
"url": "https://git.kernel.org/stable/c/98a160e898c0f4a979af9de3ab48b4b1d42d1dbb"
}
],
"title": "thermal/core: Fix memory leak in __thermal_cooling_device_register()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49468",
"datePublished": "2025-02-26T02:13:12.713Z",
"dateReserved": "2025-02-26T02:08:31.578Z",
"dateUpdated": "2025-10-01T19:46:46.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49147 (GCVE-0-2022-49147)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: Fix the maximum minor value is blk_alloc_ext_minor()
ida_alloc_range(..., min, max, ...) returns values from min to max,
inclusive.
So, NR_EXT_DEVT is a valid idx returned by blk_alloc_ext_minor().
This is an issue because in device_add_disk(), this value is used in:
ddev->devt = MKDEV(disk->major, disk->first_minor);
and NR_EXT_DEVT is '(1 << MINORBITS)'.
So, should 'disk->first_minor' be NR_EXT_DEVT, it would overflow.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/genhd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5b9ac3727e4abb11c9cfbe9c0781fc05dfdd7cfb",
"status": "affected",
"version": "22ae8ce8b89241c94ac00c237752c0ffa37ba5ae",
"versionType": "git"
},
{
"lessThan": "0f8cf8f5ccbad25ed6828875b222dbab29d5c272",
"status": "affected",
"version": "22ae8ce8b89241c94ac00c237752c0ffa37ba5ae",
"versionType": "git"
},
{
"lessThan": "fbe2cc4525480ddd20c866bb5c0578071e01451a",
"status": "affected",
"version": "22ae8ce8b89241c94ac00c237752c0ffa37ba5ae",
"versionType": "git"
},
{
"lessThan": "d1868328dec5ae2cf210111025fcbc71f78dd5ca",
"status": "affected",
"version": "22ae8ce8b89241c94ac00c237752c0ffa37ba5ae",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/genhd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix the maximum minor value is blk_alloc_ext_minor()\n\nida_alloc_range(..., min, max, ...) returns values from min to max,\ninclusive.\n\nSo, NR_EXT_DEVT is a valid idx returned by blk_alloc_ext_minor().\n\nThis is an issue because in device_add_disk(), this value is used in:\n ddev-\u003edevt = MKDEV(disk-\u003emajor, disk-\u003efirst_minor);\nand NR_EXT_DEVT is \u0027(1 \u003c\u003c MINORBITS)\u0027.\n\nSo, should \u0027disk-\u003efirst_minor\u0027 be NR_EXT_DEVT, it would overflow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:59.109Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5b9ac3727e4abb11c9cfbe9c0781fc05dfdd7cfb"
},
{
"url": "https://git.kernel.org/stable/c/0f8cf8f5ccbad25ed6828875b222dbab29d5c272"
},
{
"url": "https://git.kernel.org/stable/c/fbe2cc4525480ddd20c866bb5c0578071e01451a"
},
{
"url": "https://git.kernel.org/stable/c/d1868328dec5ae2cf210111025fcbc71f78dd5ca"
}
],
"title": "block: Fix the maximum minor value is blk_alloc_ext_minor()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49147",
"datePublished": "2025-02-26T01:55:15.373Z",
"dateReserved": "2025-02-26T01:49:39.271Z",
"dateUpdated": "2025-05-04T08:30:59.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49261 (GCVE-0-2022-49261)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: add missing boundary check in vm_access
A missing bounds check in vm_access() can lead to an out-of-bounds read
or write in the adjacent memory area, since the len attribute is not
validated before the memcpy later in the function, potentially hitting:
[ 183.637831] BUG: unable to handle page fault for address: ffffc90000c86000
[ 183.637934] #PF: supervisor read access in kernel mode
[ 183.637997] #PF: error_code(0x0000) - not-present page
[ 183.638059] PGD 100000067 P4D 100000067 PUD 100258067 PMD 106341067 PTE 0
[ 183.638144] Oops: 0000 [#2] PREEMPT SMP NOPTI
[ 183.638201] CPU: 3 PID: 1790 Comm: poc Tainted: G D 5.17.0-rc6-ci-drm-11296+ #1
[ 183.638298] Hardware name: Intel Corporation CoffeeLake Client Platform/CoffeeLake H DDR4 RVP, BIOS CNLSFWR1.R00.X208.B00.1905301319 05/30/2019
[ 183.638430] RIP: 0010:memcpy_erms+0x6/0x10
[ 183.640213] RSP: 0018:ffffc90001763d48 EFLAGS: 00010246
[ 183.641117] RAX: ffff888109c14000 RBX: ffff888111bece40 RCX: 0000000000000ffc
[ 183.642029] RDX: 0000000000001000 RSI: ffffc90000c86000 RDI: ffff888109c14004
[ 183.642946] RBP: 0000000000000ffc R08: 800000000000016b R09: 0000000000000000
[ 183.643848] R10: ffffc90000c85000 R11: 0000000000000048 R12: 0000000000001000
[ 183.644742] R13: ffff888111bed190 R14: ffff888109c14000 R15: 0000000000001000
[ 183.645653] FS: 00007fe5ef807540(0000) GS:ffff88845b380000(0000) knlGS:0000000000000000
[ 183.646570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 183.647481] CR2: ffffc90000c86000 CR3: 000000010ff02006 CR4: 00000000003706e0
[ 183.648384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 183.649271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 183.650142] Call Trace:
[ 183.650988] <TASK>
[ 183.651793] vm_access+0x1f0/0x2a0 [i915]
[ 183.652726] __access_remote_vm+0x224/0x380
[ 183.653561] mem_rw.isra.0+0xf9/0x190
[ 183.654402] vfs_read+0x9d/0x1b0
[ 183.655238] ksys_read+0x63/0xe0
[ 183.656065] do_syscall_64+0x38/0xc0
[ 183.656882] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 183.657663] RIP: 0033:0x7fe5ef725142
[ 183.659351] RSP: 002b:00007ffe1e81c7e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 183.660227] RAX: ffffffffffffffda RBX: 0000557055dfb780 RCX: 00007fe5ef725142
[ 183.661104] RDX: 0000000000001000 RSI: 00007ffe1e81d880 RDI: 0000000000000005
[ 183.661972] RBP: 00007ffe1e81e890 R08: 0000000000000030 R09: 0000000000000046
[ 183.662832] R10: 0000557055dfc2e0 R11: 0000000000000246 R12: 0000557055dfb1c0
[ 183.663691] R13: 00007ffe1e81e980 R14: 0000000000000000 R15: 0000000000000000
Changes since v1:
- Updated if condition with range_overflows_t [Chris Wilson]
[mauld: tidy up the commit message and add Cc: stable]
(cherry picked from commit 661412e301e2ca86799aa4f400d1cf0bd38c57c6)
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gem/i915_gem_mman.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "89ddcc81914ab58cc203acc844f27d55ada8ec0e",
"status": "affected",
"version": "9f909e215fea0652023b9ed09d3d7bfe10386423",
"versionType": "git"
},
{
"lessThan": "312d3d4f49e12f97260bcf972c848c3562126a18",
"status": "affected",
"version": "9f909e215fea0652023b9ed09d3d7bfe10386423",
"versionType": "git"
},
{
"lessThan": "5f6e560e3e86ac053447524224e411034f41f5c7",
"status": "affected",
"version": "9f909e215fea0652023b9ed09d3d7bfe10386423",
"versionType": "git"
},
{
"lessThan": "8f0ebea8f6e8c474264ed97d7a64c9c09ed4f5aa",
"status": "affected",
"version": "9f909e215fea0652023b9ed09d3d7bfe10386423",
"versionType": "git"
},
{
"lessThan": "3886a86e7e6cc6ce2ce93c440fecd8f42aed0ce7",
"status": "affected",
"version": "9f909e215fea0652023b9ed09d3d7bfe10386423",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gem/i915_gem_mman.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: add missing boundary check in vm_access\n\nA missing bounds check in vm_access() can lead to an out-of-bounds read\nor write in the adjacent memory area, since the len attribute is not\nvalidated before the memcpy later in the function, potentially hitting:\n\n[ 183.637831] BUG: unable to handle page fault for address: ffffc90000c86000\n[ 183.637934] #PF: supervisor read access in kernel mode\n[ 183.637997] #PF: error_code(0x0000) - not-present page\n[ 183.638059] PGD 100000067 P4D 100000067 PUD 100258067 PMD 106341067 PTE 0\n[ 183.638144] Oops: 0000 [#2] PREEMPT SMP NOPTI\n[ 183.638201] CPU: 3 PID: 1790 Comm: poc Tainted: G D 5.17.0-rc6-ci-drm-11296+ #1\n[ 183.638298] Hardware name: Intel Corporation CoffeeLake Client Platform/CoffeeLake H DDR4 RVP, BIOS CNLSFWR1.R00.X208.B00.1905301319 05/30/2019\n[ 183.638430] RIP: 0010:memcpy_erms+0x6/0x10\n[ 183.640213] RSP: 0018:ffffc90001763d48 EFLAGS: 00010246\n[ 183.641117] RAX: ffff888109c14000 RBX: ffff888111bece40 RCX: 0000000000000ffc\n[ 183.642029] RDX: 0000000000001000 RSI: ffffc90000c86000 RDI: ffff888109c14004\n[ 183.642946] RBP: 0000000000000ffc R08: 800000000000016b R09: 0000000000000000\n[ 183.643848] R10: ffffc90000c85000 R11: 0000000000000048 R12: 0000000000001000\n[ 183.644742] R13: ffff888111bed190 R14: ffff888109c14000 R15: 0000000000001000\n[ 183.645653] FS: 00007fe5ef807540(0000) GS:ffff88845b380000(0000) knlGS:0000000000000000\n[ 183.646570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 183.647481] CR2: ffffc90000c86000 CR3: 000000010ff02006 CR4: 00000000003706e0\n[ 183.648384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 183.649271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 183.650142] Call Trace:\n[ 183.650988] \u003cTASK\u003e\n[ 183.651793] vm_access+0x1f0/0x2a0 [i915]\n[ 183.652726] __access_remote_vm+0x224/0x380\n[ 183.653561] mem_rw.isra.0+0xf9/0x190\n[ 183.654402] vfs_read+0x9d/0x1b0\n[ 183.655238] ksys_read+0x63/0xe0\n[ 183.656065] do_syscall_64+0x38/0xc0\n[ 183.656882] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 183.657663] RIP: 0033:0x7fe5ef725142\n[ 183.659351] RSP: 002b:00007ffe1e81c7e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n[ 183.660227] RAX: ffffffffffffffda RBX: 0000557055dfb780 RCX: 00007fe5ef725142\n[ 183.661104] RDX: 0000000000001000 RSI: 00007ffe1e81d880 RDI: 0000000000000005\n[ 183.661972] RBP: 00007ffe1e81e890 R08: 0000000000000030 R09: 0000000000000046\n[ 183.662832] R10: 0000557055dfc2e0 R11: 0000000000000246 R12: 0000557055dfb1c0\n[ 183.663691] R13: 00007ffe1e81e980 R14: 0000000000000000 R15: 0000000000000000\n\nChanges since v1:\n - Updated if condition with range_overflows_t [Chris Wilson]\n\n[mauld: tidy up the commit message and add Cc: stable]\n(cherry picked from commit 661412e301e2ca86799aa4f400d1cf0bd38c57c6)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:36.170Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/89ddcc81914ab58cc203acc844f27d55ada8ec0e"
},
{
"url": "https://git.kernel.org/stable/c/312d3d4f49e12f97260bcf972c848c3562126a18"
},
{
"url": "https://git.kernel.org/stable/c/5f6e560e3e86ac053447524224e411034f41f5c7"
},
{
"url": "https://git.kernel.org/stable/c/8f0ebea8f6e8c474264ed97d7a64c9c09ed4f5aa"
},
{
"url": "https://git.kernel.org/stable/c/3886a86e7e6cc6ce2ce93c440fecd8f42aed0ce7"
}
],
"title": "drm/i915/gem: add missing boundary check in vm_access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49261",
"datePublished": "2025-02-26T01:56:13.077Z",
"dateReserved": "2025-02-26T01:49:39.296Z",
"dateUpdated": "2025-05-04T08:33:36.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58014 (GCVE-0-2024-58014)
Vulnerability from cvelistv5
Published
2025-02-27 02:12
Modified
2025-11-03 19:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
In 'wlc_phy_iqcal_gainparams_nphy()', add gain range check to WARN()
instead of possible out-of-bounds 'tbl_iqcal_gainparams_nphy' access.
Compile tested only.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5b435de0d786869c95d1962121af0d7df2542009 Version: 5b435de0d786869c95d1962121af0d7df2542009 Version: 5b435de0d786869c95d1962121af0d7df2542009 Version: 5b435de0d786869c95d1962121af0d7df2542009 Version: 5b435de0d786869c95d1962121af0d7df2542009 Version: 5b435de0d786869c95d1962121af0d7df2542009 Version: 5b435de0d786869c95d1962121af0d7df2542009 Version: 5b435de0d786869c95d1962121af0d7df2542009 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:33:31.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0a457223cb2b9ca46bae7de387d0f4c093b0220d",
"status": "affected",
"version": "5b435de0d786869c95d1962121af0d7df2542009",
"versionType": "git"
},
{
"lessThan": "13ef16c4fe384b1e70277bbe1d87934ee6c81e12",
"status": "affected",
"version": "5b435de0d786869c95d1962121af0d7df2542009",
"versionType": "git"
},
{
"lessThan": "d280a12e9b87819a8a209639d600b48a2d6d65dc",
"status": "affected",
"version": "5b435de0d786869c95d1962121af0d7df2542009",
"versionType": "git"
},
{
"lessThan": "ada9df08b3ef683507e75b92f522fb659260147f",
"status": "affected",
"version": "5b435de0d786869c95d1962121af0d7df2542009",
"versionType": "git"
},
{
"lessThan": "093286c33409bf38896f2dab0c0bb6ca388afb33",
"status": "affected",
"version": "5b435de0d786869c95d1962121af0d7df2542009",
"versionType": "git"
},
{
"lessThan": "c27ce584d274f6ad3cba2294497de824a3c66646",
"status": "affected",
"version": "5b435de0d786869c95d1962121af0d7df2542009",
"versionType": "git"
},
{
"lessThan": "6f6e293246dc1f5b2b6b3d0f2d757598489cda79",
"status": "affected",
"version": "5b435de0d786869c95d1962121af0d7df2542009",
"versionType": "git"
},
{
"lessThan": "3f4a0948c3524ae50f166dbc6572a3296b014e62",
"status": "affected",
"version": "5b435de0d786869c95d1962121af0d7df2542009",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.2"
},
{
"lessThan": "3.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.78",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.14",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.3",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn \u0027wlc_phy_iqcal_gainparams_nphy()\u0027, add gain range check to WARN()\ninstead of possible out-of-bounds \u0027tbl_iqcal_gainparams_nphy\u0027 access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T09:13:49.431Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0a457223cb2b9ca46bae7de387d0f4c093b0220d"
},
{
"url": "https://git.kernel.org/stable/c/13ef16c4fe384b1e70277bbe1d87934ee6c81e12"
},
{
"url": "https://git.kernel.org/stable/c/d280a12e9b87819a8a209639d600b48a2d6d65dc"
},
{
"url": "https://git.kernel.org/stable/c/ada9df08b3ef683507e75b92f522fb659260147f"
},
{
"url": "https://git.kernel.org/stable/c/093286c33409bf38896f2dab0c0bb6ca388afb33"
},
{
"url": "https://git.kernel.org/stable/c/c27ce584d274f6ad3cba2294497de824a3c66646"
},
{
"url": "https://git.kernel.org/stable/c/6f6e293246dc1f5b2b6b3d0f2d757598489cda79"
},
{
"url": "https://git.kernel.org/stable/c/3f4a0948c3524ae50f166dbc6572a3296b014e62"
}
],
"title": "wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-58014",
"datePublished": "2025-02-27T02:12:07.344Z",
"dateReserved": "2025-02-27T02:10:48.227Z",
"dateUpdated": "2025-11-03T19:33:31.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49460 (GCVE-0-2022-49460)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: rk3399_dmc: Disable edev on remove()
Otherwise we hit an unablanced enable-count when unbinding the DFI
device:
[ 1279.659119] ------------[ cut here ]------------
[ 1279.659179] WARNING: CPU: 2 PID: 5638 at drivers/devfreq/devfreq-event.c:360 devfreq_event_remove_edev+0x84/0x8c
...
[ 1279.659352] Hardware name: Google Kevin (DT)
[ 1279.659363] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--)
[ 1279.659371] pc : devfreq_event_remove_edev+0x84/0x8c
[ 1279.659380] lr : devm_devfreq_event_release+0x1c/0x28
...
[ 1279.659571] Call trace:
[ 1279.659582] devfreq_event_remove_edev+0x84/0x8c
[ 1279.659590] devm_devfreq_event_release+0x1c/0x28
[ 1279.659602] release_nodes+0x1cc/0x244
[ 1279.659611] devres_release_all+0x44/0x60
[ 1279.659621] device_release_driver_internal+0x11c/0x1ac
[ 1279.659629] device_driver_detach+0x20/0x2c
[ 1279.659641] unbind_store+0x7c/0xb0
[ 1279.659650] drv_attr_store+0x2c/0x40
[ 1279.659663] sysfs_kf_write+0x44/0x58
[ 1279.659672] kernfs_fop_write_iter+0xf4/0x190
[ 1279.659684] vfs_write+0x2b0/0x2e4
[ 1279.659693] ksys_write+0x80/0xec
[ 1279.659701] __arm64_sys_write+0x24/0x30
[ 1279.659714] el0_svc_common+0xf0/0x1d8
[ 1279.659724] do_el0_svc_compat+0x28/0x3c
[ 1279.659738] el0_svc_compat+0x10/0x1c
[ 1279.659746] el0_sync_compat_handler+0xa8/0xcc
[ 1279.659758] el0_sync_compat+0x188/0x1c0
[ 1279.659768] ---[ end trace cec200e5094155b4 ]---
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5a893e31a636cca3798af2db5aee8d3d144b1e1e Version: 5a893e31a636cca3798af2db5aee8d3d144b1e1e Version: 5a893e31a636cca3798af2db5aee8d3d144b1e1e Version: 5a893e31a636cca3798af2db5aee8d3d144b1e1e Version: 5a893e31a636cca3798af2db5aee8d3d144b1e1e Version: 5a893e31a636cca3798af2db5aee8d3d144b1e1e Version: 5a893e31a636cca3798af2db5aee8d3d144b1e1e |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/devfreq/rk3399_dmc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "664736e2cc09e504ce58ec61164d029d1f2651bb",
"status": "affected",
"version": "5a893e31a636cca3798af2db5aee8d3d144b1e1e",
"versionType": "git"
},
{
"lessThan": "a0180e324a9a63de8f770da300477b48cb4a53f1",
"status": "affected",
"version": "5a893e31a636cca3798af2db5aee8d3d144b1e1e",
"versionType": "git"
},
{
"lessThan": "86b091b6894c449d2734de7aa7d79ccb33ffd97d",
"status": "affected",
"version": "5a893e31a636cca3798af2db5aee8d3d144b1e1e",
"versionType": "git"
},
{
"lessThan": "cb1be1d4be18fe286ba5a67d928598378fd7fbe5",
"status": "affected",
"version": "5a893e31a636cca3798af2db5aee8d3d144b1e1e",
"versionType": "git"
},
{
"lessThan": "fb089b6f21de03a685dd31df3789bbb01c59f8e3",
"status": "affected",
"version": "5a893e31a636cca3798af2db5aee8d3d144b1e1e",
"versionType": "git"
},
{
"lessThan": "a9c2b23a7ac6ab19214cad8cac8af8608a4d9cef",
"status": "affected",
"version": "5a893e31a636cca3798af2db5aee8d3d144b1e1e",
"versionType": "git"
},
{
"lessThan": "2fccf9e6050e0e3b8b4cd275d41daf7f7fa22804",
"status": "affected",
"version": "5a893e31a636cca3798af2db5aee8d3d144b1e1e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/devfreq/rk3399_dmc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: rk3399_dmc: Disable edev on remove()\n\nOtherwise we hit an unablanced enable-count when unbinding the DFI\ndevice:\n\n[ 1279.659119] ------------[ cut here ]------------\n[ 1279.659179] WARNING: CPU: 2 PID: 5638 at drivers/devfreq/devfreq-event.c:360 devfreq_event_remove_edev+0x84/0x8c\n...\n[ 1279.659352] Hardware name: Google Kevin (DT)\n[ 1279.659363] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--)\n[ 1279.659371] pc : devfreq_event_remove_edev+0x84/0x8c\n[ 1279.659380] lr : devm_devfreq_event_release+0x1c/0x28\n...\n[ 1279.659571] Call trace:\n[ 1279.659582] devfreq_event_remove_edev+0x84/0x8c\n[ 1279.659590] devm_devfreq_event_release+0x1c/0x28\n[ 1279.659602] release_nodes+0x1cc/0x244\n[ 1279.659611] devres_release_all+0x44/0x60\n[ 1279.659621] device_release_driver_internal+0x11c/0x1ac\n[ 1279.659629] device_driver_detach+0x20/0x2c\n[ 1279.659641] unbind_store+0x7c/0xb0\n[ 1279.659650] drv_attr_store+0x2c/0x40\n[ 1279.659663] sysfs_kf_write+0x44/0x58\n[ 1279.659672] kernfs_fop_write_iter+0xf4/0x190\n[ 1279.659684] vfs_write+0x2b0/0x2e4\n[ 1279.659693] ksys_write+0x80/0xec\n[ 1279.659701] __arm64_sys_write+0x24/0x30\n[ 1279.659714] el0_svc_common+0xf0/0x1d8\n[ 1279.659724] do_el0_svc_compat+0x28/0x3c\n[ 1279.659738] el0_svc_compat+0x10/0x1c\n[ 1279.659746] el0_sync_compat_handler+0xa8/0xcc\n[ 1279.659758] el0_sync_compat+0x188/0x1c0\n[ 1279.659768] ---[ end trace cec200e5094155b4 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:13.409Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/664736e2cc09e504ce58ec61164d029d1f2651bb"
},
{
"url": "https://git.kernel.org/stable/c/a0180e324a9a63de8f770da300477b48cb4a53f1"
},
{
"url": "https://git.kernel.org/stable/c/86b091b6894c449d2734de7aa7d79ccb33ffd97d"
},
{
"url": "https://git.kernel.org/stable/c/cb1be1d4be18fe286ba5a67d928598378fd7fbe5"
},
{
"url": "https://git.kernel.org/stable/c/fb089b6f21de03a685dd31df3789bbb01c59f8e3"
},
{
"url": "https://git.kernel.org/stable/c/a9c2b23a7ac6ab19214cad8cac8af8608a4d9cef"
},
{
"url": "https://git.kernel.org/stable/c/2fccf9e6050e0e3b8b4cd275d41daf7f7fa22804"
}
],
"title": "PM / devfreq: rk3399_dmc: Disable edev on remove()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49460",
"datePublished": "2025-02-26T02:13:07.635Z",
"dateReserved": "2025-02-26T02:08:31.576Z",
"dateUpdated": "2025-05-04T08:38:13.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49657 (GCVE-0-2022-49657)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usbnet: fix memory leak in error case
usbnet_write_cmd_async() mixed up which buffers
need to be freed in which error case.
v2: add Fixes tag
v3: fix uninitialized buf pointer
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 877bd862f32b815d54ab5fc10a4fd903d7bf3012 Version: 877bd862f32b815d54ab5fc10a4fd903d7bf3012 Version: 877bd862f32b815d54ab5fc10a4fd903d7bf3012 Version: 877bd862f32b815d54ab5fc10a4fd903d7bf3012 Version: 877bd862f32b815d54ab5fc10a4fd903d7bf3012 Version: 877bd862f32b815d54ab5fc10a4fd903d7bf3012 Version: 877bd862f32b815d54ab5fc10a4fd903d7bf3012 Version: 877bd862f32b815d54ab5fc10a4fd903d7bf3012 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:31.536163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:47.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/usbnet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3eed421ca5c809da93456f69203d164d5220be3d",
"status": "affected",
"version": "877bd862f32b815d54ab5fc10a4fd903d7bf3012",
"versionType": "git"
},
{
"lessThan": "5269209f54dd8dfd15f9383f3a3a1fe8370764f8",
"status": "affected",
"version": "877bd862f32b815d54ab5fc10a4fd903d7bf3012",
"versionType": "git"
},
{
"lessThan": "d5165e657987ff4ba0ace896d4376a3718a9fbc3",
"status": "affected",
"version": "877bd862f32b815d54ab5fc10a4fd903d7bf3012",
"versionType": "git"
},
{
"lessThan": "04894ab34faf40ab72a8a5ab5b404bb0606bbbff",
"status": "affected",
"version": "877bd862f32b815d54ab5fc10a4fd903d7bf3012",
"versionType": "git"
},
{
"lessThan": "0085da9df3dced730027923a6b48f58e9016af91",
"status": "affected",
"version": "877bd862f32b815d54ab5fc10a4fd903d7bf3012",
"versionType": "git"
},
{
"lessThan": "db89582ff330556188da856e01382ccbf3a5e706",
"status": "affected",
"version": "877bd862f32b815d54ab5fc10a4fd903d7bf3012",
"versionType": "git"
},
{
"lessThan": "e7b4f69946a38209b4a4f660bf0e4cbed94f9b4b",
"status": "affected",
"version": "877bd862f32b815d54ab5fc10a4fd903d7bf3012",
"versionType": "git"
},
{
"lessThan": "b55a21b764c1e182014630fa5486d717484ac58f",
"status": "affected",
"version": "877bd862f32b815d54ab5fc10a4fd903d7bf3012",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/usbnet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.288",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.252",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.205",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.323",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.288",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.252",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.205",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.130",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.11",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: fix memory leak in error case\n\nusbnet_write_cmd_async() mixed up which buffers\nneed to be freed in which error case.\n\nv2: add Fixes tag\nv3: fix uninitialized buf pointer"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:43.187Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3eed421ca5c809da93456f69203d164d5220be3d"
},
{
"url": "https://git.kernel.org/stable/c/5269209f54dd8dfd15f9383f3a3a1fe8370764f8"
},
{
"url": "https://git.kernel.org/stable/c/d5165e657987ff4ba0ace896d4376a3718a9fbc3"
},
{
"url": "https://git.kernel.org/stable/c/04894ab34faf40ab72a8a5ab5b404bb0606bbbff"
},
{
"url": "https://git.kernel.org/stable/c/0085da9df3dced730027923a6b48f58e9016af91"
},
{
"url": "https://git.kernel.org/stable/c/db89582ff330556188da856e01382ccbf3a5e706"
},
{
"url": "https://git.kernel.org/stable/c/e7b4f69946a38209b4a4f660bf0e4cbed94f9b4b"
},
{
"url": "https://git.kernel.org/stable/c/b55a21b764c1e182014630fa5486d717484ac58f"
}
],
"title": "usbnet: fix memory leak in error case",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49657",
"datePublished": "2025-02-26T02:23:56.417Z",
"dateReserved": "2025-02-26T02:21:30.434Z",
"dateUpdated": "2025-10-01T19:36:47.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49466 (GCVE-0-2022-49466)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
regulator: scmi: Fix refcount leak in scmi_regulator_probe
of_find_node_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:59.206657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:46.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/regulator/scmi-regulator.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9ebbfa73d69909b7c737f599fd4ebd42318fc881",
"status": "affected",
"version": "0fbeae70ee7ce98e18a47337cd1f205dd88589e9",
"versionType": "git"
},
{
"lessThan": "299a002161c7bfb72e99ba45e5b660aecc344ea0",
"status": "affected",
"version": "0fbeae70ee7ce98e18a47337cd1f205dd88589e9",
"versionType": "git"
},
{
"lessThan": "4a59c763ef9b68c711dc2fd2ef4a6648da5480ee",
"status": "affected",
"version": "0fbeae70ee7ce98e18a47337cd1f205dd88589e9",
"versionType": "git"
},
{
"lessThan": "68d6c8476fd4f448e70e0ab31ff972838ac41dae",
"status": "affected",
"version": "0fbeae70ee7ce98e18a47337cd1f205dd88589e9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/regulator/scmi-regulator.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: scmi: Fix refcount leak in scmi_regulator_probe\n\nof_find_node_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:20.561Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9ebbfa73d69909b7c737f599fd4ebd42318fc881"
},
{
"url": "https://git.kernel.org/stable/c/299a002161c7bfb72e99ba45e5b660aecc344ea0"
},
{
"url": "https://git.kernel.org/stable/c/4a59c763ef9b68c711dc2fd2ef4a6648da5480ee"
},
{
"url": "https://git.kernel.org/stable/c/68d6c8476fd4f448e70e0ab31ff972838ac41dae"
}
],
"title": "regulator: scmi: Fix refcount leak in scmi_regulator_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49466",
"datePublished": "2025-02-26T02:13:11.520Z",
"dateReserved": "2025-02-26T02:08:31.577Z",
"dateUpdated": "2025-10-01T19:46:46.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49568 (GCVE-0-2022-49568)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: Don't null dereference ops->destroy
A KVM device cleanup happens in either of two callbacks:
1) destroy() which is called when the VM is being destroyed;
2) release() which is called when a device fd is closed.
Most KVM devices use 1) but Book3s's interrupt controller KVM devices
(XICS, XIVE, XIVE-native) use 2) as they need to close and reopen during
the machine execution. The error handling in kvm_ioctl_create_device()
assumes destroy() is always defined which leads to NULL dereference as
discovered by Syzkaller.
This adds a checks for destroy!=NULL and adds a missing release().
This is not changing kvm_destroy_devices() as devices with defined
release() should have been removed from the KVM devices list by then.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:36:56.420307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:37.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"virt/kvm/kvm_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "170465715a60cbb7876e6b961b21bd3225469da8",
"status": "affected",
"version": "852b6d57dc7fa378019786fa84727036e56839ea",
"versionType": "git"
},
{
"lessThan": "3616776bc51cd3262bb1be60cc01c72e0a1959cf",
"status": "affected",
"version": "852b6d57dc7fa378019786fa84727036e56839ea",
"versionType": "git"
},
{
"lessThan": "e91665fbbf3ccb268b268a7d71a6513538d813ac",
"status": "affected",
"version": "852b6d57dc7fa378019786fa84727036e56839ea",
"versionType": "git"
},
{
"lessThan": "d4a5a79b780891c5cbdfdc6124d46fdf8d13dba1",
"status": "affected",
"version": "852b6d57dc7fa378019786fa84727036e56839ea",
"versionType": "git"
},
{
"lessThan": "e8bc2427018826e02add7b0ed0fc625a60390ae5",
"status": "affected",
"version": "852b6d57dc7fa378019786fa84727036e56839ea",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"virt/kvm/kvm_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.210",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.134",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Don\u0027t null dereference ops-\u003edestroy\n\nA KVM device cleanup happens in either of two callbacks:\n1) destroy() which is called when the VM is being destroyed;\n2) release() which is called when a device fd is closed.\n\nMost KVM devices use 1) but Book3s\u0027s interrupt controller KVM devices\n(XICS, XIVE, XIVE-native) use 2) as they need to close and reopen during\nthe machine execution. The error handling in kvm_ioctl_create_device()\nassumes destroy() is always defined which leads to NULL dereference as\ndiscovered by Syzkaller.\n\nThis adds a checks for destroy!=NULL and adds a missing release().\n\nThis is not changing kvm_destroy_devices() as devices with defined\nrelease() should have been removed from the KVM devices list by then."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:56:21.639Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/170465715a60cbb7876e6b961b21bd3225469da8"
},
{
"url": "https://git.kernel.org/stable/c/3616776bc51cd3262bb1be60cc01c72e0a1959cf"
},
{
"url": "https://git.kernel.org/stable/c/e91665fbbf3ccb268b268a7d71a6513538d813ac"
},
{
"url": "https://git.kernel.org/stable/c/d4a5a79b780891c5cbdfdc6124d46fdf8d13dba1"
},
{
"url": "https://git.kernel.org/stable/c/e8bc2427018826e02add7b0ed0fc625a60390ae5"
}
],
"title": "KVM: Don\u0027t null dereference ops-\u003edestroy",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49568",
"datePublished": "2025-02-26T02:23:12.722Z",
"dateReserved": "2025-02-26T02:21:30.410Z",
"dateUpdated": "2025-10-01T19:46:37.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47657 (GCVE-0-2021-47657)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()
If virtio_gpu_object_shmem_init() fails (e.g. due to fault injection, as it
happened in the bug report by syzbot), virtio_gpu_array_put_free() could be
called with objs equal to NULL.
Ensure that objs is not NULL in virtio_gpu_array_put_free(), or otherwise
return from the function.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 377f8331d0565e6f71ba081c894029a92d0c7e77 Version: 377f8331d0565e6f71ba081c894029a92d0c7e77 Version: 377f8331d0565e6f71ba081c894029a92d0c7e77 Version: 377f8331d0565e6f71ba081c894029a92d0c7e77 Version: 244dbb4abe123779ec30e7c6ca283a681aba5c94 Version: 1016c0f62f73d5d2c3a5d1ad1e1fb0cdce1993ae |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:10.176030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:06.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/virtio/virtgpu_gem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b094fece3810c71ceee6f0921676cb65d4e68c5a",
"status": "affected",
"version": "377f8331d0565e6f71ba081c894029a92d0c7e77",
"versionType": "git"
},
{
"lessThan": "ac92b474eeeed75b8660374ba1d129a121c09da8",
"status": "affected",
"version": "377f8331d0565e6f71ba081c894029a92d0c7e77",
"versionType": "git"
},
{
"lessThan": "abc9ad36df16e27ac1c665085157f1a082d39bac",
"status": "affected",
"version": "377f8331d0565e6f71ba081c894029a92d0c7e77",
"versionType": "git"
},
{
"lessThan": "6b79f96f4a23846516e5e6e4dd37fc06f43a60dd",
"status": "affected",
"version": "377f8331d0565e6f71ba081c894029a92d0c7e77",
"versionType": "git"
},
{
"status": "affected",
"version": "244dbb4abe123779ec30e7c6ca283a681aba5c94",
"versionType": "git"
},
{
"status": "affected",
"version": "1016c0f62f73d5d2c3a5d1ad1e1fb0cdce1993ae",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/virtio/virtgpu_gem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.32",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.18",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.1",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()\n\nIf virtio_gpu_object_shmem_init() fails (e.g. due to fault injection, as it\nhappened in the bug report by syzbot), virtio_gpu_array_put_free() could be\ncalled with objs equal to NULL.\n\nEnsure that objs is not NULL in virtio_gpu_array_put_free(), or otherwise\nreturn from the function."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:41:49.819Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b094fece3810c71ceee6f0921676cb65d4e68c5a"
},
{
"url": "https://git.kernel.org/stable/c/ac92b474eeeed75b8660374ba1d129a121c09da8"
},
{
"url": "https://git.kernel.org/stable/c/abc9ad36df16e27ac1c665085157f1a082d39bac"
},
{
"url": "https://git.kernel.org/stable/c/6b79f96f4a23846516e5e6e4dd37fc06f43a60dd"
}
],
"title": "drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47657",
"datePublished": "2025-02-26T01:54:20.727Z",
"dateReserved": "2025-02-26T01:48:21.521Z",
"dateUpdated": "2025-10-01T19:57:06.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49603 (GCVE-0-2022-49603)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ip: Fix data-races around sysctl_ip_fwd_update_priority.
While reading sysctl_ip_fwd_update_priority, it can be changed
concurrently. Thus, we need to add READ_ONCE() to its readers.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:35:11.593678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:51.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c",
"net/ipv4/ip_forward.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "11038fa781ab916535c53351537b22d6d405667d",
"status": "affected",
"version": "432e05d328921c68c35bfdeff7d7b7400b8e3d1a",
"versionType": "git"
},
{
"lessThan": "351f81f7d7185d18a9ff76f8f8c2fa8c4eea563b",
"status": "affected",
"version": "432e05d328921c68c35bfdeff7d7b7400b8e3d1a",
"versionType": "git"
},
{
"lessThan": "bcc03369d3277ae075ed421f0c8bf4adb5e65b74",
"status": "affected",
"version": "432e05d328921c68c35bfdeff7d7b7400b8e3d1a",
"versionType": "git"
},
{
"lessThan": "7bf9e18d9a5e99e3c83482973557e9f047b051e7",
"status": "affected",
"version": "432e05d328921c68c35bfdeff7d7b7400b8e3d1a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c",
"net/ipv4/ip_forward.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.134",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip: Fix data-races around sysctl_ip_fwd_update_priority.\n\nWhile reading sysctl_ip_fwd_update_priority, it can be changed\nconcurrently. Thus, we need to add READ_ONCE() to its readers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:35.651Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/11038fa781ab916535c53351537b22d6d405667d"
},
{
"url": "https://git.kernel.org/stable/c/351f81f7d7185d18a9ff76f8f8c2fa8c4eea563b"
},
{
"url": "https://git.kernel.org/stable/c/bcc03369d3277ae075ed421f0c8bf4adb5e65b74"
},
{
"url": "https://git.kernel.org/stable/c/7bf9e18d9a5e99e3c83482973557e9f047b051e7"
}
],
"title": "ip: Fix data-races around sysctl_ip_fwd_update_priority.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49603",
"datePublished": "2025-02-26T02:23:29.912Z",
"dateReserved": "2025-02-26T02:21:30.414Z",
"dateUpdated": "2025-10-01T19:36:51.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49467 (GCVE-0-2022-49467)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
drm_gem_object_lookup will call drm_gem_object_get inside. So cursor_bo
needs to be put when msm_gem_get_and_pin_iova fails.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e172d10a9c4acc69bb07cbe9142ded2df791ff1f Version: e172d10a9c4acc69bb07cbe9142ded2df791ff1f Version: e172d10a9c4acc69bb07cbe9142ded2df791ff1f Version: e172d10a9c4acc69bb07cbe9142ded2df791ff1f Version: e172d10a9c4acc69bb07cbe9142ded2df791ff1f Version: e172d10a9c4acc69bb07cbe9142ded2df791ff1f Version: e172d10a9c4acc69bb07cbe9142ded2df791ff1f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:56.029022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:46.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f8cd192752a1f613b14eee77783c6f0aebb49691",
"status": "affected",
"version": "e172d10a9c4acc69bb07cbe9142ded2df791ff1f",
"versionType": "git"
},
{
"lessThan": "449374565f349d4233beec811d4286fdfe5de44b",
"status": "affected",
"version": "e172d10a9c4acc69bb07cbe9142ded2df791ff1f",
"versionType": "git"
},
{
"lessThan": "656aa3c51fc662064f17179b38ec3ce43af53bca",
"status": "affected",
"version": "e172d10a9c4acc69bb07cbe9142ded2df791ff1f",
"versionType": "git"
},
{
"lessThan": "33546183c16c7b9650682dc610bedd732d9c6919",
"status": "affected",
"version": "e172d10a9c4acc69bb07cbe9142ded2df791ff1f",
"versionType": "git"
},
{
"lessThan": "d544880482a5558ec06393b1b3d5dc9275b7a32b",
"status": "affected",
"version": "e172d10a9c4acc69bb07cbe9142ded2df791ff1f",
"versionType": "git"
},
{
"lessThan": "d63ffe3fb3f8327ca21cf91b6a14a2961bc629b4",
"status": "affected",
"version": "e172d10a9c4acc69bb07cbe9142ded2df791ff1f",
"versionType": "git"
},
{
"lessThan": "947a844bb3ebff0f4736d244d792ce129f6700d7",
"status": "affected",
"version": "e172d10a9c4acc69bb07cbe9142ded2df791ff1f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: msm: fix possible memory leak in mdp5_crtc_cursor_set()\n\ndrm_gem_object_lookup will call drm_gem_object_get inside. So cursor_bo\nneeds to be put when msm_gem_get_and_pin_iova fails."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:21.613Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f8cd192752a1f613b14eee77783c6f0aebb49691"
},
{
"url": "https://git.kernel.org/stable/c/449374565f349d4233beec811d4286fdfe5de44b"
},
{
"url": "https://git.kernel.org/stable/c/656aa3c51fc662064f17179b38ec3ce43af53bca"
},
{
"url": "https://git.kernel.org/stable/c/33546183c16c7b9650682dc610bedd732d9c6919"
},
{
"url": "https://git.kernel.org/stable/c/d544880482a5558ec06393b1b3d5dc9275b7a32b"
},
{
"url": "https://git.kernel.org/stable/c/d63ffe3fb3f8327ca21cf91b6a14a2961bc629b4"
},
{
"url": "https://git.kernel.org/stable/c/947a844bb3ebff0f4736d244d792ce129f6700d7"
}
],
"title": "drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49467",
"datePublished": "2025-02-26T02:13:12.022Z",
"dateReserved": "2025-02-26T02:08:31.577Z",
"dateUpdated": "2025-10-01T19:46:46.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49404 (GCVE-0-2022-49404)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hfi1: Fix potential integer multiplication overflow errors
When multiplying of different types, an overflow is possible even when
storing the result in a larger type. This is because the conversion is
done after the multiplication. So arithmetic overflow and thus in
incorrect value is possible.
Correct an instance of this in the inter packet delay calculation. Fix by
ensuring one of the operands is u64 which will promote the other to u64 as
well ensuring no overflow.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:18.630336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:50.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "252f4afd4557a2e7075f793a5c80fe6dd9e9ee4a",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "a89cb7ddf6a89bab6012e19da38b7cdb26175c19",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "79c164e61f818054cd6012e9035701840d895c51",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "8858284dd74906fa00f04f0252c75df4893a7959",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "31dca00d0cc9f4133320d72eb7e3720badc6d6e6",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "3f09ec80f115d2875d747ed28adc1773037e0f8b",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "06039d8afefdbac05bcea5f397188407eba2996d",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "ef5ab2e48a5f9960e2352332b7cdb7064bb49032",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "f93e91a0372c922c20d5bee260b0f43b4b8a1bee",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Fix potential integer multiplication overflow errors\n\nWhen multiplying of different types, an overflow is possible even when\nstoring the result in a larger type. This is because the conversion is\ndone after the multiplication. So arithmetic overflow and thus in\nincorrect value is possible.\n\nCorrect an instance of this in the inter packet delay calculation. Fix by\nensuring one of the operands is u64 which will promote the other to u64 as\nwell ensuring no overflow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:57.111Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/252f4afd4557a2e7075f793a5c80fe6dd9e9ee4a"
},
{
"url": "https://git.kernel.org/stable/c/a89cb7ddf6a89bab6012e19da38b7cdb26175c19"
},
{
"url": "https://git.kernel.org/stable/c/79c164e61f818054cd6012e9035701840d895c51"
},
{
"url": "https://git.kernel.org/stable/c/8858284dd74906fa00f04f0252c75df4893a7959"
},
{
"url": "https://git.kernel.org/stable/c/31dca00d0cc9f4133320d72eb7e3720badc6d6e6"
},
{
"url": "https://git.kernel.org/stable/c/3f09ec80f115d2875d747ed28adc1773037e0f8b"
},
{
"url": "https://git.kernel.org/stable/c/06039d8afefdbac05bcea5f397188407eba2996d"
},
{
"url": "https://git.kernel.org/stable/c/ef5ab2e48a5f9960e2352332b7cdb7064bb49032"
},
{
"url": "https://git.kernel.org/stable/c/f93e91a0372c922c20d5bee260b0f43b4b8a1bee"
}
],
"title": "RDMA/hfi1: Fix potential integer multiplication overflow errors",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49404",
"datePublished": "2025-02-26T02:12:30.123Z",
"dateReserved": "2025-02-26T02:08:31.565Z",
"dateUpdated": "2025-10-01T19:46:50.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49337 (GCVE-0-2022-49337)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
When user_dlm_destroy_lock failed, it didn't clean up the flags it set
before exit. For USER_LOCK_IN_TEARDOWN, if this function fails because of
lock is still in used, next time when unlink invokes this function, it
will return succeed, and then unlink will remove inode and dentry if lock
is not in used(file closed), but the dlm lock is still linked in dlm lock
resource, then when bast come in, it will trigger a panic due to
user-after-free. See the following panic call trace. To fix this,
USER_LOCK_IN_TEARDOWN should be reverted if fail. And also error should
be returned if USER_LOCK_IN_TEARDOWN is set to let user know that unlink
fail.
For the case of ocfs2_dlm_unlock failure, besides USER_LOCK_IN_TEARDOWN,
USER_LOCK_BUSY is also required to be cleared. Even though spin lock is
released in between, but USER_LOCK_IN_TEARDOWN is still set, for
USER_LOCK_BUSY, if before every place that waits on this flag,
USER_LOCK_IN_TEARDOWN is checked to bail out, that will make sure no flow
waits on the busy flag set by user_dlm_destroy_lock(), then we can
simplely revert USER_LOCK_BUSY when ocfs2_dlm_unlock fails. Fix
user_dlm_cluster_lock() which is the only function not following this.
[ 941.336392] (python,26174,16):dlmfs_unlink:562 ERROR: unlink
004fb0000060000b5a90b8c847b72e1, error -16 from destroy
[ 989.757536] ------------[ cut here ]------------
[ 989.757709] kernel BUG at fs/ocfs2/dlmfs/userdlm.c:173!
[ 989.757876] invalid opcode: 0000 [#1] SMP
[ 989.758027] Modules linked in: ksplice_2zhuk2jr_ib_ipoib_new(O)
ksplice_2zhuk2jr(O) mptctl mptbase xen_netback xen_blkback xen_gntalloc
xen_gntdev xen_evtchn cdc_ether usbnet mii ocfs2 jbd2 rpcsec_gss_krb5
auth_rpcgss nfsv4 nfsv3 nfs_acl nfs fscache lockd grace ocfs2_dlmfs
ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs bnx2fc
fcoe libfcoe libfc scsi_transport_fc sunrpc ipmi_devintf bridge stp llc
rds_rdma rds bonding ib_sdp ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad
rdma_cm ib_cm iw_cm falcon_lsm_serviceable(PE) falcon_nf_netcontain(PE)
mlx4_vnic falcon_kal(E) falcon_lsm_pinned_13402(E) mlx4_ib ib_sa ib_mad
ib_core ib_addr xenfs xen_privcmd dm_multipath iTCO_wdt iTCO_vendor_support
pcspkr sb_edac edac_core i2c_i801 lpc_ich mfd_core ipmi_ssif i2c_core ipmi_si
ipmi_msghandler
[ 989.760686] ioatdma sg ext3 jbd mbcache sd_mod ahci libahci ixgbe dca ptp
pps_core vxlan udp_tunnel ip6_udp_tunnel megaraid_sas mlx4_core crc32c_intel
be2iscsi bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi ipv6 cxgb3 mdio
libiscsi_tcp qla4xxx iscsi_boot_sysfs libiscsi scsi_transport_iscsi wmi
dm_mirror dm_region_hash dm_log dm_mod [last unloaded:
ksplice_2zhuk2jr_ib_ipoib_old]
[ 989.761987] CPU: 10 PID: 19102 Comm: dlm_thread Tainted: P OE
4.1.12-124.57.1.el6uek.x86_64 #2
[ 989.762290] Hardware name: Oracle Corporation ORACLE SERVER
X5-2/ASM,MOTHERBOARD,1U, BIOS 30350100 06/17/2021
[ 989.762599] task: ffff880178af6200 ti: ffff88017f7c8000 task.ti:
ffff88017f7c8000
[ 989.762848] RIP: e030:[<ffffffffc07d4316>] [<ffffffffc07d4316>]
__user_dlm_queue_lockres.part.4+0x76/0x80 [ocfs2_dlmfs]
[ 989.763185] RSP: e02b:ffff88017f7cbcb8 EFLAGS: 00010246
[ 989.763353] RAX: 0000000000000000 RBX: ffff880174d48008 RCX:
0000000000000003
[ 989.763565] RDX: 0000000000120012 RSI: 0000000000000003 RDI:
ffff880174d48170
[ 989.763778] RBP: ffff88017f7cbcc8 R08: ffff88021f4293b0 R09:
0000000000000000
[ 989.763991] R10: ffff880179c8c000 R11: 0000000000000003 R12:
ffff880174d48008
[ 989.764204] R13: 0000000000000003 R14: ffff880179c8c000 R15:
ffff88021db7a000
[ 989.764422] FS: 0000000000000000(0000) GS:ffff880247480000(0000)
knlGS:ffff880247480000
[ 989.764685] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 989.764865] CR2: ffff8000007f6800 CR3: 0000000001ae0000 CR4:
0000000000042660
[ 989.765081] Stack:
[ 989.765167] 00000000000
---truncated---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/dlmfs/userdlm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1434cd71ad9f3a6beda3036972983b6c4869207c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "02480e2e82ae0e5588374bbbcf4fa6e4959fa174",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "733a35c00ef363a1c774d7ea486e0735b7c13a15",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "82bf8e7271fade40184177cb406203addc34c4a0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "337e36550788dbe03254f0593a231c1c4873b20d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9c96238fac045b289993d7bc5aae7b2d72b25c76",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "efb54ec548829e1d3605f0434526f86e345b1b28",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2c5e26a626fe46675bceba853e12aaf13c712e10",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "863e0d81b6683c4cbc588ad831f560c90e494bef",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ocfs2/dlmfs/userdlm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: dlmfs: fix error handling of user_dlm_destroy_lock\n\nWhen user_dlm_destroy_lock failed, it didn\u0027t clean up the flags it set\nbefore exit. For USER_LOCK_IN_TEARDOWN, if this function fails because of\nlock is still in used, next time when unlink invokes this function, it\nwill return succeed, and then unlink will remove inode and dentry if lock\nis not in used(file closed), but the dlm lock is still linked in dlm lock\nresource, then when bast come in, it will trigger a panic due to\nuser-after-free. See the following panic call trace. To fix this,\nUSER_LOCK_IN_TEARDOWN should be reverted if fail. And also error should\nbe returned if USER_LOCK_IN_TEARDOWN is set to let user know that unlink\nfail.\n\nFor the case of ocfs2_dlm_unlock failure, besides USER_LOCK_IN_TEARDOWN,\nUSER_LOCK_BUSY is also required to be cleared. Even though spin lock is\nreleased in between, but USER_LOCK_IN_TEARDOWN is still set, for\nUSER_LOCK_BUSY, if before every place that waits on this flag,\nUSER_LOCK_IN_TEARDOWN is checked to bail out, that will make sure no flow\nwaits on the busy flag set by user_dlm_destroy_lock(), then we can\nsimplely revert USER_LOCK_BUSY when ocfs2_dlm_unlock fails. Fix\nuser_dlm_cluster_lock() which is the only function not following this.\n\n[ 941.336392] (python,26174,16):dlmfs_unlink:562 ERROR: unlink\n004fb0000060000b5a90b8c847b72e1, error -16 from destroy\n[ 989.757536] ------------[ cut here ]------------\n[ 989.757709] kernel BUG at fs/ocfs2/dlmfs/userdlm.c:173!\n[ 989.757876] invalid opcode: 0000 [#1] SMP\n[ 989.758027] Modules linked in: ksplice_2zhuk2jr_ib_ipoib_new(O)\nksplice_2zhuk2jr(O) mptctl mptbase xen_netback xen_blkback xen_gntalloc\nxen_gntdev xen_evtchn cdc_ether usbnet mii ocfs2 jbd2 rpcsec_gss_krb5\nauth_rpcgss nfsv4 nfsv3 nfs_acl nfs fscache lockd grace ocfs2_dlmfs\nocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs bnx2fc\nfcoe libfcoe libfc scsi_transport_fc sunrpc ipmi_devintf bridge stp llc\nrds_rdma rds bonding ib_sdp ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad\nrdma_cm ib_cm iw_cm falcon_lsm_serviceable(PE) falcon_nf_netcontain(PE)\nmlx4_vnic falcon_kal(E) falcon_lsm_pinned_13402(E) mlx4_ib ib_sa ib_mad\nib_core ib_addr xenfs xen_privcmd dm_multipath iTCO_wdt iTCO_vendor_support\npcspkr sb_edac edac_core i2c_i801 lpc_ich mfd_core ipmi_ssif i2c_core ipmi_si\nipmi_msghandler\n[ 989.760686] ioatdma sg ext3 jbd mbcache sd_mod ahci libahci ixgbe dca ptp\npps_core vxlan udp_tunnel ip6_udp_tunnel megaraid_sas mlx4_core crc32c_intel\nbe2iscsi bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi ipv6 cxgb3 mdio\nlibiscsi_tcp qla4xxx iscsi_boot_sysfs libiscsi scsi_transport_iscsi wmi\ndm_mirror dm_region_hash dm_log dm_mod [last unloaded:\nksplice_2zhuk2jr_ib_ipoib_old]\n[ 989.761987] CPU: 10 PID: 19102 Comm: dlm_thread Tainted: P OE\n4.1.12-124.57.1.el6uek.x86_64 #2\n[ 989.762290] Hardware name: Oracle Corporation ORACLE SERVER\nX5-2/ASM,MOTHERBOARD,1U, BIOS 30350100 06/17/2021\n[ 989.762599] task: ffff880178af6200 ti: ffff88017f7c8000 task.ti:\nffff88017f7c8000\n[ 989.762848] RIP: e030:[\u003cffffffffc07d4316\u003e] [\u003cffffffffc07d4316\u003e]\n__user_dlm_queue_lockres.part.4+0x76/0x80 [ocfs2_dlmfs]\n[ 989.763185] RSP: e02b:ffff88017f7cbcb8 EFLAGS: 00010246\n[ 989.763353] RAX: 0000000000000000 RBX: ffff880174d48008 RCX:\n0000000000000003\n[ 989.763565] RDX: 0000000000120012 RSI: 0000000000000003 RDI:\nffff880174d48170\n[ 989.763778] RBP: ffff88017f7cbcc8 R08: ffff88021f4293b0 R09:\n0000000000000000\n[ 989.763991] R10: ffff880179c8c000 R11: 0000000000000003 R12:\nffff880174d48008\n[ 989.764204] R13: 0000000000000003 R14: ffff880179c8c000 R15:\nffff88021db7a000\n[ 989.764422] FS: 0000000000000000(0000) GS:ffff880247480000(0000)\nknlGS:ffff880247480000\n[ 989.764685] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 989.764865] CR2: ffff8000007f6800 CR3: 0000000001ae0000 CR4:\n0000000000042660\n[ 989.765081] Stack:\n[ 989.765167] 00000000000\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:29.871Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1434cd71ad9f3a6beda3036972983b6c4869207c"
},
{
"url": "https://git.kernel.org/stable/c/02480e2e82ae0e5588374bbbcf4fa6e4959fa174"
},
{
"url": "https://git.kernel.org/stable/c/733a35c00ef363a1c774d7ea486e0735b7c13a15"
},
{
"url": "https://git.kernel.org/stable/c/82bf8e7271fade40184177cb406203addc34c4a0"
},
{
"url": "https://git.kernel.org/stable/c/337e36550788dbe03254f0593a231c1c4873b20d"
},
{
"url": "https://git.kernel.org/stable/c/9c96238fac045b289993d7bc5aae7b2d72b25c76"
},
{
"url": "https://git.kernel.org/stable/c/efb54ec548829e1d3605f0434526f86e345b1b28"
},
{
"url": "https://git.kernel.org/stable/c/2c5e26a626fe46675bceba853e12aaf13c712e10"
},
{
"url": "https://git.kernel.org/stable/c/863e0d81b6683c4cbc588ad831f560c90e494bef"
}
],
"title": "ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49337",
"datePublished": "2025-02-26T02:10:55.696Z",
"dateReserved": "2025-02-26T02:08:31.539Z",
"dateUpdated": "2025-05-04T08:35:29.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49279 (GCVE-0-2022-49279)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFSD: prevent integer overflow on 32 bit systems
On a 32 bit system, the "len * sizeof(*p)" operation can have an
integer overflow.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:45:26.432021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:01.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/sunrpc/xdr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3a2789e8ccb4a3e2a631f6817a2d3bb98b8c4fd8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ce1aa09cc14ed625104acc2d487bd92b9a88efe2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7af164fa2f1abc577d357d22d83a2f3490875d7e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "303cd6173dce0a28d26526c77814eb90a41bd898",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "79b1c54fc6ce09ee0d5fe088bb3de26ae2150e3c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e4195d27306ea468a6dc3a27af6f586709951229",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "23a9dbbe0faf124fc4c139615633b9d12a3a89ef",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/sunrpc/xdr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: prevent integer overflow on 32 bit systems\n\nOn a 32 bit system, the \"len * sizeof(*p)\" operation can have an\ninteger overflow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:03.361Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3a2789e8ccb4a3e2a631f6817a2d3bb98b8c4fd8"
},
{
"url": "https://git.kernel.org/stable/c/ce1aa09cc14ed625104acc2d487bd92b9a88efe2"
},
{
"url": "https://git.kernel.org/stable/c/7af164fa2f1abc577d357d22d83a2f3490875d7e"
},
{
"url": "https://git.kernel.org/stable/c/303cd6173dce0a28d26526c77814eb90a41bd898"
},
{
"url": "https://git.kernel.org/stable/c/79b1c54fc6ce09ee0d5fe088bb3de26ae2150e3c"
},
{
"url": "https://git.kernel.org/stable/c/e4195d27306ea468a6dc3a27af6f586709951229"
},
{
"url": "https://git.kernel.org/stable/c/23a9dbbe0faf124fc4c139615633b9d12a3a89ef"
}
],
"title": "NFSD: prevent integer overflow on 32 bit systems",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49279",
"datePublished": "2025-02-26T01:56:22.051Z",
"dateReserved": "2025-02-26T01:49:39.298Z",
"dateUpdated": "2025-10-01T19:47:01.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49283 (GCVE-0-2022-49283)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: sysfb: fix platform-device leak in error path
Make sure to free the platform device also in the unlikely event that
registration fails.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/sysfb_simplefb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b3e38f939ab4d0d86f56bff3362c3f88c4b2ad32",
"status": "affected",
"version": "8633ef82f101c040427b57d4df7b706261420b94",
"versionType": "git"
},
{
"lessThan": "bb7fcbe80a013dc883181dc818c407d38558f76c",
"status": "affected",
"version": "8633ef82f101c040427b57d4df7b706261420b94",
"versionType": "git"
},
{
"lessThan": "fed4df558b8cdb6f3beea38a7c977f118f082b0d",
"status": "affected",
"version": "8633ef82f101c040427b57d4df7b706261420b94",
"versionType": "git"
},
{
"lessThan": "202c08914ba50dd324e42d5ad99535a89f242560",
"status": "affected",
"version": "8633ef82f101c040427b57d4df7b706261420b94",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/sysfb_simplefb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: sysfb: fix platform-device leak in error path\n\nMake sure to free the platform device also in the unlikely event that\nregistration fails."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:12.930Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b3e38f939ab4d0d86f56bff3362c3f88c4b2ad32"
},
{
"url": "https://git.kernel.org/stable/c/bb7fcbe80a013dc883181dc818c407d38558f76c"
},
{
"url": "https://git.kernel.org/stable/c/fed4df558b8cdb6f3beea38a7c977f118f082b0d"
},
{
"url": "https://git.kernel.org/stable/c/202c08914ba50dd324e42d5ad99535a89f242560"
}
],
"title": "firmware: sysfb: fix platform-device leak in error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49283",
"datePublished": "2025-02-26T01:56:24.155Z",
"dateReserved": "2025-02-26T01:49:39.298Z",
"dateUpdated": "2025-05-04T08:34:12.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49111 (GCVE-0-2022-49111)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix use after free in hci_send_acl
This fixes the following trace caused by receiving
HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without
first checking if conn->type is in fact AMP_LINK and in case it is
do properly cleanup upper layers with hci_disconn_cfm:
==================================================================
BUG: KASAN: use-after-free in hci_send_acl+0xaba/0xc50
Read of size 8 at addr ffff88800e404818 by task bluetoothd/142
CPU: 0 PID: 142 Comm: bluetoothd Not tainted
5.17.0-rc5-00006-gda4022eeac1a #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x45/0x59
print_address_description.constprop.0+0x1f/0x150
kasan_report.cold+0x7f/0x11b
hci_send_acl+0xaba/0xc50
l2cap_do_send+0x23f/0x3d0
l2cap_chan_send+0xc06/0x2cc0
l2cap_sock_sendmsg+0x201/0x2b0
sock_sendmsg+0xdc/0x110
sock_write_iter+0x20f/0x370
do_iter_readv_writev+0x343/0x690
do_iter_write+0x132/0x640
vfs_writev+0x198/0x570
do_writev+0x202/0x280
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
RSP: 002b:00007ffce8a099b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3
0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 14 00 00 00 0f 05
<48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
RDX: 0000000000000001 RSI: 00007ffce8a099e0 RDI: 0000000000000015
RAX: ffffffffffffffda RBX: 00007ffce8a099e0 RCX: 00007f788fc3cf77
R10: 00007ffce8af7080 R11: 0000000000000246 R12: 000055e4ccf75580
RBP: 0000000000000015 R08: 0000000000000002 R09: 0000000000000001
</TASK>
R13: 000055e4ccf754a0 R14: 000055e4ccf75cd0 R15: 000055e4ccf4a6b0
Allocated by task 45:
kasan_save_stack+0x1e/0x40
__kasan_kmalloc+0x81/0xa0
hci_chan_create+0x9a/0x2f0
l2cap_conn_add.part.0+0x1a/0xdc0
l2cap_connect_cfm+0x236/0x1000
le_conn_complete_evt+0x15a7/0x1db0
hci_le_conn_complete_evt+0x226/0x2c0
hci_le_meta_evt+0x247/0x450
hci_event_packet+0x61b/0xe90
hci_rx_work+0x4d5/0xc50
process_one_work+0x8fb/0x15a0
worker_thread+0x576/0x1240
kthread+0x29d/0x340
ret_from_fork+0x1f/0x30
Freed by task 45:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
kasan_set_free_info+0x20/0x30
__kasan_slab_free+0xfb/0x130
kfree+0xac/0x350
hci_conn_cleanup+0x101/0x6a0
hci_conn_del+0x27e/0x6c0
hci_disconn_phylink_complete_evt+0xe0/0x120
hci_event_packet+0x812/0xe90
hci_rx_work+0x4d5/0xc50
process_one_work+0x8fb/0x15a0
worker_thread+0x576/0x1240
kthread+0x29d/0x340
ret_from_fork+0x1f/0x30
The buggy address belongs to the object at ffff88800c0f0500
The buggy address is located 24 bytes inside of
which belongs to the cache kmalloc-128 of size 128
The buggy address belongs to the page:
128-byte region [ffff88800c0f0500, ffff88800c0f0580)
flags: 0x100000000000200(slab|node=0|zone=1)
page:00000000fe45cd86 refcount:1 mapcount:0
mapping:0000000000000000 index:0x0 pfn:0xc0f0
raw: 0000000000000000 0000000080100010 00000001ffffffff
0000000000000000
raw: 0100000000000200 ffffea00003a2c80 dead000000000004
ffff8880078418c0
page dumped because: kasan: bad access detected
ffff88800c0f0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
Memory state around the buggy address:
>ffff88800c0f0500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88800c0f0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88800c0f0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
---truncated---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:17:22.265818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:35.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c41de54b0a963e59e4dd04c029a4a6d73f45ef9c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "643a6c26bd32e339d00ad97b8822b6db009e803c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "684e505406abaeabe0058e9776f9210bf2747953",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3803d896ddd97c7c16689a5381c0960040727647",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2cc803804ec9a296b3156855d6c8c4ca1c6b84be",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d404765dffdbd8dcd14758695d0c96c52fb2e624",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4da302b90b96c309987eb9b37c8547f939f042d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b3c2ea1fd444b3bb7b82bfd2c3a45418f85c2502",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f63d24baff787e13b723d86fe036f84bdbc35045",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix use after free in hci_send_acl\n\nThis fixes the following trace caused by receiving\nHCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without\nfirst checking if conn-\u003etype is in fact AMP_LINK and in case it is\ndo properly cleanup upper layers with hci_disconn_cfm:\n\n ==================================================================\n BUG: KASAN: use-after-free in hci_send_acl+0xaba/0xc50\n Read of size 8 at addr ffff88800e404818 by task bluetoothd/142\n\n CPU: 0 PID: 142 Comm: bluetoothd Not tainted\n 5.17.0-rc5-00006-gda4022eeac1a #7\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x45/0x59\n print_address_description.constprop.0+0x1f/0x150\n kasan_report.cold+0x7f/0x11b\n hci_send_acl+0xaba/0xc50\n l2cap_do_send+0x23f/0x3d0\n l2cap_chan_send+0xc06/0x2cc0\n l2cap_sock_sendmsg+0x201/0x2b0\n sock_sendmsg+0xdc/0x110\n sock_write_iter+0x20f/0x370\n do_iter_readv_writev+0x343/0x690\n do_iter_write+0x132/0x640\n vfs_writev+0x198/0x570\n do_writev+0x202/0x280\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RSP: 002b:00007ffce8a099b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\n Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3\n 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 14 00 00 00 0f 05\n \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10\n RDX: 0000000000000001 RSI: 00007ffce8a099e0 RDI: 0000000000000015\n RAX: ffffffffffffffda RBX: 00007ffce8a099e0 RCX: 00007f788fc3cf77\n R10: 00007ffce8af7080 R11: 0000000000000246 R12: 000055e4ccf75580\n RBP: 0000000000000015 R08: 0000000000000002 R09: 0000000000000001\n \u003c/TASK\u003e\n R13: 000055e4ccf754a0 R14: 000055e4ccf75cd0 R15: 000055e4ccf4a6b0\n\n Allocated by task 45:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x81/0xa0\n hci_chan_create+0x9a/0x2f0\n l2cap_conn_add.part.0+0x1a/0xdc0\n l2cap_connect_cfm+0x236/0x1000\n le_conn_complete_evt+0x15a7/0x1db0\n hci_le_conn_complete_evt+0x226/0x2c0\n hci_le_meta_evt+0x247/0x450\n hci_event_packet+0x61b/0xe90\n hci_rx_work+0x4d5/0xc50\n process_one_work+0x8fb/0x15a0\n worker_thread+0x576/0x1240\n kthread+0x29d/0x340\n ret_from_fork+0x1f/0x30\n\n Freed by task 45:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_set_free_info+0x20/0x30\n __kasan_slab_free+0xfb/0x130\n kfree+0xac/0x350\n hci_conn_cleanup+0x101/0x6a0\n hci_conn_del+0x27e/0x6c0\n hci_disconn_phylink_complete_evt+0xe0/0x120\n hci_event_packet+0x812/0xe90\n hci_rx_work+0x4d5/0xc50\n process_one_work+0x8fb/0x15a0\n worker_thread+0x576/0x1240\n kthread+0x29d/0x340\n ret_from_fork+0x1f/0x30\n\n The buggy address belongs to the object at ffff88800c0f0500\n The buggy address is located 24 bytes inside of\n which belongs to the cache kmalloc-128 of size 128\n The buggy address belongs to the page:\n 128-byte region [ffff88800c0f0500, ffff88800c0f0580)\n flags: 0x100000000000200(slab|node=0|zone=1)\n page:00000000fe45cd86 refcount:1 mapcount:0\n mapping:0000000000000000 index:0x0 pfn:0xc0f0\n raw: 0000000000000000 0000000080100010 00000001ffffffff\n 0000000000000000\n raw: 0100000000000200 ffffea00003a2c80 dead000000000004\n ffff8880078418c0\n page dumped because: kasan: bad access detected\n ffff88800c0f0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc\n Memory state around the buggy address:\n \u003effff88800c0f0500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff88800c0f0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffff88800c0f0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:07.124Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c41de54b0a963e59e4dd04c029a4a6d73f45ef9c"
},
{
"url": "https://git.kernel.org/stable/c/643a6c26bd32e339d00ad97b8822b6db009e803c"
},
{
"url": "https://git.kernel.org/stable/c/684e505406abaeabe0058e9776f9210bf2747953"
},
{
"url": "https://git.kernel.org/stable/c/3803d896ddd97c7c16689a5381c0960040727647"
},
{
"url": "https://git.kernel.org/stable/c/2cc803804ec9a296b3156855d6c8c4ca1c6b84be"
},
{
"url": "https://git.kernel.org/stable/c/d404765dffdbd8dcd14758695d0c96c52fb2e624"
},
{
"url": "https://git.kernel.org/stable/c/4da302b90b96c309987eb9b37c8547f939f042d2"
},
{
"url": "https://git.kernel.org/stable/c/b3c2ea1fd444b3bb7b82bfd2c3a45418f85c2502"
},
{
"url": "https://git.kernel.org/stable/c/f63d24baff787e13b723d86fe036f84bdbc35045"
}
],
"title": "Bluetooth: Fix use after free in hci_send_acl",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49111",
"datePublished": "2025-02-26T01:54:56.622Z",
"dateReserved": "2025-02-26T01:49:39.261Z",
"dateUpdated": "2025-05-04T08:30:07.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49442 (GCVE-0-2022-49442)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers/base/node.c: fix compaction sysfs file leak
Compaction sysfs file is created via compaction_register_node in
register_node. But we forgot to remove it in unregister_node. Thus
compaction sysfs file is leaked. Using compaction_unregister_node to fix
this issue.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 Version: ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 Version: ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 Version: ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 Version: ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 Version: ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 Version: ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 Version: ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 Version: ed4a6d7f0676db50b5023cc01f6cda82a2f2a307 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/node.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "39642b0feddb9c39faa6de469a94bfeb4dc0d3a9",
"status": "affected",
"version": "ed4a6d7f0676db50b5023cc01f6cda82a2f2a307",
"versionType": "git"
},
{
"lessThan": "606732650a2c88e66c59c22dd5464ea0d820250e",
"status": "affected",
"version": "ed4a6d7f0676db50b5023cc01f6cda82a2f2a307",
"versionType": "git"
},
{
"lessThan": "f76ddc8fcf6d81fe89bfa4d3efcbc4fe69a91d48",
"status": "affected",
"version": "ed4a6d7f0676db50b5023cc01f6cda82a2f2a307",
"versionType": "git"
},
{
"lessThan": "386e69e068177ee91cac27f2f0e6ebda1515f5ca",
"status": "affected",
"version": "ed4a6d7f0676db50b5023cc01f6cda82a2f2a307",
"versionType": "git"
},
{
"lessThan": "d8a5bdc767f17281da648555cdbd286f98fd98ee",
"status": "affected",
"version": "ed4a6d7f0676db50b5023cc01f6cda82a2f2a307",
"versionType": "git"
},
{
"lessThan": "b3fcf1f583b1a0946d9d9bfb7362c9c186801775",
"status": "affected",
"version": "ed4a6d7f0676db50b5023cc01f6cda82a2f2a307",
"versionType": "git"
},
{
"lessThan": "466134df7561aeb801baddf6666b512e0e1a1707",
"status": "affected",
"version": "ed4a6d7f0676db50b5023cc01f6cda82a2f2a307",
"versionType": "git"
},
{
"lessThan": "6905be93d1ab54f73718047536fec0ca488d5315",
"status": "affected",
"version": "ed4a6d7f0676db50b5023cc01f6cda82a2f2a307",
"versionType": "git"
},
{
"lessThan": "da63dc84befaa9e6079a0bc363ff0eaa975f9073",
"status": "affected",
"version": "ed4a6d7f0676db50b5023cc01f6cda82a2f2a307",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/node.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/base/node.c: fix compaction sysfs file leak\n\nCompaction sysfs file is created via compaction_register_node in\nregister_node. But we forgot to remove it in unregister_node. Thus\ncompaction sysfs file is leaked. Using compaction_unregister_node to fix\nthis issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:50.130Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/39642b0feddb9c39faa6de469a94bfeb4dc0d3a9"
},
{
"url": "https://git.kernel.org/stable/c/606732650a2c88e66c59c22dd5464ea0d820250e"
},
{
"url": "https://git.kernel.org/stable/c/f76ddc8fcf6d81fe89bfa4d3efcbc4fe69a91d48"
},
{
"url": "https://git.kernel.org/stable/c/386e69e068177ee91cac27f2f0e6ebda1515f5ca"
},
{
"url": "https://git.kernel.org/stable/c/d8a5bdc767f17281da648555cdbd286f98fd98ee"
},
{
"url": "https://git.kernel.org/stable/c/b3fcf1f583b1a0946d9d9bfb7362c9c186801775"
},
{
"url": "https://git.kernel.org/stable/c/466134df7561aeb801baddf6666b512e0e1a1707"
},
{
"url": "https://git.kernel.org/stable/c/6905be93d1ab54f73718047536fec0ca488d5315"
},
{
"url": "https://git.kernel.org/stable/c/da63dc84befaa9e6079a0bc363ff0eaa975f9073"
}
],
"title": "drivers/base/node.c: fix compaction sysfs file leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49442",
"datePublished": "2025-02-26T02:12:55.291Z",
"dateReserved": "2025-02-26T02:08:31.571Z",
"dateUpdated": "2025-05-04T08:37:50.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47636 (GCVE-0-2021-47636)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
Function ubifs_wbuf_write_nolock() may access buf out of bounds in
following process:
ubifs_wbuf_write_nolock():
aligned_len = ALIGN(len, 8); // Assume len = 4089, aligned_len = 4096
if (aligned_len <= wbuf->avail) ... // Not satisfy
if (wbuf->used) {
ubifs_leb_write() // Fill some data in avail wbuf
len -= wbuf->avail; // len is still not 8-bytes aligned
aligned_len -= wbuf->avail;
}
n = aligned_len >> c->max_write_shift;
if (n) {
n <<= c->max_write_shift;
err = ubifs_leb_write(c, wbuf->lnum, buf + written,
wbuf->offs, n);
// n > len, read out of bounds less than 8(n-len) bytes
}
, which can be catched by KASAN:
=========================================================
BUG: KASAN: slab-out-of-bounds in ecc_sw_hamming_calculate+0x1dc/0x7d0
Read of size 4 at addr ffff888105594ff8 by task kworker/u8:4/128
Workqueue: writeback wb_workfn (flush-ubifs_0_0)
Call Trace:
kasan_report.cold+0x81/0x165
nand_write_page_swecc+0xa9/0x160
ubifs_leb_write+0xf2/0x1b0 [ubifs]
ubifs_wbuf_write_nolock+0x421/0x12c0 [ubifs]
write_head+0xdc/0x1c0 [ubifs]
ubifs_jnl_write_inode+0x627/0x960 [ubifs]
wb_workfn+0x8af/0xb80
Function ubifs_wbuf_write_nolock() accepts that parameter 'len' is not 8
bytes aligned, the 'len' represents the true length of buf (which is
allocated in 'ubifs_jnl_xxx', eg. ubifs_jnl_write_inode), so
ubifs_wbuf_write_nolock() must handle the length read from 'buf' carefully
to write leb safely.
Fetch a reproducer in [Link].
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d Version: 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:54.449259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:08.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ubifs/io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5343575aa11c5d7044107d59d43f84aec01312b0",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "b80ccbec0e4804436c382d7dd60e943c386ed83a",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "07a209fadee7b53b46858538e1177597273862e4",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "a7054aaf1909cf40489c0ec1b728fdcf79c751a6",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "e09fa5318d51f522e1af4fbaf8f74999355980c8",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "3b7fb89135a20587d57f8877c02e25003e9edbdf",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
},
{
"lessThan": "4f2262a334641e05f645364d5ade1f565c85f20b",
"status": "affected",
"version": "1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ubifs/io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()\n\nFunction ubifs_wbuf_write_nolock() may access buf out of bounds in\nfollowing process:\n\nubifs_wbuf_write_nolock():\n aligned_len = ALIGN(len, 8); // Assume len = 4089, aligned_len = 4096\n if (aligned_len \u003c= wbuf-\u003eavail) ... // Not satisfy\n if (wbuf-\u003eused) {\n ubifs_leb_write() // Fill some data in avail wbuf\n len -= wbuf-\u003eavail; // len is still not 8-bytes aligned\n aligned_len -= wbuf-\u003eavail;\n }\n n = aligned_len \u003e\u003e c-\u003emax_write_shift;\n if (n) {\n n \u003c\u003c= c-\u003emax_write_shift;\n err = ubifs_leb_write(c, wbuf-\u003elnum, buf + written,\n wbuf-\u003eoffs, n);\n // n \u003e len, read out of bounds less than 8(n-len) bytes\n }\n\n, which can be catched by KASAN:\n =========================================================\n BUG: KASAN: slab-out-of-bounds in ecc_sw_hamming_calculate+0x1dc/0x7d0\n Read of size 4 at addr ffff888105594ff8 by task kworker/u8:4/128\n Workqueue: writeback wb_workfn (flush-ubifs_0_0)\n Call Trace:\n kasan_report.cold+0x81/0x165\n nand_write_page_swecc+0xa9/0x160\n ubifs_leb_write+0xf2/0x1b0 [ubifs]\n ubifs_wbuf_write_nolock+0x421/0x12c0 [ubifs]\n write_head+0xdc/0x1c0 [ubifs]\n ubifs_jnl_write_inode+0x627/0x960 [ubifs]\n wb_workfn+0x8af/0xb80\n\nFunction ubifs_wbuf_write_nolock() accepts that parameter \u0027len\u0027 is not 8\nbytes aligned, the \u0027len\u0027 represents the true length of buf (which is\nallocated in \u0027ubifs_jnl_xxx\u0027, eg. ubifs_jnl_write_inode), so\nubifs_wbuf_write_nolock() must handle the length read from \u0027buf\u0027 carefully\nto write leb safely.\n\nFetch a reproducer in [Link]."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:15.334Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5343575aa11c5d7044107d59d43f84aec01312b0"
},
{
"url": "https://git.kernel.org/stable/c/b80ccbec0e4804436c382d7dd60e943c386ed83a"
},
{
"url": "https://git.kernel.org/stable/c/07a209fadee7b53b46858538e1177597273862e4"
},
{
"url": "https://git.kernel.org/stable/c/a7054aaf1909cf40489c0ec1b728fdcf79c751a6"
},
{
"url": "https://git.kernel.org/stable/c/e09fa5318d51f522e1af4fbaf8f74999355980c8"
},
{
"url": "https://git.kernel.org/stable/c/3b7fb89135a20587d57f8877c02e25003e9edbdf"
},
{
"url": "https://git.kernel.org/stable/c/4f2262a334641e05f645364d5ade1f565c85f20b"
}
],
"title": "ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47636",
"datePublished": "2025-02-26T01:54:10.206Z",
"dateReserved": "2025-02-26T01:48:21.519Z",
"dateUpdated": "2025-10-01T19:57:08.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49214 (GCVE-0-2022-49214)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/64s: Don't use DSISR for SLB faults
Since commit 46ddcb3950a2 ("powerpc/mm: Show if a bad page fault on data
is read or write.") we use page_fault_is_write(regs->dsisr) in
__bad_page_fault() to determine if the fault is for a read or write, and
change the message printed accordingly.
But SLB faults, aka Data Segment Interrupts, don't set DSISR (Data
Storage Interrupt Status Register) to a useful value. All ISA versions
from v2.03 through v3.1 specify that the Data Segment Interrupt sets
DSISR "to an undefined value". As far as I can see there's no mention of
SLB faults setting DSISR in any BookIV content either.
This manifests as accesses that should be a read being incorrectly
reported as writes, for example, using the xmon "dump" command:
0:mon> d 0x5deadbeef0000000
5deadbeef0000000
[359526.415354][ C6] BUG: Unable to handle kernel data access on write at 0x5deadbeef0000000
[359526.415611][ C6] Faulting instruction address: 0xc00000000010a300
cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf400]
pc: c00000000010a300: mread+0x90/0x190
If we disassemble the PC, we see a load instruction:
0:mon> di c00000000010a300
c00000000010a300 89490000 lbz r10,0(r9)
We can also see in exceptions-64s.S that the data_access_slb block
doesn't set IDSISR=1, which means it doesn't load DSISR into pt_regs. So
the value we're using to determine if the fault is a read/write is some
stale value in pt_regs from a previous page fault.
Rework the printing logic to separate the SLB fault case out, and only
print read/write in the cases where we can determine it.
The result looks like eg:
0:mon> d 0x5deadbeef0000000
5deadbeef0000000
[ 721.779525][ C6] BUG: Unable to handle kernel data access at 0x5deadbeef0000000
[ 721.779697][ C6] Faulting instruction address: 0xc00000000014cbe0
cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf390]
0:mon> d 0
0000000000000000
[ 742.793242][ C6] BUG: Kernel NULL pointer dereference at 0x00000000
[ 742.793316][ C6] Faulting instruction address: 0xc00000000014cbe0
cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf390]
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/mm/fault.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4a852ff9b7bea9c640540e2c1bc70bd3ba455d61",
"status": "affected",
"version": "46ddcb3950a28c0df4815e8dbb8d4b91d5d9f22d",
"versionType": "git"
},
{
"lessThan": "a3dae36d632b2cf6eb20314273e512a96cb43c9a",
"status": "affected",
"version": "46ddcb3950a28c0df4815e8dbb8d4b91d5d9f22d",
"versionType": "git"
},
{
"lessThan": "093449bb182db885dae816d62874cccab7a4c42a",
"status": "affected",
"version": "46ddcb3950a28c0df4815e8dbb8d4b91d5d9f22d",
"versionType": "git"
},
{
"lessThan": "d4679ac8ea2e5078704aa1c026db36580cc1bf9a",
"status": "affected",
"version": "46ddcb3950a28c0df4815e8dbb8d4b91d5d9f22d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/mm/fault.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s: Don\u0027t use DSISR for SLB faults\n\nSince commit 46ddcb3950a2 (\"powerpc/mm: Show if a bad page fault on data\nis read or write.\") we use page_fault_is_write(regs-\u003edsisr) in\n__bad_page_fault() to determine if the fault is for a read or write, and\nchange the message printed accordingly.\n\nBut SLB faults, aka Data Segment Interrupts, don\u0027t set DSISR (Data\nStorage Interrupt Status Register) to a useful value. All ISA versions\nfrom v2.03 through v3.1 specify that the Data Segment Interrupt sets\nDSISR \"to an undefined value\". As far as I can see there\u0027s no mention of\nSLB faults setting DSISR in any BookIV content either.\n\nThis manifests as accesses that should be a read being incorrectly\nreported as writes, for example, using the xmon \"dump\" command:\n\n 0:mon\u003e d 0x5deadbeef0000000\n 5deadbeef0000000\n [359526.415354][ C6] BUG: Unable to handle kernel data access on write at 0x5deadbeef0000000\n [359526.415611][ C6] Faulting instruction address: 0xc00000000010a300\n cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf400]\n pc: c00000000010a300: mread+0x90/0x190\n\nIf we disassemble the PC, we see a load instruction:\n\n 0:mon\u003e di c00000000010a300\n c00000000010a300 89490000 lbz r10,0(r9)\n\nWe can also see in exceptions-64s.S that the data_access_slb block\ndoesn\u0027t set IDSISR=1, which means it doesn\u0027t load DSISR into pt_regs. So\nthe value we\u0027re using to determine if the fault is a read/write is some\nstale value in pt_regs from a previous page fault.\n\nRework the printing logic to separate the SLB fault case out, and only\nprint read/write in the cases where we can determine it.\n\nThe result looks like eg:\n\n 0:mon\u003e d 0x5deadbeef0000000\n 5deadbeef0000000\n [ 721.779525][ C6] BUG: Unable to handle kernel data access at 0x5deadbeef0000000\n [ 721.779697][ C6] Faulting instruction address: 0xc00000000014cbe0\n cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf390]\n\n 0:mon\u003e d 0\n 0000000000000000\n [ 742.793242][ C6] BUG: Kernel NULL pointer dereference at 0x00000000\n [ 742.793316][ C6] Faulting instruction address: 0xc00000000014cbe0\n cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf390]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:31.260Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4a852ff9b7bea9c640540e2c1bc70bd3ba455d61"
},
{
"url": "https://git.kernel.org/stable/c/a3dae36d632b2cf6eb20314273e512a96cb43c9a"
},
{
"url": "https://git.kernel.org/stable/c/093449bb182db885dae816d62874cccab7a4c42a"
},
{
"url": "https://git.kernel.org/stable/c/d4679ac8ea2e5078704aa1c026db36580cc1bf9a"
}
],
"title": "powerpc/64s: Don\u0027t use DSISR for SLB faults",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49214",
"datePublished": "2025-02-26T01:55:49.677Z",
"dateReserved": "2025-02-26T01:49:39.292Z",
"dateUpdated": "2025-05-04T08:32:31.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21772 (GCVE-0-2025-21772)
Vulnerability from cvelistv5
Published
2025-02-27 02:18
Modified
2025-11-03 19:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
partitions: mac: fix handling of bogus partition table
Fix several issues in partition probing:
- The bailout for a bad partoffset must use put_dev_sector(), since the
preceding read_part_sector() succeeded.
- If the partition table claims a silly sector size like 0xfff bytes
(which results in partition table entries straddling sector boundaries),
bail out instead of accessing out-of-bounds memory.
- We must not assume that the partition table contains proper NUL
termination - use strnlen() and strncmp() instead of strlen() and
strcmp().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:37:27.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/partitions/mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a3e77da9f843e4ab93917d30c314f0283e28c124",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "213ba5bd81b7e97ac6e6190b8f3bc6ba76123625",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "40a35d14f3c0dc72b689061ec72fc9b193f37d1f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "27a39d006f85e869be68c1d5d2ce05e5d6445bf5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "92527100be38ede924768f4277450dfe8a40e16b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6578717ebca91678131d2b1f4ba4258e60536e9f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7fa9706722882f634090bfc9af642bf9ed719e27",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "80e648042e512d5a767da251d44132553fe04ae0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/partitions/mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:20:46.575Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a3e77da9f843e4ab93917d30c314f0283e28c124"
},
{
"url": "https://git.kernel.org/stable/c/213ba5bd81b7e97ac6e6190b8f3bc6ba76123625"
},
{
"url": "https://git.kernel.org/stable/c/40a35d14f3c0dc72b689061ec72fc9b193f37d1f"
},
{
"url": "https://git.kernel.org/stable/c/27a39d006f85e869be68c1d5d2ce05e5d6445bf5"
},
{
"url": "https://git.kernel.org/stable/c/92527100be38ede924768f4277450dfe8a40e16b"
},
{
"url": "https://git.kernel.org/stable/c/6578717ebca91678131d2b1f4ba4258e60536e9f"
},
{
"url": "https://git.kernel.org/stable/c/7fa9706722882f634090bfc9af642bf9ed719e27"
},
{
"url": "https://git.kernel.org/stable/c/80e648042e512d5a767da251d44132553fe04ae0"
}
],
"title": "partitions: mac: fix handling of bogus partition table",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21772",
"datePublished": "2025-02-27T02:18:19.528Z",
"dateReserved": "2024-12-29T08:45:45.762Z",
"dateUpdated": "2025-11-03T19:37:27.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49435 (GCVE-0-2022-49435)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
It will cause null-ptr-deref when using 'res', if platform_get_resource()
returns NULL, so move using 'res' after devm_ioremap_resource() that
will check it to avoid null-ptr-deref.
And use devm_platform_get_and_ioremap_resource() to simplify code.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b5e29aa880be84c271be8d0726cec4018bfbfd74 Version: b5e29aa880be84c271be8d0726cec4018bfbfd74 Version: b5e29aa880be84c271be8d0726cec4018bfbfd74 Version: b5e29aa880be84c271be8d0726cec4018bfbfd74 Version: b5e29aa880be84c271be8d0726cec4018bfbfd74 Version: b5e29aa880be84c271be8d0726cec4018bfbfd74 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mfd/davinci_voicecodec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "49c1e32e7b3f301642a60448700ec531df981269",
"status": "affected",
"version": "b5e29aa880be84c271be8d0726cec4018bfbfd74",
"versionType": "git"
},
{
"lessThan": "a1d4941d9a24999f680799f9bbde7f57351ca637",
"status": "affected",
"version": "b5e29aa880be84c271be8d0726cec4018bfbfd74",
"versionType": "git"
},
{
"lessThan": "5289795824b77489803b0802cd9edc13824a2d0b",
"status": "affected",
"version": "b5e29aa880be84c271be8d0726cec4018bfbfd74",
"versionType": "git"
},
{
"lessThan": "2d00158a06efe6bbcd020108634ea0f2ed8b32f7",
"status": "affected",
"version": "b5e29aa880be84c271be8d0726cec4018bfbfd74",
"versionType": "git"
},
{
"lessThan": "579944b9f38727d9ff570b58f83bc424e8af8398",
"status": "affected",
"version": "b5e29aa880be84c271be8d0726cec4018bfbfd74",
"versionType": "git"
},
{
"lessThan": "311242c7703df0da14c206260b7e855f69cb0264",
"status": "affected",
"version": "b5e29aa880be84c271be8d0726cec4018bfbfd74",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mfd/davinci_voicecodec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()\n\nIt will cause null-ptr-deref when using \u0027res\u0027, if platform_get_resource()\nreturns NULL, so move using \u0027res\u0027 after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.\nAnd use devm_platform_get_and_ioremap_resource() to simplify code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:36.380Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/49c1e32e7b3f301642a60448700ec531df981269"
},
{
"url": "https://git.kernel.org/stable/c/a1d4941d9a24999f680799f9bbde7f57351ca637"
},
{
"url": "https://git.kernel.org/stable/c/5289795824b77489803b0802cd9edc13824a2d0b"
},
{
"url": "https://git.kernel.org/stable/c/2d00158a06efe6bbcd020108634ea0f2ed8b32f7"
},
{
"url": "https://git.kernel.org/stable/c/579944b9f38727d9ff570b58f83bc424e8af8398"
},
{
"url": "https://git.kernel.org/stable/c/311242c7703df0da14c206260b7e855f69cb0264"
}
],
"title": "mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49435",
"datePublished": "2025-02-26T02:12:51.554Z",
"dateReserved": "2025-02-26T02:08:31.570Z",
"dateUpdated": "2025-05-04T08:37:36.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49105 (GCVE-0-2022-49105)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
staging: wfx: fix an error handling in wfx_init_common()
One error handler of wfx_init_common() return without calling
ieee80211_free_hw(hw), which may result in memory leak. And I add
one err label to unify the error handler, which is useful for the
subsequent changes.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:49:12.268214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:05.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/wfx/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "93498c6e775ae91732a8109dba1bdcd324908f84",
"status": "affected",
"version": "a7a91ca5a23dbcc68f04d18ef7e765b1e4f64c7f",
"versionType": "git"
},
{
"lessThan": "86efcb524ae1889ae73f2a2f0bb7fff2ec757ab0",
"status": "affected",
"version": "a7a91ca5a23dbcc68f04d18ef7e765b1e4f64c7f",
"versionType": "git"
},
{
"lessThan": "ab0fed1fa744173433cfd1dbaf9239f200ded650",
"status": "affected",
"version": "a7a91ca5a23dbcc68f04d18ef7e765b1e4f64c7f",
"versionType": "git"
},
{
"lessThan": "9727912e906762a63c1a667c84731d3427653f88",
"status": "affected",
"version": "a7a91ca5a23dbcc68f04d18ef7e765b1e4f64c7f",
"versionType": "git"
},
{
"lessThan": "60f1d3c92dc1ef1026e5b917a329a7fa947da036",
"status": "affected",
"version": "a7a91ca5a23dbcc68f04d18ef7e765b1e4f64c7f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/wfx/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: wfx: fix an error handling in wfx_init_common()\n\nOne error handler of wfx_init_common() return without calling\nieee80211_free_hw(hw), which may result in memory leak. And I add\none err label to unify the error handler, which is useful for the\nsubsequent changes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:57.872Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/93498c6e775ae91732a8109dba1bdcd324908f84"
},
{
"url": "https://git.kernel.org/stable/c/86efcb524ae1889ae73f2a2f0bb7fff2ec757ab0"
},
{
"url": "https://git.kernel.org/stable/c/ab0fed1fa744173433cfd1dbaf9239f200ded650"
},
{
"url": "https://git.kernel.org/stable/c/9727912e906762a63c1a667c84731d3427653f88"
},
{
"url": "https://git.kernel.org/stable/c/60f1d3c92dc1ef1026e5b917a329a7fa947da036"
}
],
"title": "staging: wfx: fix an error handling in wfx_init_common()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49105",
"datePublished": "2025-02-26T01:54:53.509Z",
"dateReserved": "2025-02-26T01:49:39.250Z",
"dateUpdated": "2025-10-01T19:57:05.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3435 (GCVE-0-2022-3435)
Vulnerability from cvelistv5
Published
2022-10-08 00:00
Modified
2025-04-15 13:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Memory Corruption -> CWE-125 Out-of-Bounds Read
Summary
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern%40kernel.org/T/#u"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.210357"
},
{
"name": "FEDORA-2022-2cfbe17910",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"
},
{
"name": "FEDORA-2022-b948fc3cfb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"
},
{
"name": "FEDORA-2022-1a5b125ac6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"
},
{
"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:10:02.272892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:46:07.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Memory Corruption -\u003e CWE-125 Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern%40kernel.org/T/#u"
},
{
"url": "https://vuldb.com/?id.210357"
},
{
"name": "FEDORA-2022-2cfbe17910",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"
},
{
"name": "FEDORA-2022-b948fc3cfb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"
},
{
"name": "FEDORA-2022-1a5b125ac6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"
},
{
"name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
}
],
"title": "Linux Kernel IPv4 fib_semantics.c fib_nh_match out-of-bounds",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3435",
"datePublished": "2022-10-08T00:00:00.000Z",
"dateReserved": "2022-10-08T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:46:07.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49418 (GCVE-0-2022-49418)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-06-19 12:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFSv4: Fix free of uninitialized nfs4_label on referral lookup.
Send along the already-allocated fattr along with nfs4_fs_locations, and
drop the memcpy of fattr. We end up growing two more allocations, but this
fixes up a crash as:
PID: 790 TASK: ffff88811b43c000 CPU: 0 COMMAND: "ls"
#0 [ffffc90000857920] panic at ffffffff81b9bfde
#1 [ffffc900008579c0] do_trap at ffffffff81023a9b
#2 [ffffc90000857a10] do_error_trap at ffffffff81023b78
#3 [ffffc90000857a58] exc_stack_segment at ffffffff81be1f45
#4 [ffffc90000857a80] asm_exc_stack_segment at ffffffff81c009de
#5 [ffffc90000857b08] nfs_lookup at ffffffffa0302322 [nfs]
#6 [ffffc90000857b70] __lookup_slow at ffffffff813a4a5f
#7 [ffffc90000857c60] walk_component at ffffffff813a86c4
#8 [ffffc90000857cb8] path_lookupat at ffffffff813a9553
#9 [ffffc90000857cf0] filename_lookup at ffffffff813ab86b
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/nfs4namespace.c",
"fs/nfs/nfs4proc.c",
"fs/nfs/nfs4state.c",
"fs/nfs/nfs4xdr.c",
"include/linux/nfs_xdr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6015292653d95ba9f72906e2b65e536aa5807d64",
"status": "affected",
"version": "9558a007dbc383d48e7f5a123d0b5ff656c71068",
"versionType": "git"
},
{
"lessThan": "c3ed222745d9ad7b69299b349a64ba533c64a34f",
"status": "affected",
"version": "9558a007dbc383d48e7f5a123d0b5ff656c71068",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/nfs4namespace.c",
"fs/nfs/nfs4proc.c",
"fs/nfs/nfs4state.c",
"fs/nfs/nfs4xdr.c",
"include/linux/nfs_xdr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Fix free of uninitialized nfs4_label on referral lookup.\n\nSend along the already-allocated fattr along with nfs4_fs_locations, and\ndrop the memcpy of fattr. We end up growing two more allocations, but this\nfixes up a crash as:\n\nPID: 790 TASK: ffff88811b43c000 CPU: 0 COMMAND: \"ls\"\n #0 [ffffc90000857920] panic at ffffffff81b9bfde\n #1 [ffffc900008579c0] do_trap at ffffffff81023a9b\n #2 [ffffc90000857a10] do_error_trap at ffffffff81023b78\n #3 [ffffc90000857a58] exc_stack_segment at ffffffff81be1f45\n #4 [ffffc90000857a80] asm_exc_stack_segment at ffffffff81c009de\n #5 [ffffc90000857b08] nfs_lookup at ffffffffa0302322 [nfs]\n #6 [ffffc90000857b70] __lookup_slow at ffffffff813a4a5f\n #7 [ffffc90000857c60] walk_component at ffffffff813a86c4\n #8 [ffffc90000857cb8] path_lookupat at ffffffff813a9553\n #9 [ffffc90000857cf0] filename_lookup at ffffffff813ab86b"
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:39:09.366Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6015292653d95ba9f72906e2b65e536aa5807d64"
},
{
"url": "https://git.kernel.org/stable/c/c3ed222745d9ad7b69299b349a64ba533c64a34f"
}
],
"title": "NFSv4: Fix free of uninitialized nfs4_label on referral lookup.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49418",
"datePublished": "2025-02-26T02:12:43.359Z",
"dateReserved": "2025-02-26T02:08:31.568Z",
"dateUpdated": "2025-06-19T12:39:09.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49226 (GCVE-0-2022-49226)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: asix: add proper error handling of usb read errors
Syzbot once again hit uninit value in asix driver. The problem still the
same -- asix_read_cmd() reads less bytes, than was requested by caller.
Since all read requests are performed via asix_read_cmd() let's catch
usb related error there and add __must_check notation to be sure all
callers actually check return value.
So, this patch adds sanity check inside asix_read_cmd(), that simply
checks if bytes read are not less, than was requested and adds missing
error handling of asix_read_cmd() all across the driver code.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/asix.h",
"drivers/net/usb/asix_common.c",
"drivers/net/usb/asix_devices.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b96a7265f763b37ff3138b9ca8122a950f13b00e",
"status": "affected",
"version": "d9fe64e511144c1ee7d7555b4111f09dde9692ef",
"versionType": "git"
},
{
"lessThan": "9ea8d2fca8fea3b17005b4dc02f8ef15f7a2fb97",
"status": "affected",
"version": "d9fe64e511144c1ee7d7555b4111f09dde9692ef",
"versionType": "git"
},
{
"lessThan": "662ff765470ad0d11a1153d6d8e99d69a98e60b4",
"status": "affected",
"version": "d9fe64e511144c1ee7d7555b4111f09dde9692ef",
"versionType": "git"
},
{
"lessThan": "920a9fa27e7805499cfe78491b36fed2322c02ec",
"status": "affected",
"version": "d9fe64e511144c1ee7d7555b4111f09dde9692ef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/asix.h",
"drivers/net/usb/asix_common.c",
"drivers/net/usb/asix_devices.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: asix: add proper error handling of usb read errors\n\nSyzbot once again hit uninit value in asix driver. The problem still the\nsame -- asix_read_cmd() reads less bytes, than was requested by caller.\n\nSince all read requests are performed via asix_read_cmd() let\u0027s catch\nusb related error there and add __must_check notation to be sure all\ncallers actually check return value.\n\nSo, this patch adds sanity check inside asix_read_cmd(), that simply\nchecks if bytes read are not less, than was requested and adds missing\nerror handling of asix_read_cmd() all across the driver code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:51.283Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b96a7265f763b37ff3138b9ca8122a950f13b00e"
},
{
"url": "https://git.kernel.org/stable/c/9ea8d2fca8fea3b17005b4dc02f8ef15f7a2fb97"
},
{
"url": "https://git.kernel.org/stable/c/662ff765470ad0d11a1153d6d8e99d69a98e60b4"
},
{
"url": "https://git.kernel.org/stable/c/920a9fa27e7805499cfe78491b36fed2322c02ec"
}
],
"title": "net: asix: add proper error handling of usb read errors",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49226",
"datePublished": "2025-02-26T01:55:55.716Z",
"dateReserved": "2025-02-26T01:49:39.293Z",
"dateUpdated": "2025-05-04T08:32:51.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49455 (GCVE-0-2022-49455)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
misc: ocxl: fix possible double free in ocxl_file_register_afu
info_release() will be called in device_unregister() when info->dev's
reference count is 0. So there is no need to call ocxl_afu_put() and
kfree() again.
Fix this by adding free_minor() and return to err_unregister error path.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 75ca758adbafc81804c39b2c200ecdc819a6c042 Version: 75ca758adbafc81804c39b2c200ecdc819a6c042 Version: 75ca758adbafc81804c39b2c200ecdc819a6c042 Version: 75ca758adbafc81804c39b2c200ecdc819a6c042 Version: 75ca758adbafc81804c39b2c200ecdc819a6c042 Version: 75ca758adbafc81804c39b2c200ecdc819a6c042 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:40:19.995096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:47.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/misc/ocxl/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "de65c32ace9aa70d51facc61ba986607075e3a25",
"status": "affected",
"version": "75ca758adbafc81804c39b2c200ecdc819a6c042",
"versionType": "git"
},
{
"lessThan": "ee89d8dee55ab4b3b8ad8b70866b2841ba334767",
"status": "affected",
"version": "75ca758adbafc81804c39b2c200ecdc819a6c042",
"versionType": "git"
},
{
"lessThan": "8fb674216835e1f0c143762696d645facebb4685",
"status": "affected",
"version": "75ca758adbafc81804c39b2c200ecdc819a6c042",
"versionType": "git"
},
{
"lessThan": "252768d32e92c1214aeebb5fec0844ca479bcf5c",
"status": "affected",
"version": "75ca758adbafc81804c39b2c200ecdc819a6c042",
"versionType": "git"
},
{
"lessThan": "9e9087cf34ee69f4e95d146ac29385d6e367a97b",
"status": "affected",
"version": "75ca758adbafc81804c39b2c200ecdc819a6c042",
"versionType": "git"
},
{
"lessThan": "950cf957fe34d40d63dfa3bf3968210430b6491e",
"status": "affected",
"version": "75ca758adbafc81804c39b2c200ecdc819a6c042",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/misc/ocxl/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: ocxl: fix possible double free in ocxl_file_register_afu\n\ninfo_release() will be called in device_unregister() when info-\u003edev\u0027s\nreference count is 0. So there is no need to call ocxl_afu_put() and\nkfree() again.\n\nFix this by adding free_minor() and return to err_unregister error path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:06.650Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/de65c32ace9aa70d51facc61ba986607075e3a25"
},
{
"url": "https://git.kernel.org/stable/c/ee89d8dee55ab4b3b8ad8b70866b2841ba334767"
},
{
"url": "https://git.kernel.org/stable/c/8fb674216835e1f0c143762696d645facebb4685"
},
{
"url": "https://git.kernel.org/stable/c/252768d32e92c1214aeebb5fec0844ca479bcf5c"
},
{
"url": "https://git.kernel.org/stable/c/9e9087cf34ee69f4e95d146ac29385d6e367a97b"
},
{
"url": "https://git.kernel.org/stable/c/950cf957fe34d40d63dfa3bf3968210430b6491e"
}
],
"title": "misc: ocxl: fix possible double free in ocxl_file_register_afu",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49455",
"datePublished": "2025-02-26T02:13:04.116Z",
"dateReserved": "2025-02-26T02:08:31.573Z",
"dateUpdated": "2025-10-01T19:46:47.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49263 (GCVE-0-2022-49263)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
This avoids leaking memory if brcmf_chip_get_raminfo fails. Note that
the CLM blob is released in the device remove path.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 82f93cf46d6007ffa003b2d4a2834563b6b84d21 Version: 82f93cf46d6007ffa003b2d4a2834563b6b84d21 Version: 82f93cf46d6007ffa003b2d4a2834563b6b84d21 Version: 82f93cf46d6007ffa003b2d4a2834563b6b84d21 Version: 82f93cf46d6007ffa003b2d4a2834563b6b84d21 Version: 82f93cf46d6007ffa003b2d4a2834563b6b84d21 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d0ab87f8dcdfe72dc1d763be3392c1fc51a1ace2",
"status": "affected",
"version": "82f93cf46d6007ffa003b2d4a2834563b6b84d21",
"versionType": "git"
},
{
"lessThan": "f3820ddaf4f3ac80c7401ccc6a42e663c9317f31",
"status": "affected",
"version": "82f93cf46d6007ffa003b2d4a2834563b6b84d21",
"versionType": "git"
},
{
"lessThan": "a88337a06966f2d733ad9a97714b874469133f14",
"status": "affected",
"version": "82f93cf46d6007ffa003b2d4a2834563b6b84d21",
"versionType": "git"
},
{
"lessThan": "4e0b507597e1a86e9b4c056ab274c427223cf8ea",
"status": "affected",
"version": "82f93cf46d6007ffa003b2d4a2834563b6b84d21",
"versionType": "git"
},
{
"lessThan": "0347bdfdb1529994ac3a4cb425087c477a74eb2c",
"status": "affected",
"version": "82f93cf46d6007ffa003b2d4a2834563b6b84d21",
"versionType": "git"
},
{
"lessThan": "5e90f0f3ead014867dade7a22f93958119f5efab",
"status": "affected",
"version": "82f93cf46d6007ffa003b2d4a2834563b6b84d21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbrcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path\n\nThis avoids leaking memory if brcmf_chip_get_raminfo fails. Note that\nthe CLM blob is released in the device remove path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:38.564Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d0ab87f8dcdfe72dc1d763be3392c1fc51a1ace2"
},
{
"url": "https://git.kernel.org/stable/c/f3820ddaf4f3ac80c7401ccc6a42e663c9317f31"
},
{
"url": "https://git.kernel.org/stable/c/a88337a06966f2d733ad9a97714b874469133f14"
},
{
"url": "https://git.kernel.org/stable/c/4e0b507597e1a86e9b4c056ab274c427223cf8ea"
},
{
"url": "https://git.kernel.org/stable/c/0347bdfdb1529994ac3a4cb425087c477a74eb2c"
},
{
"url": "https://git.kernel.org/stable/c/5e90f0f3ead014867dade7a22f93958119f5efab"
}
],
"title": "brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49263",
"datePublished": "2025-02-26T01:56:14.061Z",
"dateReserved": "2025-02-26T01:49:39.296Z",
"dateUpdated": "2025-05-04T08:33:38.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49683 (GCVE-0-2022-49683)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:32:52.324254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:46.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/adi-axi-adc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "501652a2ad5450b4908e1f204ce75b2414c305b7",
"status": "affected",
"version": "ef04070692a21633ec6a60f80c19b6af44b3cf47",
"versionType": "git"
},
{
"lessThan": "ab7bf025cee89db73c649216ddd2bc589c3d3862",
"status": "affected",
"version": "ef04070692a21633ec6a60f80c19b6af44b3cf47",
"versionType": "git"
},
{
"lessThan": "5eaa84e1605035a90a64d25b6cba79e89d188175",
"status": "affected",
"version": "ef04070692a21633ec6a60f80c19b6af44b3cf47",
"versionType": "git"
},
{
"lessThan": "ada7b0c0dedafd7d059115adf49e48acba3153a8",
"status": "affected",
"version": "ef04070692a21633ec6a60f80c19b6af44b3cf47",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/adi-axi-adc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:14.938Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/501652a2ad5450b4908e1f204ce75b2414c305b7"
},
{
"url": "https://git.kernel.org/stable/c/ab7bf025cee89db73c649216ddd2bc589c3d3862"
},
{
"url": "https://git.kernel.org/stable/c/5eaa84e1605035a90a64d25b6cba79e89d188175"
},
{
"url": "https://git.kernel.org/stable/c/ada7b0c0dedafd7d059115adf49e48acba3153a8"
}
],
"title": "iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49683",
"datePublished": "2025-02-26T02:24:11.201Z",
"dateReserved": "2025-02-26T02:21:30.440Z",
"dateUpdated": "2025-10-01T19:36:46.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49348 (GCVE-0-2022-49348)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-06-19 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state
The EXT4_FC_REPLAY bit in sbi->s_mount_state is used to indicate that
we are in the middle of replay the fast commit journal. This was
actually a mistake, since the sbi->s_mount_info is initialized from
es->s_state. Arguably s_mount_state is misleadingly named, but the
name is historical --- s_mount_state and s_state dates back to ext2.
What should have been used is the ext4_{set,clear,test}_mount_flag()
inline functions, which sets EXT4_MF_* bits in sbi->s_mount_flags.
The problem with using EXT4_FC_REPLAY is that a maliciously corrupted
superblock could result in EXT4_FC_REPLAY getting set in
s_mount_state. This bypasses some sanity checks, and this can trigger
a BUG() in ext4_es_cache_extent(). As a easy-to-backport-fix, filter
out the EXT4_FC_REPLAY bit for now. We should eventually transition
away from EXT4_FC_REPLAY to something like EXT4_MF_REPLAY.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc5b09cb6dacd4b32640537929ab4ee8fb2b9e04",
"status": "affected",
"version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
"versionType": "git"
},
{
"lessThan": "b99fd73418350dea360da8311e87a6a7b0e15a4c",
"status": "affected",
"version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
"versionType": "git"
},
{
"lessThan": "af2f1932743fb52ebcb008ad7ac500d9df0aa796",
"status": "affected",
"version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
"versionType": "git"
},
{
"lessThan": "55b4dbb29054a05d839562f6d635ce05669b016d",
"status": "affected",
"version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
"versionType": "git"
},
{
"lessThan": "c878bea3c9d724ddfa05a813f30de3d25a0ba83f",
"status": "affected",
"version": "8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state\n\nThe EXT4_FC_REPLAY bit in sbi-\u003es_mount_state is used to indicate that\nwe are in the middle of replay the fast commit journal. This was\nactually a mistake, since the sbi-\u003es_mount_info is initialized from\nes-\u003es_state. Arguably s_mount_state is misleadingly named, but the\nname is historical --- s_mount_state and s_state dates back to ext2.\n\nWhat should have been used is the ext4_{set,clear,test}_mount_flag()\ninline functions, which sets EXT4_MF_* bits in sbi-\u003es_mount_flags.\n\nThe problem with using EXT4_FC_REPLAY is that a maliciously corrupted\nsuperblock could result in EXT4_FC_REPLAY getting set in\ns_mount_state. This bypasses some sanity checks, and this can trigger\na BUG() in ext4_es_cache_extent(). As a easy-to-backport-fix, filter\nout the EXT4_FC_REPLAY bit for now. We should eventually transition\naway from EXT4_FC_REPLAY to something like EXT4_MF_REPLAY."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:56:18.264Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc5b09cb6dacd4b32640537929ab4ee8fb2b9e04"
},
{
"url": "https://git.kernel.org/stable/c/b99fd73418350dea360da8311e87a6a7b0e15a4c"
},
{
"url": "https://git.kernel.org/stable/c/af2f1932743fb52ebcb008ad7ac500d9df0aa796"
},
{
"url": "https://git.kernel.org/stable/c/55b4dbb29054a05d839562f6d635ce05669b016d"
},
{
"url": "https://git.kernel.org/stable/c/c878bea3c9d724ddfa05a813f30de3d25a0ba83f"
}
],
"title": "ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49348",
"datePublished": "2025-02-26T02:11:02.518Z",
"dateReserved": "2025-02-26T02:08:31.543Z",
"dateUpdated": "2025-06-19T12:56:18.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49163 (GCVE-0-2022-49163)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: imx-jpeg: fix a bug of accessing array out of bounds
When error occurs in parsing jpeg, the slot isn't acquired yet, it may
be the default value MXC_MAX_SLOTS.
If the driver access the slot using the incorrect slot number, it will
access array out of bounds.
The result is the driver will change num_domains, which follows
slot_data in struct mxc_jpeg_dev.
Then the driver won't detach the pm domain at rmmod, which will lead to
kernel panic when trying to insmod again.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/imx-jpeg/mxc-jpeg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "02f9f97d54ffc85b50ad77f5b1f3c8f69cd17747",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
},
{
"lessThan": "20c8b90430c5d6c4a3936eaa7c35aac670581487",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
},
{
"lessThan": "e209e6db2e527db6a93b14c2deedf969caca78fc",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
},
{
"lessThan": "97558d170a1236280407e8d29a7d095d2c2ed554",
"status": "affected",
"version": "2db16c6ed72ce644d5639b3ed15e5817442db4ba",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/imx-jpeg/mxc-jpeg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: fix a bug of accessing array out of bounds\n\nWhen error occurs in parsing jpeg, the slot isn\u0027t acquired yet, it may\nbe the default value MXC_MAX_SLOTS.\nIf the driver access the slot using the incorrect slot number, it will\naccess array out of bounds.\nThe result is the driver will change num_domains, which follows\nslot_data in struct mxc_jpeg_dev.\nThen the driver won\u0027t detach the pm domain at rmmod, which will lead to\nkernel panic when trying to insmod again."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:20.976Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/02f9f97d54ffc85b50ad77f5b1f3c8f69cd17747"
},
{
"url": "https://git.kernel.org/stable/c/20c8b90430c5d6c4a3936eaa7c35aac670581487"
},
{
"url": "https://git.kernel.org/stable/c/e209e6db2e527db6a93b14c2deedf969caca78fc"
},
{
"url": "https://git.kernel.org/stable/c/97558d170a1236280407e8d29a7d095d2c2ed554"
}
],
"title": "media: imx-jpeg: fix a bug of accessing array out of bounds",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49163",
"datePublished": "2025-02-26T01:55:24.043Z",
"dateReserved": "2025-02-26T01:49:39.277Z",
"dateUpdated": "2025-05-04T08:31:20.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49473 (GCVE-0-2022-49473)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not needed anymore.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:43.010636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:46.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/ti/j721e-evm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "510e879420b410d88c612aecc6ca15dc6fe77473",
"status": "affected",
"version": "6748d05590594837e42dfa975879fb275099f0b2",
"versionType": "git"
},
{
"lessThan": "2a3966b950b37a6f10c5f9caee15b4cdcf5a7413",
"status": "affected",
"version": "6748d05590594837e42dfa975879fb275099f0b2",
"versionType": "git"
},
{
"lessThan": "d748ff8fbb3a5296bddd586445dc692b079cbe3d",
"status": "affected",
"version": "6748d05590594837e42dfa975879fb275099f0b2",
"versionType": "git"
},
{
"lessThan": "554df0f70bff1ace6d2df2fcaddbc9b7bd509de2",
"status": "affected",
"version": "6748d05590594837e42dfa975879fb275099f0b2",
"versionType": "git"
},
{
"lessThan": "a34840c4eb3278a7c29c9c57a65ce7541c66f9f2",
"status": "affected",
"version": "6748d05590594837e42dfa975879fb275099f0b2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/ti/j721e-evm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not needed anymore.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:28.831Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/510e879420b410d88c612aecc6ca15dc6fe77473"
},
{
"url": "https://git.kernel.org/stable/c/2a3966b950b37a6f10c5f9caee15b4cdcf5a7413"
},
{
"url": "https://git.kernel.org/stable/c/d748ff8fbb3a5296bddd586445dc692b079cbe3d"
},
{
"url": "https://git.kernel.org/stable/c/554df0f70bff1ace6d2df2fcaddbc9b7bd509de2"
},
{
"url": "https://git.kernel.org/stable/c/a34840c4eb3278a7c29c9c57a65ce7541c66f9f2"
}
],
"title": "ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49473",
"datePublished": "2025-02-26T02:13:16.008Z",
"dateReserved": "2025-02-26T02:08:31.579Z",
"dateUpdated": "2025-10-01T19:46:46.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49051 (GCVE-0-2022-49051)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
aqc111_rx_fixup() contains several out-of-bounds accesses that can be
triggered by a malicious (or defective) USB device, in particular:
- The metadata array (desc_offset..desc_offset+2*pkt_count) can be out of bounds,
causing OOB reads and (on big-endian systems) OOB endianness flips.
- A packet can overlap the metadata array, causing a later OOB
endianness flip to corrupt data used by a cloned SKB that has already
been handed off into the network stack.
- A packet SKB can be constructed whose tail is far beyond its end,
causing out-of-bounds heap data to be considered part of the SKB's
data.
Found doing variant analysis. Tested it with another driver (ax88179_178a), since
I don't have a aqc111 device to test it, but the code looks very similar.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/aqc111.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "404998a137bcb8a926f7c949030afbe285472593",
"status": "affected",
"version": "17364b805f5b9016bb528241ba91481e3497e5e1",
"versionType": "git"
},
{
"lessThan": "d90df6da50c56ad8b1a132e3cf86b6cdf8f507b7",
"status": "affected",
"version": "17364b805f5b9016bb528241ba91481e3497e5e1",
"versionType": "git"
},
{
"lessThan": "b416898442f2b6aa9f1b2f2968ce07e3abaa05f7",
"status": "affected",
"version": "17364b805f5b9016bb528241ba91481e3497e5e1",
"versionType": "git"
},
{
"lessThan": "36311fe98f55dea9200c69e2dd6d6ddb8fc94080",
"status": "affected",
"version": "17364b805f5b9016bb528241ba91481e3497e5e1",
"versionType": "git"
},
{
"lessThan": "afb8e246527536848b9b4025b40e613edf776a9d",
"status": "affected",
"version": "17364b805f5b9016bb528241ba91481e3497e5e1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/aqc111.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.190",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.112",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.35",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: aqc111: Fix out-of-bounds accesses in RX fixup\n\naqc111_rx_fixup() contains several out-of-bounds accesses that can be\ntriggered by a malicious (or defective) USB device, in particular:\n\n - The metadata array (desc_offset..desc_offset+2*pkt_count) can be out of bounds,\n causing OOB reads and (on big-endian systems) OOB endianness flips.\n - A packet can overlap the metadata array, causing a later OOB\n endianness flip to corrupt data used by a cloned SKB that has already\n been handed off into the network stack.\n - A packet SKB can be constructed whose tail is far beyond its end,\n causing out-of-bounds heap data to be considered part of the SKB\u0027s\n data.\n\nFound doing variant analysis. Tested it with another driver (ax88179_178a), since\nI don\u0027t have a aqc111 device to test it, but the code looks very similar."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:41.831Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/404998a137bcb8a926f7c949030afbe285472593"
},
{
"url": "https://git.kernel.org/stable/c/d90df6da50c56ad8b1a132e3cf86b6cdf8f507b7"
},
{
"url": "https://git.kernel.org/stable/c/b416898442f2b6aa9f1b2f2968ce07e3abaa05f7"
},
{
"url": "https://git.kernel.org/stable/c/36311fe98f55dea9200c69e2dd6d6ddb8fc94080"
},
{
"url": "https://git.kernel.org/stable/c/afb8e246527536848b9b4025b40e613edf776a9d"
}
],
"title": "net: usb: aqc111: Fix out-of-bounds accesses in RX fixup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49051",
"datePublished": "2025-02-26T01:54:25.850Z",
"dateReserved": "2025-02-26T01:49:39.242Z",
"dateUpdated": "2025-05-04T08:28:41.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49544 (GCVE-0-2022-49544)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipw2x00: Fix potential NULL dereference in libipw_xmit()
crypt and crypt->ops could be null, so we need to checking null
before dereference
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:37:32.320918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:39.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/ipw2x00/libipw_tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1ff6b0727c8988f25eeb670b6c038c1120bb58dd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b4628e0d3754ab2fc98ee6e3d21851ba45798077",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "167affc11781d7d35c4c3a7630a549ac74dd0b21",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8fb1b9beb085bb767ae43e441db5ac6fcd66a04d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "98d1dc32f890642476dbb78ed3437a456bf421b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "48d4a820fd33f012e5f63735a59d15b5a3882882",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f7ea274e88c0eeffe6bd6dbf6cf5c479d356af6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "528d2023ccf4748fd542582955236c1634a7d293",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e8366bbabe1d207cf7c5b11ae50e223ae6fc278b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/ipw2x00/libipw_tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipw2x00: Fix potential NULL dereference in libipw_xmit()\n\ncrypt and crypt-\u003eops could be null, so we need to checking null\nbefore dereference"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:13.225Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1ff6b0727c8988f25eeb670b6c038c1120bb58dd"
},
{
"url": "https://git.kernel.org/stable/c/b4628e0d3754ab2fc98ee6e3d21851ba45798077"
},
{
"url": "https://git.kernel.org/stable/c/167affc11781d7d35c4c3a7630a549ac74dd0b21"
},
{
"url": "https://git.kernel.org/stable/c/8fb1b9beb085bb767ae43e441db5ac6fcd66a04d"
},
{
"url": "https://git.kernel.org/stable/c/98d1dc32f890642476dbb78ed3437a456bf421b0"
},
{
"url": "https://git.kernel.org/stable/c/48d4a820fd33f012e5f63735a59d15b5a3882882"
},
{
"url": "https://git.kernel.org/stable/c/5f7ea274e88c0eeffe6bd6dbf6cf5c479d356af6"
},
{
"url": "https://git.kernel.org/stable/c/528d2023ccf4748fd542582955236c1634a7d293"
},
{
"url": "https://git.kernel.org/stable/c/e8366bbabe1d207cf7c5b11ae50e223ae6fc278b"
}
],
"title": "ipw2x00: Fix potential NULL dereference in libipw_xmit()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49544",
"datePublished": "2025-02-26T02:13:57.898Z",
"dateReserved": "2025-02-26T02:08:31.590Z",
"dateUpdated": "2025-10-01T19:46:39.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49413 (GCVE-0-2022-49413)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bfq: Update cgroup information before merging bio
When the process is migrated to a different cgroup (or in case of
writeback just starts submitting bios associated with a different
cgroup) bfq_merge_bio() can operate with stale cgroup information in
bic. Thus the bio can be merged to a request from a different cgroup or
it can result in merging of bfqqs for different cgroups or bfqqs of
already dead cgroups and causing possible use-after-free issues. Fix the
problem by updating cgroup information in bfq_merge_bio().
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e21b7a0b988772e82e7147e1c659a5afe2ae003c Version: e21b7a0b988772e82e7147e1c659a5afe2ae003c Version: e21b7a0b988772e82e7147e1c659a5afe2ae003c Version: e21b7a0b988772e82e7147e1c659a5afe2ae003c Version: e21b7a0b988772e82e7147e1c659a5afe2ae003c Version: e21b7a0b988772e82e7147e1c659a5afe2ae003c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:16:22.832240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:33.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/bfq-iosched.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "da9f3025d595956410ceaab2bea01980d7775948",
"status": "affected",
"version": "e21b7a0b988772e82e7147e1c659a5afe2ae003c",
"versionType": "git"
},
{
"lessThan": "b06691af08b41dfd81052a3362514d9827b44bb1",
"status": "affected",
"version": "e21b7a0b988772e82e7147e1c659a5afe2ae003c",
"versionType": "git"
},
{
"lessThan": "e8821f45612f2e6d9adb9c6ba0fb4184f57692aa",
"status": "affected",
"version": "e21b7a0b988772e82e7147e1c659a5afe2ae003c",
"versionType": "git"
},
{
"lessThan": "d9165200c5627a2cf4408eefabdf0058bdf95e1a",
"status": "affected",
"version": "e21b7a0b988772e82e7147e1c659a5afe2ae003c",
"versionType": "git"
},
{
"lessThan": "2a1077f17169a6059992a0bbdb330e0abad1e6d9",
"status": "affected",
"version": "e21b7a0b988772e82e7147e1c659a5afe2ae003c",
"versionType": "git"
},
{
"lessThan": "ea591cd4eb270393810e7be01feb8fde6a34fbbe",
"status": "affected",
"version": "e21b7a0b988772e82e7147e1c659a5afe2ae003c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/bfq-iosched.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbfq: Update cgroup information before merging bio\n\nWhen the process is migrated to a different cgroup (or in case of\nwriteback just starts submitting bios associated with a different\ncgroup) bfq_merge_bio() can operate with stale cgroup information in\nbic. Thus the bio can be merged to a request from a different cgroup or\nit can result in merging of bfqqs for different cgroups or bfqqs of\nalready dead cgroups and causing possible use-after-free issues. Fix the\nproblem by updating cgroup information in bfq_merge_bio()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:09.165Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/da9f3025d595956410ceaab2bea01980d7775948"
},
{
"url": "https://git.kernel.org/stable/c/b06691af08b41dfd81052a3362514d9827b44bb1"
},
{
"url": "https://git.kernel.org/stable/c/e8821f45612f2e6d9adb9c6ba0fb4184f57692aa"
},
{
"url": "https://git.kernel.org/stable/c/d9165200c5627a2cf4408eefabdf0058bdf95e1a"
},
{
"url": "https://git.kernel.org/stable/c/2a1077f17169a6059992a0bbdb330e0abad1e6d9"
},
{
"url": "https://git.kernel.org/stable/c/ea591cd4eb270393810e7be01feb8fde6a34fbbe"
}
],
"title": "bfq: Update cgroup information before merging bio",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49413",
"datePublished": "2025-02-26T02:12:34.604Z",
"dateReserved": "2025-02-26T02:08:31.567Z",
"dateUpdated": "2025-05-04T08:37:09.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49671 (GCVE-0-2022-49671)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cm: Fix memory leak in ib_cm_insert_listen
cm_alloc_id_priv() allocates resource for the cm_id_priv. When
cm_init_listen() fails it doesn't free it, leading to memory leak.
Add the missing error unwind.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:18.582567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:47.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/cm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b0cab8b517aeaf2592c3479294f934209c41a26f",
"status": "affected",
"version": "98f67156a80f37db70ec64787020b1f9bc8aea8c",
"versionType": "git"
},
{
"lessThan": "889000874c1204e47c7f2a4945db262a47e7efc9",
"status": "affected",
"version": "98f67156a80f37db70ec64787020b1f9bc8aea8c",
"versionType": "git"
},
{
"lessThan": "2febf09a8a8ae4accf908f043f1bab1421056568",
"status": "affected",
"version": "98f67156a80f37db70ec64787020b1f9bc8aea8c",
"versionType": "git"
},
{
"lessThan": "2990f223ffa7bb25422956b9f79f9176a5b38346",
"status": "affected",
"version": "98f67156a80f37db70ec64787020b1f9bc8aea8c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/cm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.129",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.53",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.10",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cm: Fix memory leak in ib_cm_insert_listen\n\ncm_alloc_id_priv() allocates resource for the cm_id_priv. When\ncm_init_listen() fails it doesn\u0027t free it, leading to memory leak.\n\nAdd the missing error unwind."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:59.885Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b0cab8b517aeaf2592c3479294f934209c41a26f"
},
{
"url": "https://git.kernel.org/stable/c/889000874c1204e47c7f2a4945db262a47e7efc9"
},
{
"url": "https://git.kernel.org/stable/c/2febf09a8a8ae4accf908f043f1bab1421056568"
},
{
"url": "https://git.kernel.org/stable/c/2990f223ffa7bb25422956b9f79f9176a5b38346"
}
],
"title": "RDMA/cm: Fix memory leak in ib_cm_insert_listen",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49671",
"datePublished": "2025-02-26T02:24:04.608Z",
"dateReserved": "2025-02-26T02:21:30.437Z",
"dateUpdated": "2025-10-01T19:36:47.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49097 (GCVE-0-2022-49097)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFS: Avoid writeback threads getting stuck in mempool_alloc()
In a low memory situation, allow the NFS writeback code to fail without
getting stuck in infinite loops in mempool_alloc().
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/pagelist.c",
"fs/nfs/write.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c74e2f6ecc51bd08bb5b0335477dba954a50592e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ea029e4ce760f786919d06ef52efa2e50ea92a5f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1b3fa9a3c420c31e77b406ddc28f3a627100516c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a6caeddd68977a1aaaf62fbd1955b41dd5c3c5d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0bae835b63c53f86cdc524f5962e39409585b22c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/pagelist.c",
"fs/nfs/write.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Avoid writeback threads getting stuck in mempool_alloc()\n\nIn a low memory situation, allow the NFS writeback code to fail without\ngetting stuck in infinite loops in mempool_alloc()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:49.573Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c74e2f6ecc51bd08bb5b0335477dba954a50592e"
},
{
"url": "https://git.kernel.org/stable/c/ea029e4ce760f786919d06ef52efa2e50ea92a5f"
},
{
"url": "https://git.kernel.org/stable/c/1b3fa9a3c420c31e77b406ddc28f3a627100516c"
},
{
"url": "https://git.kernel.org/stable/c/a6caeddd68977a1aaaf62fbd1955b41dd5c3c5d3"
},
{
"url": "https://git.kernel.org/stable/c/0bae835b63c53f86cdc524f5962e39409585b22c"
}
],
"title": "NFS: Avoid writeback threads getting stuck in mempool_alloc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49097",
"datePublished": "2025-02-26T01:54:49.601Z",
"dateReserved": "2025-02-26T01:49:39.249Z",
"dateUpdated": "2025-05-04T08:29:49.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49368 (GCVE-0-2022-49368)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
The "fsp->location" variable comes from user via ethtool_get_rxnfc().
Check that it is valid to prevent an out of bounds read.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd Version: 7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd Version: 7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd Version: 7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd Version: 7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd Version: 7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd Version: 7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd Version: 7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd Version: 7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:28.090960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:53.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mediatek/mtk_eth_soc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b4f0e57ea0d867aacffad7999527e48bd4ea9293",
"status": "affected",
"version": "7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd",
"versionType": "git"
},
{
"lessThan": "5ba81f82607ead85fe36f50869fc4f5661359ab8",
"status": "affected",
"version": "7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd",
"versionType": "git"
},
{
"lessThan": "657e7174603f0aab2cdedc64ac81edffd2a87afe",
"status": "affected",
"version": "7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd",
"versionType": "git"
},
{
"lessThan": "2bd1faedb74dc2a2be3972abcd4239b75a3e7b00",
"status": "affected",
"version": "7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd",
"versionType": "git"
},
{
"lessThan": "71ae30662ec610b92644d13f79c78f76f17873b3",
"status": "affected",
"version": "7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd",
"versionType": "git"
},
{
"lessThan": "b24ca1cf846273361d5bd73a35de95a486a54b6d",
"status": "affected",
"version": "7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd",
"versionType": "git"
},
{
"lessThan": "4cde554c70d7397cfa2e4116bacb4accdfb6fd48",
"status": "affected",
"version": "7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd",
"versionType": "git"
},
{
"lessThan": "0b238f75b65ed4462ef4cdfa718cac0ac7fce3b8",
"status": "affected",
"version": "7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd",
"versionType": "git"
},
{
"lessThan": "e7e7104e2d5ddf3806a28695670f21bef471f1e1",
"status": "affected",
"version": "7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mediatek/mtk_eth_soc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()\n\nThe \"fsp-\u003elocation\" variable comes from user via ethtool_get_rxnfc().\nCheck that it is valid to prevent an out of bounds read."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:12.480Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b4f0e57ea0d867aacffad7999527e48bd4ea9293"
},
{
"url": "https://git.kernel.org/stable/c/5ba81f82607ead85fe36f50869fc4f5661359ab8"
},
{
"url": "https://git.kernel.org/stable/c/657e7174603f0aab2cdedc64ac81edffd2a87afe"
},
{
"url": "https://git.kernel.org/stable/c/2bd1faedb74dc2a2be3972abcd4239b75a3e7b00"
},
{
"url": "https://git.kernel.org/stable/c/71ae30662ec610b92644d13f79c78f76f17873b3"
},
{
"url": "https://git.kernel.org/stable/c/b24ca1cf846273361d5bd73a35de95a486a54b6d"
},
{
"url": "https://git.kernel.org/stable/c/4cde554c70d7397cfa2e4116bacb4accdfb6fd48"
},
{
"url": "https://git.kernel.org/stable/c/0b238f75b65ed4462ef4cdfa718cac0ac7fce3b8"
},
{
"url": "https://git.kernel.org/stable/c/e7e7104e2d5ddf3806a28695670f21bef471f1e1"
}
],
"title": "net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49368",
"datePublished": "2025-02-26T02:11:12.193Z",
"dateReserved": "2025-02-26T02:08:31.555Z",
"dateUpdated": "2025-10-01T19:46:53.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49131 (GCVE-0-2022-49131)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ath11k: fix kernel panic during unload/load ath11k modules
Call netif_napi_del() from ath11k_ahb_free_ext_irq() to fix
the following kernel panic when unload/load ath11k modules
for few iterations.
[ 971.201365] Unable to handle kernel paging request at virtual address 6d97a208
[ 971.204227] pgd = 594c2919
[ 971.211478] [6d97a208] *pgd=00000000
[ 971.214120] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 971.412024] CPU: 2 PID: 4435 Comm: insmod Not tainted 5.4.89 #0
[ 971.434256] Hardware name: Generic DT based system
[ 971.440165] PC is at napi_by_id+0x10/0x40
[ 971.445019] LR is at netif_napi_add+0x160/0x1dc
[ 971.743127] (napi_by_id) from [<807d89a0>] (netif_napi_add+0x160/0x1dc)
[ 971.751295] (netif_napi_add) from [<7f1209ac>] (ath11k_ahb_config_irq+0xf8/0x414 [ath11k_ahb])
[ 971.759164] (ath11k_ahb_config_irq [ath11k_ahb]) from [<7f12135c>] (ath11k_ahb_probe+0x40c/0x51c [ath11k_ahb])
[ 971.768567] (ath11k_ahb_probe [ath11k_ahb]) from [<80666864>] (platform_drv_probe+0x48/0x94)
[ 971.779670] (platform_drv_probe) from [<80664718>] (really_probe+0x1c8/0x450)
[ 971.789389] (really_probe) from [<80664cc4>] (driver_probe_device+0x15c/0x1b8)
[ 971.797547] (driver_probe_device) from [<80664f60>] (device_driver_attach+0x44/0x60)
[ 971.805795] (device_driver_attach) from [<806650a0>] (__driver_attach+0x124/0x140)
[ 971.814822] (__driver_attach) from [<80662adc>] (bus_for_each_dev+0x58/0xa4)
[ 971.823328] (bus_for_each_dev) from [<80663a2c>] (bus_add_driver+0xf0/0x1e8)
[ 971.831662] (bus_add_driver) from [<806658a4>] (driver_register+0xa8/0xf0)
[ 971.839822] (driver_register) from [<8030269c>] (do_one_initcall+0x78/0x1ac)
[ 971.847638] (do_one_initcall) from [<80392524>] (do_init_module+0x54/0x200)
[ 971.855968] (do_init_module) from [<803945b0>] (load_module+0x1e30/0x1ffc)
[ 971.864126] (load_module) from [<803948b0>] (sys_init_module+0x134/0x17c)
[ 971.871852] (sys_init_module) from [<80301000>] (ret_fast_syscall+0x0/0x50)
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00760-QCAHKSWPL_SILICONZ-1
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:48:17.096820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:02.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/ahb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c6a815f5abdf324108799829dd19ea62fef4bf95",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "c4b7653af62a9a5efe2856183d1f987c5429758b",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "699e8c87e5c406af0f0606f40eeebd248c51b702",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "38e488db194dc16d2eb23c77c6a8c04ff583c40d",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "22b59cb965f79ee1accf83172441c9ca0ecb632a",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/ahb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: fix kernel panic during unload/load ath11k modules\n\nCall netif_napi_del() from ath11k_ahb_free_ext_irq() to fix\nthe following kernel panic when unload/load ath11k modules\nfor few iterations.\n\n[ 971.201365] Unable to handle kernel paging request at virtual address 6d97a208\n[ 971.204227] pgd = 594c2919\n[ 971.211478] [6d97a208] *pgd=00000000\n[ 971.214120] Internal error: Oops: 5 [#1] PREEMPT SMP ARM\n[ 971.412024] CPU: 2 PID: 4435 Comm: insmod Not tainted 5.4.89 #0\n[ 971.434256] Hardware name: Generic DT based system\n[ 971.440165] PC is at napi_by_id+0x10/0x40\n[ 971.445019] LR is at netif_napi_add+0x160/0x1dc\n\n[ 971.743127] (napi_by_id) from [\u003c807d89a0\u003e] (netif_napi_add+0x160/0x1dc)\n[ 971.751295] (netif_napi_add) from [\u003c7f1209ac\u003e] (ath11k_ahb_config_irq+0xf8/0x414 [ath11k_ahb])\n[ 971.759164] (ath11k_ahb_config_irq [ath11k_ahb]) from [\u003c7f12135c\u003e] (ath11k_ahb_probe+0x40c/0x51c [ath11k_ahb])\n[ 971.768567] (ath11k_ahb_probe [ath11k_ahb]) from [\u003c80666864\u003e] (platform_drv_probe+0x48/0x94)\n[ 971.779670] (platform_drv_probe) from [\u003c80664718\u003e] (really_probe+0x1c8/0x450)\n[ 971.789389] (really_probe) from [\u003c80664cc4\u003e] (driver_probe_device+0x15c/0x1b8)\n[ 971.797547] (driver_probe_device) from [\u003c80664f60\u003e] (device_driver_attach+0x44/0x60)\n[ 971.805795] (device_driver_attach) from [\u003c806650a0\u003e] (__driver_attach+0x124/0x140)\n[ 971.814822] (__driver_attach) from [\u003c80662adc\u003e] (bus_for_each_dev+0x58/0xa4)\n[ 971.823328] (bus_for_each_dev) from [\u003c80663a2c\u003e] (bus_add_driver+0xf0/0x1e8)\n[ 971.831662] (bus_add_driver) from [\u003c806658a4\u003e] (driver_register+0xa8/0xf0)\n[ 971.839822] (driver_register) from [\u003c8030269c\u003e] (do_one_initcall+0x78/0x1ac)\n[ 971.847638] (do_one_initcall) from [\u003c80392524\u003e] (do_init_module+0x54/0x200)\n[ 971.855968] (do_init_module) from [\u003c803945b0\u003e] (load_module+0x1e30/0x1ffc)\n[ 971.864126] (load_module) from [\u003c803948b0\u003e] (sys_init_module+0x134/0x17c)\n[ 971.871852] (sys_init_module) from [\u003c80301000\u003e] (ret_fast_syscall+0x0/0x50)\n\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00760-QCAHKSWPL_SILICONZ-1"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:39.834Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c6a815f5abdf324108799829dd19ea62fef4bf95"
},
{
"url": "https://git.kernel.org/stable/c/c4b7653af62a9a5efe2856183d1f987c5429758b"
},
{
"url": "https://git.kernel.org/stable/c/699e8c87e5c406af0f0606f40eeebd248c51b702"
},
{
"url": "https://git.kernel.org/stable/c/38e488db194dc16d2eb23c77c6a8c04ff583c40d"
},
{
"url": "https://git.kernel.org/stable/c/22b59cb965f79ee1accf83172441c9ca0ecb632a"
}
],
"title": "ath11k: fix kernel panic during unload/load ath11k modules",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49131",
"datePublished": "2025-02-26T01:55:06.615Z",
"dateReserved": "2025-02-26T01:49:39.267Z",
"dateUpdated": "2025-10-01T19:57:02.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49180 (GCVE-0-2022-49180)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
LSM: general protection fault in legacy_parse_param
The usual LSM hook "bail on fail" scheme doesn't work for cases where
a security module may return an error code indicating that it does not
recognize an input. In this particular case Smack sees a mount option
that it recognizes, and returns 0. A call to a BPF hook follows, which
returns -ENOPARAM, which confuses the caller because Smack has processed
its data.
The SELinux hook incorrectly returns 1 on success. There was a time
when this was correct, however the current expectation is that it
return 0 on success. This is repaired.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/security.c",
"security/selinux/hooks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ddcdda888e14ca451b3ee83d11b65b2a9c8e783b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2784604c8c6fc523248f8f80a421c313a9d790b7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f3f93a1aaafc3032e0a9655fb43deccfb3e953a3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "00fc07fa0b4a004711b6e1a944f0d2e46f7093b7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cadae7c5e477aaafcba819b8e4a3d1c1a1503b62",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ecff30575b5ad0eda149aadad247b7f75411fd47",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/security.c",
"security/selinux/hooks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLSM: general protection fault in legacy_parse_param\n\nThe usual LSM hook \"bail on fail\" scheme doesn\u0027t work for cases where\na security module may return an error code indicating that it does not\nrecognize an input. In this particular case Smack sees a mount option\nthat it recognizes, and returns 0. A call to a BPF hook follows, which\nreturns -ENOPARAM, which confuses the caller because Smack has processed\nits data.\n\nThe SELinux hook incorrectly returns 1 on success. There was a time\nwhen this was correct, however the current expectation is that it\nreturn 0 on success. This is repaired."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:43.686Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ddcdda888e14ca451b3ee83d11b65b2a9c8e783b"
},
{
"url": "https://git.kernel.org/stable/c/2784604c8c6fc523248f8f80a421c313a9d790b7"
},
{
"url": "https://git.kernel.org/stable/c/f3f93a1aaafc3032e0a9655fb43deccfb3e953a3"
},
{
"url": "https://git.kernel.org/stable/c/00fc07fa0b4a004711b6e1a944f0d2e46f7093b7"
},
{
"url": "https://git.kernel.org/stable/c/cadae7c5e477aaafcba819b8e4a3d1c1a1503b62"
},
{
"url": "https://git.kernel.org/stable/c/ecff30575b5ad0eda149aadad247b7f75411fd47"
}
],
"title": "LSM: general protection fault in legacy_parse_param",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49180",
"datePublished": "2025-02-26T01:55:32.590Z",
"dateReserved": "2025-02-26T01:49:39.282Z",
"dateUpdated": "2025-05-04T08:31:43.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49109 (GCVE-0-2022-49109)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix inode reference leakage in ceph_get_snapdir()
The ceph_get_inode() will search for or insert a new inode into the
hash for the given vino, and return a reference to it. If new is
non-NULL, its reference is consumed.
We should release the reference when in error handing cases.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ceph/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3ae7163598c611a8892698e0c056fe794e52b44b",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "9cd21981dedfb4fe9f344529e4be35727cb10940",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "b2d9bb3f06abddefdfa740b0a604575b6797e1bf",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "322794d3355c33adcc4feace0045d85a8e4ed813",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ceph/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix inode reference leakage in ceph_get_snapdir()\n\nThe ceph_get_inode() will search for or insert a new inode into the\nhash for the given vino, and return a reference to it. If new is\nnon-NULL, its reference is consumed.\n\nWe should release the reference when in error handing cases."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:04.375Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3ae7163598c611a8892698e0c056fe794e52b44b"
},
{
"url": "https://git.kernel.org/stable/c/9cd21981dedfb4fe9f344529e4be35727cb10940"
},
{
"url": "https://git.kernel.org/stable/c/b2d9bb3f06abddefdfa740b0a604575b6797e1bf"
},
{
"url": "https://git.kernel.org/stable/c/322794d3355c33adcc4feace0045d85a8e4ed813"
}
],
"title": "ceph: fix inode reference leakage in ceph_get_snapdir()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49109",
"datePublished": "2025-02-26T01:54:55.508Z",
"dateReserved": "2025-02-26T01:49:39.251Z",
"dateUpdated": "2025-05-04T08:30:04.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47650 (GCVE-0-2021-47650)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 07:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: soc-compress: prevent the potentially use of null pointer
There is one call trace that snd_soc_register_card()
->snd_soc_bind_card()->soc_init_pcm_runtime()
->snd_soc_dai_compress_new()->snd_soc_new_compress().
In the trace the 'codec_dai' transfers from card->dai_link,
and we can see from the snd_soc_add_pcm_runtime() in
snd_soc_bind_card() that, if value of card->dai_link->num_codecs
is 0, then 'codec_dai' could be null pointer caused
by index out of bound in 'asoc_rtd_to_codec(rtd, 0)'.
And snd_soc_register_card() is called by various platforms.
Therefore, it is better to add the check in the case of misusing.
And because 'cpu_dai' has already checked in soc_init_pcm_runtime(),
there is no need to check again.
Adding the check as follow, then if 'codec_dai' is null,
snd_soc_new_compress() will not pass through the check
'if (playback + capture != 1)', avoiding the leftover use of
'codec_dai'.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 467fece8fbc6774a3a3bd0981e1a342fb5022706 Version: 467fece8fbc6774a3a3bd0981e1a342fb5022706 Version: 467fece8fbc6774a3a3bd0981e1a342fb5022706 Version: 467fece8fbc6774a3a3bd0981e1a342fb5022706 Version: 467fece8fbc6774a3a3bd0981e1a342fb5022706 Version: 467fece8fbc6774a3a3bd0981e1a342fb5022706 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/soc-compress.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "68a69ad8df959e5211ed4a8e120783b2d352ea74",
"status": "affected",
"version": "467fece8fbc6774a3a3bd0981e1a342fb5022706",
"versionType": "git"
},
{
"lessThan": "4639c1d97f385f4784f44d66a3da0672f4951ada",
"status": "affected",
"version": "467fece8fbc6774a3a3bd0981e1a342fb5022706",
"versionType": "git"
},
{
"lessThan": "fc237b8d624f4bcb0f21a532627ce4e3b3a85569",
"status": "affected",
"version": "467fece8fbc6774a3a3bd0981e1a342fb5022706",
"versionType": "git"
},
{
"lessThan": "08af6da684b44097ea09f1d74d5858b837ed203b",
"status": "affected",
"version": "467fece8fbc6774a3a3bd0981e1a342fb5022706",
"versionType": "git"
},
{
"lessThan": "f69a75cb8a98c6c487d620442c68595726a69f60",
"status": "affected",
"version": "467fece8fbc6774a3a3bd0981e1a342fb5022706",
"versionType": "git"
},
{
"lessThan": "de2c6f98817fa5decb9b7d3b3a8a3ab864c10588",
"status": "affected",
"version": "467fece8fbc6774a3a3bd0981e1a342fb5022706",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/soc-compress.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-compress: prevent the potentially use of null pointer\n\nThere is one call trace that snd_soc_register_card()\n-\u003esnd_soc_bind_card()-\u003esoc_init_pcm_runtime()\n-\u003esnd_soc_dai_compress_new()-\u003esnd_soc_new_compress().\nIn the trace the \u0027codec_dai\u0027 transfers from card-\u003edai_link,\nand we can see from the snd_soc_add_pcm_runtime() in\nsnd_soc_bind_card() that, if value of card-\u003edai_link-\u003enum_codecs\nis 0, then \u0027codec_dai\u0027 could be null pointer caused\nby index out of bound in \u0027asoc_rtd_to_codec(rtd, 0)\u0027.\nAnd snd_soc_register_card() is called by various platforms.\nTherefore, it is better to add the check in the case of misusing.\nAnd because \u0027cpu_dai\u0027 has already checked in soc_init_pcm_runtime(),\nthere is no need to check again.\nAdding the check as follow, then if \u0027codec_dai\u0027 is null,\nsnd_soc_new_compress() will not pass through the check\n\u0027if (playback + capture != 1)\u0027, avoiding the leftover use of\n\u0027codec_dai\u0027."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:31.763Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/68a69ad8df959e5211ed4a8e120783b2d352ea74"
},
{
"url": "https://git.kernel.org/stable/c/4639c1d97f385f4784f44d66a3da0672f4951ada"
},
{
"url": "https://git.kernel.org/stable/c/fc237b8d624f4bcb0f21a532627ce4e3b3a85569"
},
{
"url": "https://git.kernel.org/stable/c/08af6da684b44097ea09f1d74d5858b837ed203b"
},
{
"url": "https://git.kernel.org/stable/c/f69a75cb8a98c6c487d620442c68595726a69f60"
},
{
"url": "https://git.kernel.org/stable/c/de2c6f98817fa5decb9b7d3b3a8a3ab864c10588"
}
],
"title": "ASoC: soc-compress: prevent the potentially use of null pointer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47650",
"datePublished": "2025-02-26T01:54:17.052Z",
"dateReserved": "2025-02-26T01:48:21.520Z",
"dateUpdated": "2025-05-04T07:15:31.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47656 (GCVE-0-2021-47656)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 07:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
When we mount a jffs2 image, assume that the first few blocks of
the image are normal and contain at least one xattr-related inode,
but the next block is abnormal. As a result, an error is returned
in jffs2_scan_eraseblock(). jffs2_clear_xattr_subsystem() is then
called in jffs2_build_filesystem() and then again in
jffs2_do_fill_super().
Finally we can observe the following report:
==================================================================
BUG: KASAN: use-after-free in jffs2_clear_xattr_subsystem+0x95/0x6ac
Read of size 8 at addr ffff8881243384e0 by task mount/719
Call Trace:
dump_stack+0x115/0x16b
jffs2_clear_xattr_subsystem+0x95/0x6ac
jffs2_do_fill_super+0x84f/0xc30
jffs2_fill_super+0x2ea/0x4c0
mtd_get_sb+0x254/0x400
mtd_get_sb_by_nr+0x4f/0xd0
get_tree_mtd+0x498/0x840
jffs2_get_tree+0x25/0x30
vfs_get_tree+0x8d/0x2e0
path_mount+0x50f/0x1e50
do_mount+0x107/0x130
__se_sys_mount+0x1c5/0x2f0
__x64_sys_mount+0xc7/0x160
do_syscall_64+0x45/0x70
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Allocated by task 719:
kasan_save_stack+0x23/0x60
__kasan_kmalloc.constprop.0+0x10b/0x120
kasan_slab_alloc+0x12/0x20
kmem_cache_alloc+0x1c0/0x870
jffs2_alloc_xattr_ref+0x2f/0xa0
jffs2_scan_medium.cold+0x3713/0x4794
jffs2_do_mount_fs.cold+0xa7/0x2253
jffs2_do_fill_super+0x383/0xc30
jffs2_fill_super+0x2ea/0x4c0
[...]
Freed by task 719:
kmem_cache_free+0xcc/0x7b0
jffs2_free_xattr_ref+0x78/0x98
jffs2_clear_xattr_subsystem+0xa1/0x6ac
jffs2_do_mount_fs.cold+0x5e6/0x2253
jffs2_do_fill_super+0x383/0xc30
jffs2_fill_super+0x2ea/0x4c0
[...]
The buggy address belongs to the object at ffff8881243384b8
which belongs to the cache jffs2_xattr_ref of size 48
The buggy address is located 40 bytes inside of
48-byte region [ffff8881243384b8, ffff8881243384e8)
[...]
==================================================================
The triggering of the BUG is shown in the following stack:
-----------------------------------------------------------
jffs2_fill_super
jffs2_do_fill_super
jffs2_do_mount_fs
jffs2_build_filesystem
jffs2_scan_medium
jffs2_scan_eraseblock <--- ERROR
jffs2_clear_xattr_subsystem <--- free
jffs2_clear_xattr_subsystem <--- free again
-----------------------------------------------------------
An error is returned in jffs2_do_mount_fs(). If the error is returned
by jffs2_sum_init(), the jffs2_clear_xattr_subsystem() does not need to
be executed. If the error is returned by jffs2_build_filesystem(), the
jffs2_clear_xattr_subsystem() also does not need to be executed again.
So move jffs2_clear_xattr_subsystem() from 'out_inohash' to 'out_root'
to fix this UAF problem.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe Version: aa98d7cf59b5b0764d3502662053489585faf2fe |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:59:35.381270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:30.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jffs2/fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9150cb625b46f68d524f4cfd491f1aafc23e10a9",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "3bd2454162ec6bbb5503233c804fce6e4b6dcec5",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "c3b07c875fa8f906f932976460fd14798596f101",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "30bf7244acf32f19cb722c39f7bc1c2a9f300422",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "7bb7428dd73991bf4b3a7a61b493ca50046c2b13",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "7a75740206af5f17e9f3efa384211cba70213da1",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "22327bd7988f21de3a53c1373f3b81542bfe1f44",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "8c0f024f29e055840a5a89fe23b96ae3f921afed",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
},
{
"lessThan": "4c7c44ee1650677fbe89d86edbad9497b7679b5c",
"status": "affected",
"version": "aa98d7cf59b5b0764d3502662053489585faf2fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jffs2/fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.18"
},
{
"lessThan": "2.6.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix use-after-free in jffs2_clear_xattr_subsystem\n\nWhen we mount a jffs2 image, assume that the first few blocks of\nthe image are normal and contain at least one xattr-related inode,\nbut the next block is abnormal. As a result, an error is returned\nin jffs2_scan_eraseblock(). jffs2_clear_xattr_subsystem() is then\ncalled in jffs2_build_filesystem() and then again in\njffs2_do_fill_super().\n\nFinally we can observe the following report:\n ==================================================================\n BUG: KASAN: use-after-free in jffs2_clear_xattr_subsystem+0x95/0x6ac\n Read of size 8 at addr ffff8881243384e0 by task mount/719\n\n Call Trace:\n dump_stack+0x115/0x16b\n jffs2_clear_xattr_subsystem+0x95/0x6ac\n jffs2_do_fill_super+0x84f/0xc30\n jffs2_fill_super+0x2ea/0x4c0\n mtd_get_sb+0x254/0x400\n mtd_get_sb_by_nr+0x4f/0xd0\n get_tree_mtd+0x498/0x840\n jffs2_get_tree+0x25/0x30\n vfs_get_tree+0x8d/0x2e0\n path_mount+0x50f/0x1e50\n do_mount+0x107/0x130\n __se_sys_mount+0x1c5/0x2f0\n __x64_sys_mount+0xc7/0x160\n do_syscall_64+0x45/0x70\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\n Allocated by task 719:\n kasan_save_stack+0x23/0x60\n __kasan_kmalloc.constprop.0+0x10b/0x120\n kasan_slab_alloc+0x12/0x20\n kmem_cache_alloc+0x1c0/0x870\n jffs2_alloc_xattr_ref+0x2f/0xa0\n jffs2_scan_medium.cold+0x3713/0x4794\n jffs2_do_mount_fs.cold+0xa7/0x2253\n jffs2_do_fill_super+0x383/0xc30\n jffs2_fill_super+0x2ea/0x4c0\n [...]\n\n Freed by task 719:\n kmem_cache_free+0xcc/0x7b0\n jffs2_free_xattr_ref+0x78/0x98\n jffs2_clear_xattr_subsystem+0xa1/0x6ac\n jffs2_do_mount_fs.cold+0x5e6/0x2253\n jffs2_do_fill_super+0x383/0xc30\n jffs2_fill_super+0x2ea/0x4c0\n [...]\n\n The buggy address belongs to the object at ffff8881243384b8\n which belongs to the cache jffs2_xattr_ref of size 48\n The buggy address is located 40 bytes inside of\n 48-byte region [ffff8881243384b8, ffff8881243384e8)\n [...]\n ==================================================================\n\nThe triggering of the BUG is shown in the following stack:\n-----------------------------------------------------------\njffs2_fill_super\n jffs2_do_fill_super\n jffs2_do_mount_fs\n jffs2_build_filesystem\n jffs2_scan_medium\n jffs2_scan_eraseblock \u003c--- ERROR\n jffs2_clear_xattr_subsystem \u003c--- free\n jffs2_clear_xattr_subsystem \u003c--- free again\n-----------------------------------------------------------\n\nAn error is returned in jffs2_do_mount_fs(). If the error is returned\nby jffs2_sum_init(), the jffs2_clear_xattr_subsystem() does not need to\nbe executed. If the error is returned by jffs2_build_filesystem(), the\njffs2_clear_xattr_subsystem() also does not need to be executed again.\nSo move jffs2_clear_xattr_subsystem() from \u0027out_inohash\u0027 to \u0027out_root\u0027\nto fix this UAF problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:43.185Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9150cb625b46f68d524f4cfd491f1aafc23e10a9"
},
{
"url": "https://git.kernel.org/stable/c/3bd2454162ec6bbb5503233c804fce6e4b6dcec5"
},
{
"url": "https://git.kernel.org/stable/c/c3b07c875fa8f906f932976460fd14798596f101"
},
{
"url": "https://git.kernel.org/stable/c/30bf7244acf32f19cb722c39f7bc1c2a9f300422"
},
{
"url": "https://git.kernel.org/stable/c/7bb7428dd73991bf4b3a7a61b493ca50046c2b13"
},
{
"url": "https://git.kernel.org/stable/c/7a75740206af5f17e9f3efa384211cba70213da1"
},
{
"url": "https://git.kernel.org/stable/c/22327bd7988f21de3a53c1373f3b81542bfe1f44"
},
{
"url": "https://git.kernel.org/stable/c/8c0f024f29e055840a5a89fe23b96ae3f921afed"
},
{
"url": "https://git.kernel.org/stable/c/4c7c44ee1650677fbe89d86edbad9497b7679b5c"
}
],
"title": "jffs2: fix use-after-free in jffs2_clear_xattr_subsystem",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47656",
"datePublished": "2025-02-26T01:54:20.069Z",
"dateReserved": "2025-02-26T01:48:21.521Z",
"dateUpdated": "2025-05-04T07:15:43.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49432 (GCVE-0-2022-49432)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/xics: fix refcount leak in icp_opal_init()
The of_find_compatible_node() function returns a node pointer with
refcount incremented, use of_node_put() on it when done.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/sysdev/xics/icp-opal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "977dbc81d0f866ef63b93c127b7404f07734b3cc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "53f3f7f73e609b934083f896cb7ca2c2cb009b9f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1d5c8cea85fb1680eae8d645b96b92146cb4633c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "537a317e5ff45d1f5a0ecaf6a0d7c8043c878cb1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6a61a97106279c2aa16fbbb2a171fd5dde127d23",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "df802880a7f9cd96b921b00639b00871f18a9a57",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2357bd7499a81c70b460e2191852bbfc7b63c354",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9a42bc2494fadb453de00ce61042e588563ddc6d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5dd9e27ea4a39f7edd4bf81e9e70208e7ac0b7c9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/sysdev/xics/icp-opal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xics: fix refcount leak in icp_opal_init()\n\nThe of_find_compatible_node() function returns a node pointer with\nrefcount incremented, use of_node_put() on it when done."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:32.456Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/977dbc81d0f866ef63b93c127b7404f07734b3cc"
},
{
"url": "https://git.kernel.org/stable/c/53f3f7f73e609b934083f896cb7ca2c2cb009b9f"
},
{
"url": "https://git.kernel.org/stable/c/1d5c8cea85fb1680eae8d645b96b92146cb4633c"
},
{
"url": "https://git.kernel.org/stable/c/537a317e5ff45d1f5a0ecaf6a0d7c8043c878cb1"
},
{
"url": "https://git.kernel.org/stable/c/6a61a97106279c2aa16fbbb2a171fd5dde127d23"
},
{
"url": "https://git.kernel.org/stable/c/df802880a7f9cd96b921b00639b00871f18a9a57"
},
{
"url": "https://git.kernel.org/stable/c/2357bd7499a81c70b460e2191852bbfc7b63c354"
},
{
"url": "https://git.kernel.org/stable/c/9a42bc2494fadb453de00ce61042e588563ddc6d"
},
{
"url": "https://git.kernel.org/stable/c/5dd9e27ea4a39f7edd4bf81e9e70208e7ac0b7c9"
}
],
"title": "powerpc/xics: fix refcount leak in icp_opal_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49432",
"datePublished": "2025-02-26T02:12:50.073Z",
"dateReserved": "2025-02-26T02:08:31.569Z",
"dateUpdated": "2025-05-04T08:37:32.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47649 (GCVE-0-2021-47649)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 07:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
udmabuf: validate ubuf->pagecount
Syzbot has reported GPF in sg_alloc_append_table_from_pages(). The
problem was in ubuf->pages == ZERO_PTR.
ubuf->pagecount is calculated from arguments passed from user-space. If
user creates udmabuf with list.size == 0 then ubuf->pagecount will be
also equal to zero; it causes kmalloc_array() to return ZERO_PTR.
Fix it by validating ubuf->pagecount before passing it to
kmalloc_array().
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fbb0de795078190a9834b3409e4b009cfb18a6d4 Version: fbb0de795078190a9834b3409e4b009cfb18a6d4 Version: fbb0de795078190a9834b3409e4b009cfb18a6d4 Version: fbb0de795078190a9834b3409e4b009cfb18a6d4 Version: fbb0de795078190a9834b3409e4b009cfb18a6d4 Version: fbb0de795078190a9834b3409e4b009cfb18a6d4 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma-buf/udmabuf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5d50f851dd307c07ca5591297093f19967c834a9",
"status": "affected",
"version": "fbb0de795078190a9834b3409e4b009cfb18a6d4",
"versionType": "git"
},
{
"lessThan": "b267a8118c2b171bf7d67b90ed64154eeab9fae0",
"status": "affected",
"version": "fbb0de795078190a9834b3409e4b009cfb18a6d4",
"versionType": "git"
},
{
"lessThan": "811b667cefbea9cb7511a874b169d6a92907137e",
"status": "affected",
"version": "fbb0de795078190a9834b3409e4b009cfb18a6d4",
"versionType": "git"
},
{
"lessThan": "a3728d32fc61eb0fe283cb8ff60b2c8f751e2202",
"status": "affected",
"version": "fbb0de795078190a9834b3409e4b009cfb18a6d4",
"versionType": "git"
},
{
"lessThan": "9e9b4a269f84d3230f2af84ff42322db676440d9",
"status": "affected",
"version": "fbb0de795078190a9834b3409e4b009cfb18a6d4",
"versionType": "git"
},
{
"lessThan": "2b6dd600dd72573c23ea180b5b0b2f1813405882",
"status": "affected",
"version": "fbb0de795078190a9834b3409e4b009cfb18a6d4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma-buf/udmabuf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: validate ubuf-\u003epagecount\n\nSyzbot has reported GPF in sg_alloc_append_table_from_pages(). The\nproblem was in ubuf-\u003epages == ZERO_PTR.\n\nubuf-\u003epagecount is calculated from arguments passed from user-space. If\nuser creates udmabuf with list.size == 0 then ubuf-\u003epagecount will be\nalso equal to zero; it causes kmalloc_array() to return ZERO_PTR.\n\nFix it by validating ubuf-\u003epagecount before passing it to\nkmalloc_array()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:30.553Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d50f851dd307c07ca5591297093f19967c834a9"
},
{
"url": "https://git.kernel.org/stable/c/b267a8118c2b171bf7d67b90ed64154eeab9fae0"
},
{
"url": "https://git.kernel.org/stable/c/811b667cefbea9cb7511a874b169d6a92907137e"
},
{
"url": "https://git.kernel.org/stable/c/a3728d32fc61eb0fe283cb8ff60b2c8f751e2202"
},
{
"url": "https://git.kernel.org/stable/c/9e9b4a269f84d3230f2af84ff42322db676440d9"
},
{
"url": "https://git.kernel.org/stable/c/2b6dd600dd72573c23ea180b5b0b2f1813405882"
}
],
"title": "udmabuf: validate ubuf-\u003epagecount",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47649",
"datePublished": "2025-02-26T01:54:16.574Z",
"dateReserved": "2025-02-26T01:48:21.520Z",
"dateUpdated": "2025-05-04T07:15:30.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49243 (GCVE-0-2022-49243)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
This node pointer is returned by of_parse_phandle() with refcount
incremented in this function.
Calling of_node_put() to avoid the refcount leak.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 531f67e41dcde1e358cf821d056241a66355cf03 Version: 531f67e41dcde1e358cf821d056241a66355cf03 Version: 531f67e41dcde1e358cf821d056241a66355cf03 Version: 531f67e41dcde1e358cf821d056241a66355cf03 Version: 531f67e41dcde1e358cf821d056241a66355cf03 Version: 531f67e41dcde1e358cf821d056241a66355cf03 Version: 531f67e41dcde1e358cf821d056241a66355cf03 Version: 531f67e41dcde1e358cf821d056241a66355cf03 Version: 531f67e41dcde1e358cf821d056241a66355cf03 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/atmel/sam9g20_wm8731.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "81f266396237cea09a8c6322a6a78535f06ed345",
"status": "affected",
"version": "531f67e41dcde1e358cf821d056241a66355cf03",
"versionType": "git"
},
{
"lessThan": "f8b7b9a0594715ecfbe6f18db2328d992242654a",
"status": "affected",
"version": "531f67e41dcde1e358cf821d056241a66355cf03",
"versionType": "git"
},
{
"lessThan": "b0c56a0071116a37c24df998166c22a7e4684626",
"status": "affected",
"version": "531f67e41dcde1e358cf821d056241a66355cf03",
"versionType": "git"
},
{
"lessThan": "0325193cf40dc3a6e27d55a5b98680936deebcd0",
"status": "affected",
"version": "531f67e41dcde1e358cf821d056241a66355cf03",
"versionType": "git"
},
{
"lessThan": "662ee5ac6b451aa5a27b8eebd397f2f5c7f42cec",
"status": "affected",
"version": "531f67e41dcde1e358cf821d056241a66355cf03",
"versionType": "git"
},
{
"lessThan": "a0bc36b247dcf4d21bf820bfc4bcbaf7f6cf19b5",
"status": "affected",
"version": "531f67e41dcde1e358cf821d056241a66355cf03",
"versionType": "git"
},
{
"lessThan": "32e6ceb05f36432811753852c674a301f944a24b",
"status": "affected",
"version": "531f67e41dcde1e358cf821d056241a66355cf03",
"versionType": "git"
},
{
"lessThan": "4793a02deb31b71b3984abc67bf1011a03c13b18",
"status": "affected",
"version": "531f67e41dcde1e358cf821d056241a66355cf03",
"versionType": "git"
},
{
"lessThan": "f590797fa3c1bccdd19e55441592a23b46aef449",
"status": "affected",
"version": "531f67e41dcde1e358cf821d056241a66355cf03",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/atmel/sam9g20_wm8731.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe\n\nThis node pointer is returned by of_parse_phandle() with refcount\nincremented in this function.\nCalling of_node_put() to avoid the refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:12.920Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/81f266396237cea09a8c6322a6a78535f06ed345"
},
{
"url": "https://git.kernel.org/stable/c/f8b7b9a0594715ecfbe6f18db2328d992242654a"
},
{
"url": "https://git.kernel.org/stable/c/b0c56a0071116a37c24df998166c22a7e4684626"
},
{
"url": "https://git.kernel.org/stable/c/0325193cf40dc3a6e27d55a5b98680936deebcd0"
},
{
"url": "https://git.kernel.org/stable/c/662ee5ac6b451aa5a27b8eebd397f2f5c7f42cec"
},
{
"url": "https://git.kernel.org/stable/c/a0bc36b247dcf4d21bf820bfc4bcbaf7f6cf19b5"
},
{
"url": "https://git.kernel.org/stable/c/32e6ceb05f36432811753852c674a301f944a24b"
},
{
"url": "https://git.kernel.org/stable/c/4793a02deb31b71b3984abc67bf1011a03c13b18"
},
{
"url": "https://git.kernel.org/stable/c/f590797fa3c1bccdd19e55441592a23b46aef449"
}
],
"title": "ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49243",
"datePublished": "2025-02-26T01:56:04.304Z",
"dateReserved": "2025-02-26T01:49:39.294Z",
"dateUpdated": "2025-05-04T08:33:12.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49265 (GCVE-0-2022-49265)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()
When a genpd with GENPD_FLAG_IRQ_SAFE gets removed, the following
sleep-in-atomic bug will be seen, as genpd_debug_remove() will be called
with a spinlock being held.
[ 0.029183] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1460
[ 0.029204] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0
[ 0.029219] preempt_count: 1, expected: 0
[ 0.029230] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc4+ #489
[ 0.029245] Hardware name: Thundercomm TurboX CM2290 (DT)
[ 0.029256] Call trace:
[ 0.029265] dump_backtrace.part.0+0xbc/0xd0
[ 0.029285] show_stack+0x3c/0xa0
[ 0.029298] dump_stack_lvl+0x7c/0xa0
[ 0.029311] dump_stack+0x18/0x34
[ 0.029323] __might_resched+0x10c/0x13c
[ 0.029338] __might_sleep+0x4c/0x80
[ 0.029351] down_read+0x24/0xd0
[ 0.029363] lookup_one_len_unlocked+0x9c/0xcc
[ 0.029379] lookup_positive_unlocked+0x10/0x50
[ 0.029392] debugfs_lookup+0x68/0xac
[ 0.029406] genpd_remove.part.0+0x12c/0x1b4
[ 0.029419] of_genpd_remove_last+0xa8/0xd4
[ 0.029434] psci_cpuidle_domain_probe+0x174/0x53c
[ 0.029449] platform_probe+0x68/0xe0
[ 0.029462] really_probe+0x190/0x430
[ 0.029473] __driver_probe_device+0x90/0x18c
[ 0.029485] driver_probe_device+0x40/0xe0
[ 0.029497] __driver_attach+0xf4/0x1d0
[ 0.029508] bus_for_each_dev+0x70/0xd0
[ 0.029523] driver_attach+0x24/0x30
[ 0.029534] bus_add_driver+0x164/0x22c
[ 0.029545] driver_register+0x78/0x130
[ 0.029556] __platform_driver_register+0x28/0x34
[ 0.029569] psci_idle_init_domains+0x1c/0x28
[ 0.029583] do_one_initcall+0x50/0x1b0
[ 0.029595] kernel_init_freeable+0x214/0x280
[ 0.029609] kernel_init+0x2c/0x13c
[ 0.029622] ret_from_fork+0x10/0x20
It doesn't seem necessary to call genpd_debug_remove() with the lock, so
move it out from locking to fix the problem.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/power/domain.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2039163c30f886cf5638afd6993705ae9bb34a06",
"status": "affected",
"version": "718072ceb211833f3c71724f49d733d636067191",
"versionType": "git"
},
{
"lessThan": "d1b6840d8fb9b35193d45d8fe6b4d830bfd20c3c",
"status": "affected",
"version": "718072ceb211833f3c71724f49d733d636067191",
"versionType": "git"
},
{
"lessThan": "fee777ea77769cc5392a34805d9d73099a223fae",
"status": "affected",
"version": "718072ceb211833f3c71724f49d733d636067191",
"versionType": "git"
},
{
"lessThan": "f6bfe8b5b2c2a5ac8bd2fc7bca3706e6c3fc26d8",
"status": "affected",
"version": "718072ceb211833f3c71724f49d733d636067191",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/power/domain.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()\n\nWhen a genpd with GENPD_FLAG_IRQ_SAFE gets removed, the following\nsleep-in-atomic bug will be seen, as genpd_debug_remove() will be called\nwith a spinlock being held.\n\n[ 0.029183] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1460\n[ 0.029204] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0\n[ 0.029219] preempt_count: 1, expected: 0\n[ 0.029230] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc4+ #489\n[ 0.029245] Hardware name: Thundercomm TurboX CM2290 (DT)\n[ 0.029256] Call trace:\n[ 0.029265] dump_backtrace.part.0+0xbc/0xd0\n[ 0.029285] show_stack+0x3c/0xa0\n[ 0.029298] dump_stack_lvl+0x7c/0xa0\n[ 0.029311] dump_stack+0x18/0x34\n[ 0.029323] __might_resched+0x10c/0x13c\n[ 0.029338] __might_sleep+0x4c/0x80\n[ 0.029351] down_read+0x24/0xd0\n[ 0.029363] lookup_one_len_unlocked+0x9c/0xcc\n[ 0.029379] lookup_positive_unlocked+0x10/0x50\n[ 0.029392] debugfs_lookup+0x68/0xac\n[ 0.029406] genpd_remove.part.0+0x12c/0x1b4\n[ 0.029419] of_genpd_remove_last+0xa8/0xd4\n[ 0.029434] psci_cpuidle_domain_probe+0x174/0x53c\n[ 0.029449] platform_probe+0x68/0xe0\n[ 0.029462] really_probe+0x190/0x430\n[ 0.029473] __driver_probe_device+0x90/0x18c\n[ 0.029485] driver_probe_device+0x40/0xe0\n[ 0.029497] __driver_attach+0xf4/0x1d0\n[ 0.029508] bus_for_each_dev+0x70/0xd0\n[ 0.029523] driver_attach+0x24/0x30\n[ 0.029534] bus_add_driver+0x164/0x22c\n[ 0.029545] driver_register+0x78/0x130\n[ 0.029556] __platform_driver_register+0x28/0x34\n[ 0.029569] psci_idle_init_domains+0x1c/0x28\n[ 0.029583] do_one_initcall+0x50/0x1b0\n[ 0.029595] kernel_init_freeable+0x214/0x280\n[ 0.029609] kernel_init+0x2c/0x13c\n[ 0.029622] ret_from_fork+0x10/0x20\n\nIt doesn\u0027t seem necessary to call genpd_debug_remove() with the lock, so\nmove it out from locking to fix the problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:40.866Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2039163c30f886cf5638afd6993705ae9bb34a06"
},
{
"url": "https://git.kernel.org/stable/c/d1b6840d8fb9b35193d45d8fe6b4d830bfd20c3c"
},
{
"url": "https://git.kernel.org/stable/c/fee777ea77769cc5392a34805d9d73099a223fae"
},
{
"url": "https://git.kernel.org/stable/c/f6bfe8b5b2c2a5ac8bd2fc7bca3706e6c3fc26d8"
}
],
"title": "PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49265",
"datePublished": "2025-02-26T01:56:15.221Z",
"dateReserved": "2025-02-26T01:49:39.297Z",
"dateUpdated": "2025-05-04T08:33:40.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49556 (GCVE-0-2022-49556)
Vulnerability from cvelistv5
Published
2025-02-26 02:14
Modified
2025-05-04 08:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak
For some sev ioctl interfaces, the length parameter that is passed maybe
less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data
that PSP firmware returns. In this case, kmalloc will allocate memory
that is the size of the input rather than the size of the data.
Since PSP firmware doesn't fully overwrite the allocated buffer, these
sev ioctl interface may return uninitialized kernel slab memory.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/svm/sev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "401bef1f95de92c3a8c6eece46e02fa88d7285ee",
"status": "affected",
"version": "eaf78265a4ab33935d3a0f1407ce4a91aac4d4d5",
"versionType": "git"
},
{
"lessThan": "d8fdb4b24097472ff6b3c0559448200d420b1418",
"status": "affected",
"version": "eaf78265a4ab33935d3a0f1407ce4a91aac4d4d5",
"versionType": "git"
},
{
"lessThan": "bbdcc644b59e01e98c68894a9fab42b9687f42b0",
"status": "affected",
"version": "eaf78265a4ab33935d3a0f1407ce4a91aac4d4d5",
"versionType": "git"
},
{
"lessThan": "57a01725339f9d82b099102ba2751621b1caab93",
"status": "affected",
"version": "eaf78265a4ab33935d3a0f1407ce4a91aac4d4d5",
"versionType": "git"
},
{
"lessThan": "d22d2474e3953996f03528b84b7f52cc26a39403",
"status": "affected",
"version": "eaf78265a4ab33935d3a0f1407ce4a91aac4d4d5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/svm/sev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.45",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.13",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.2",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak\n\nFor some sev ioctl interfaces, the length parameter that is passed maybe\nless than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data\nthat PSP firmware returns. In this case, kmalloc will allocate memory\nthat is the size of the input rather than the size of the data.\nSince PSP firmware doesn\u0027t fully overwrite the allocated buffer, these\nsev ioctl interface may return uninitialized kernel slab memory."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:28.652Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/401bef1f95de92c3a8c6eece46e02fa88d7285ee"
},
{
"url": "https://git.kernel.org/stable/c/d8fdb4b24097472ff6b3c0559448200d420b1418"
},
{
"url": "https://git.kernel.org/stable/c/bbdcc644b59e01e98c68894a9fab42b9687f42b0"
},
{
"url": "https://git.kernel.org/stable/c/57a01725339f9d82b099102ba2751621b1caab93"
},
{
"url": "https://git.kernel.org/stable/c/d22d2474e3953996f03528b84b7f52cc26a39403"
}
],
"title": "KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49556",
"datePublished": "2025-02-26T02:14:03.630Z",
"dateReserved": "2025-02-26T02:08:31.590Z",
"dateUpdated": "2025-05-04T08:40:28.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49074 (GCVE-0-2022-49074)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3: Fix GICR_CTLR.RWP polling
It turns out that our polling of RWP is totally wrong when checking
for it in the redistributors, as we test the *distributor* bit index,
whereas it is a different bit number in the RDs... Oopsie boo.
This is embarassing. Not only because it is wrong, but also because
it took *8 years* to notice the blunder...
Just fix the damn thing.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 021f653791ad17e03f98aaa7fb933816ae16f161 Version: 021f653791ad17e03f98aaa7fb933816ae16f161 Version: 021f653791ad17e03f98aaa7fb933816ae16f161 Version: 021f653791ad17e03f98aaa7fb933816ae16f161 Version: 021f653791ad17e03f98aaa7fb933816ae16f161 Version: 021f653791ad17e03f98aaa7fb933816ae16f161 Version: 021f653791ad17e03f98aaa7fb933816ae16f161 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-gic-v3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c7daf1b4ad809692d5c26f33c02ed8a031066548",
"status": "affected",
"version": "021f653791ad17e03f98aaa7fb933816ae16f161",
"versionType": "git"
},
{
"lessThan": "3c07cc242baf83f0bddbbd9d7945d0bee56d8b57",
"status": "affected",
"version": "021f653791ad17e03f98aaa7fb933816ae16f161",
"versionType": "git"
},
{
"lessThan": "ff24114bb08d8b90edf2aff0a4fd0689523e6c17",
"status": "affected",
"version": "021f653791ad17e03f98aaa7fb933816ae16f161",
"versionType": "git"
},
{
"lessThan": "7218a789abb3e033f5f3a85636ca50d9ae7b0fc9",
"status": "affected",
"version": "021f653791ad17e03f98aaa7fb933816ae16f161",
"versionType": "git"
},
{
"lessThan": "60e1eb4811f53f5f60c788297d978515e7a2637a",
"status": "affected",
"version": "021f653791ad17e03f98aaa7fb933816ae16f161",
"versionType": "git"
},
{
"lessThan": "6fef3e3179e6ed8fecdd004ede541674ffa7749d",
"status": "affected",
"version": "021f653791ad17e03f98aaa7fb933816ae16f161",
"versionType": "git"
},
{
"lessThan": "0df6664531a12cdd8fc873f0cac0dcb40243d3e9",
"status": "affected",
"version": "021f653791ad17e03f98aaa7fb933816ae16f161",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-gic-v3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.17"
},
{
"lessThan": "3.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3: Fix GICR_CTLR.RWP polling\n\nIt turns out that our polling of RWP is totally wrong when checking\nfor it in the redistributors, as we test the *distributor* bit index,\nwhereas it is a different bit number in the RDs... Oopsie boo.\n\nThis is embarassing. Not only because it is wrong, but also because\nit took *8 years* to notice the blunder...\n\nJust fix the damn thing."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:10.086Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c7daf1b4ad809692d5c26f33c02ed8a031066548"
},
{
"url": "https://git.kernel.org/stable/c/3c07cc242baf83f0bddbbd9d7945d0bee56d8b57"
},
{
"url": "https://git.kernel.org/stable/c/ff24114bb08d8b90edf2aff0a4fd0689523e6c17"
},
{
"url": "https://git.kernel.org/stable/c/7218a789abb3e033f5f3a85636ca50d9ae7b0fc9"
},
{
"url": "https://git.kernel.org/stable/c/60e1eb4811f53f5f60c788297d978515e7a2637a"
},
{
"url": "https://git.kernel.org/stable/c/6fef3e3179e6ed8fecdd004ede541674ffa7749d"
},
{
"url": "https://git.kernel.org/stable/c/0df6664531a12cdd8fc873f0cac0dcb40243d3e9"
}
],
"title": "irqchip/gic-v3: Fix GICR_CTLR.RWP polling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49074",
"datePublished": "2025-02-26T01:54:38.290Z",
"dateReserved": "2025-02-26T01:49:39.245Z",
"dateUpdated": "2025-05-04T08:29:10.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49453 (GCVE-0-2022-49453)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc
The allocation funciton devm_kcalloc may fail and return a null pointer,
which would cause a null-pointer dereference later.
It might be better to check it and directly return -ENOMEM just like the
usage of devm_kcalloc in previous code.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:40:26.333997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:47.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/ti/ti_sci_pm_domains.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "05efc4591f80582b6fe53366b70b6a35a42fd255",
"status": "affected",
"version": "52835d59fc6cc7f3c3cfdb4a194ddc9ebd6c0c31",
"versionType": "git"
},
{
"lessThan": "7cef9274fa1b8506949d74bc45aef072b890824a",
"status": "affected",
"version": "52835d59fc6cc7f3c3cfdb4a194ddc9ebd6c0c31",
"versionType": "git"
},
{
"lessThan": "c4e188869406b47ac3350920bf165be303cb1c96",
"status": "affected",
"version": "52835d59fc6cc7f3c3cfdb4a194ddc9ebd6c0c31",
"versionType": "git"
},
{
"lessThan": "01ba41a359622ab256ce4d4f8b94c67165ae3daf",
"status": "affected",
"version": "52835d59fc6cc7f3c3cfdb4a194ddc9ebd6c0c31",
"versionType": "git"
},
{
"lessThan": "ba56291e297d28aa6eb82c5c1964fae2d7594746",
"status": "affected",
"version": "52835d59fc6cc7f3c3cfdb4a194ddc9ebd6c0c31",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/ti/ti_sci_pm_domains.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc\n\nThe allocation funciton devm_kcalloc may fail and return a null pointer,\nwhich would cause a null-pointer dereference later.\nIt might be better to check it and directly return -ENOMEM just like the\nusage of devm_kcalloc in previous code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:04.063Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/05efc4591f80582b6fe53366b70b6a35a42fd255"
},
{
"url": "https://git.kernel.org/stable/c/7cef9274fa1b8506949d74bc45aef072b890824a"
},
{
"url": "https://git.kernel.org/stable/c/c4e188869406b47ac3350920bf165be303cb1c96"
},
{
"url": "https://git.kernel.org/stable/c/01ba41a359622ab256ce4d4f8b94c67165ae3daf"
},
{
"url": "https://git.kernel.org/stable/c/ba56291e297d28aa6eb82c5c1964fae2d7594746"
}
],
"title": "soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49453",
"datePublished": "2025-02-26T02:13:02.751Z",
"dateReserved": "2025-02-26T02:08:31.573Z",
"dateUpdated": "2025-10-01T19:46:47.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49508 (GCVE-0-2022-49508)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: elan: Fix potential double free in elan_input_configured
'input' is a managed resource allocated with devm_input_allocate_device(),
so there is no need to call input_free_device() explicitly or
there will be a double free.
According to the doc of devm_input_allocate_device():
* Managed input devices do not need to be explicitly unregistered or
* freed as it will be done automatically when owner device unbinds from
* its driver (or binding fails).
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9a6a4193d65b853020ef0e66cecdf9e64a863883 Version: 9a6a4193d65b853020ef0e66cecdf9e64a863883 Version: 9a6a4193d65b853020ef0e66cecdf9e64a863883 Version: 9a6a4193d65b853020ef0e66cecdf9e64a863883 Version: 9a6a4193d65b853020ef0e66cecdf9e64a863883 Version: 9a6a4193d65b853020ef0e66cecdf9e64a863883 Version: 9a6a4193d65b853020ef0e66cecdf9e64a863883 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:38:25.923559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:42.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-elan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c92ec22a991778a096342cf1a917ae36c5c86a90",
"status": "affected",
"version": "9a6a4193d65b853020ef0e66cecdf9e64a863883",
"versionType": "git"
},
{
"lessThan": "f1d4f19a796551edc6679a681ea1756b8c578c08",
"status": "affected",
"version": "9a6a4193d65b853020ef0e66cecdf9e64a863883",
"versionType": "git"
},
{
"lessThan": "6d0726725c7c560495f5ff364862a2cefea542e3",
"status": "affected",
"version": "9a6a4193d65b853020ef0e66cecdf9e64a863883",
"versionType": "git"
},
{
"lessThan": "24f9dfdaece9bd75bb8dbfdba83eddeefdf7dc47",
"status": "affected",
"version": "9a6a4193d65b853020ef0e66cecdf9e64a863883",
"versionType": "git"
},
{
"lessThan": "5291451851feeb66fd4bf0826710f482f3b1ab38",
"status": "affected",
"version": "9a6a4193d65b853020ef0e66cecdf9e64a863883",
"versionType": "git"
},
{
"lessThan": "8bb1716507ebf12d50bbf181764481de3b6bc7fd",
"status": "affected",
"version": "9a6a4193d65b853020ef0e66cecdf9e64a863883",
"versionType": "git"
},
{
"lessThan": "1af20714fedad238362571620be0bd690ded05b6",
"status": "affected",
"version": "9a6a4193d65b853020ef0e66cecdf9e64a863883",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-elan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: elan: Fix potential double free in elan_input_configured\n\n\u0027input\u0027 is a managed resource allocated with devm_input_allocate_device(),\nso there is no need to call input_free_device() explicitly or\nthere will be a double free.\n\nAccording to the doc of devm_input_allocate_device():\n * Managed input devices do not need to be explicitly unregistered or\n * freed as it will be done automatically when owner device unbinds from\n * its driver (or binding fails)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:26.779Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c92ec22a991778a096342cf1a917ae36c5c86a90"
},
{
"url": "https://git.kernel.org/stable/c/f1d4f19a796551edc6679a681ea1756b8c578c08"
},
{
"url": "https://git.kernel.org/stable/c/6d0726725c7c560495f5ff364862a2cefea542e3"
},
{
"url": "https://git.kernel.org/stable/c/24f9dfdaece9bd75bb8dbfdba83eddeefdf7dc47"
},
{
"url": "https://git.kernel.org/stable/c/5291451851feeb66fd4bf0826710f482f3b1ab38"
},
{
"url": "https://git.kernel.org/stable/c/8bb1716507ebf12d50bbf181764481de3b6bc7fd"
},
{
"url": "https://git.kernel.org/stable/c/1af20714fedad238362571620be0bd690ded05b6"
}
],
"title": "HID: elan: Fix potential double free in elan_input_configured",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49508",
"datePublished": "2025-02-26T02:13:39.472Z",
"dateReserved": "2025-02-26T02:08:31.587Z",
"dateUpdated": "2025-10-01T19:46:42.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49063 (GCVE-0-2022-49063)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-11-03 17:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
The CI testing bots triggered the following splat:
[ 718.203054] BUG: KASAN: use-after-free in free_irq_cpu_rmap+0x53/0x80
[ 718.206349] Read of size 4 at addr ffff8881bd127e00 by task sh/20834
[ 718.212852] CPU: 28 PID: 20834 Comm: sh Kdump: loaded Tainted: G S W IOE 5.17.0-rc8_nextqueue-devqueue-02643-g23f3121aca93 #1
[ 718.219695] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0012.070720200218 07/07/2020
[ 718.223418] Call Trace:
[ 718.227139]
[ 718.230783] dump_stack_lvl+0x33/0x42
[ 718.234431] print_address_description.constprop.9+0x21/0x170
[ 718.238177] ? free_irq_cpu_rmap+0x53/0x80
[ 718.241885] ? free_irq_cpu_rmap+0x53/0x80
[ 718.245539] kasan_report.cold.18+0x7f/0x11b
[ 718.249197] ? free_irq_cpu_rmap+0x53/0x80
[ 718.252852] free_irq_cpu_rmap+0x53/0x80
[ 718.256471] ice_free_cpu_rx_rmap.part.11+0x37/0x50 [ice]
[ 718.260174] ice_remove_arfs+0x5f/0x70 [ice]
[ 718.263810] ice_rebuild_arfs+0x3b/0x70 [ice]
[ 718.267419] ice_rebuild+0x39c/0xb60 [ice]
[ 718.270974] ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 718.274472] ? ice_init_phy_user_cfg+0x360/0x360 [ice]
[ 718.278033] ? delay_tsc+0x4a/0xb0
[ 718.281513] ? preempt_count_sub+0x14/0xc0
[ 718.284984] ? delay_tsc+0x8f/0xb0
[ 718.288463] ice_do_reset+0x92/0xf0 [ice]
[ 718.292014] ice_pci_err_resume+0x91/0xf0 [ice]
[ 718.295561] pci_reset_function+0x53/0x80
<...>
[ 718.393035] Allocated by task 690:
[ 718.433497] Freed by task 20834:
[ 718.495688] Last potentially related work creation:
[ 718.568966] The buggy address belongs to the object at ffff8881bd127e00
which belongs to the cache kmalloc-96 of size 96
[ 718.574085] The buggy address is located 0 bytes inside of
96-byte region [ffff8881bd127e00, ffff8881bd127e60)
[ 718.579265] The buggy address belongs to the page:
[ 718.598905] Memory state around the buggy address:
[ 718.601809] ffff8881bd127d00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 718.604796] ffff8881bd127d80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[ 718.607794] >ffff8881bd127e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 718.610811] ^
[ 718.613819] ffff8881bd127e80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 718.617107] ffff8881bd127f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
This is due to that free_irq_cpu_rmap() is always being called
*after* (devm_)free_irq() and thus it tries to work with IRQ descs
already freed. For example, on device reset the driver frees the
rmap right before allocating a new one (the splat above).
Make rmap creation and freeing function symmetrical with
{request,free}_irq() calls i.e. do that on ifup/ifdown instead
of device probe/remove/resume. These operations can be performed
independently from the actual device aRFS configuration.
Also, make sure ice_vsi_free_irq() clears IRQ affinity notifiers
only when aRFS is disabled -- otherwise, CPU rmap sets and clears
its own and they must not be touched manually.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:17:43.737630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:35.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:31:01.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_arfs.c",
"drivers/net/ethernet/intel/ice/ice_lib.c",
"drivers/net/ethernet/intel/ice/ice_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ba2f6ec28733fb6b24ed086e676df3df4c138f3f",
"status": "affected",
"version": "28bf26724fdb0e02267d19e280d6717ee810a10d",
"versionType": "git"
},
{
"lessThan": "618df75f2e30c7838a3e010ca32cd4893ec9fe33",
"status": "affected",
"version": "28bf26724fdb0e02267d19e280d6717ee810a10d",
"versionType": "git"
},
{
"lessThan": "d08d2fb6d99d82da1c63aba5c0d1c6f237e150f3",
"status": "affected",
"version": "28bf26724fdb0e02267d19e280d6717ee810a10d",
"versionType": "git"
},
{
"lessThan": "d7442f512b71fc63a99c8a801422dde4fbbf9f93",
"status": "affected",
"version": "28bf26724fdb0e02267d19e280d6717ee810a10d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_arfs.c",
"drivers/net/ethernet/intel/ice/ice_lib.c",
"drivers/net/ethernet/intel/ice/ice_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.184",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.184",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: arfs: fix use-after-free when freeing @rx_cpu_rmap\n\nThe CI testing bots triggered the following splat:\n\n[ 718.203054] BUG: KASAN: use-after-free in free_irq_cpu_rmap+0x53/0x80\n[ 718.206349] Read of size 4 at addr ffff8881bd127e00 by task sh/20834\n[ 718.212852] CPU: 28 PID: 20834 Comm: sh Kdump: loaded Tainted: G S W IOE 5.17.0-rc8_nextqueue-devqueue-02643-g23f3121aca93 #1\n[ 718.219695] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0012.070720200218 07/07/2020\n[ 718.223418] Call Trace:\n[ 718.227139]\n[ 718.230783] dump_stack_lvl+0x33/0x42\n[ 718.234431] print_address_description.constprop.9+0x21/0x170\n[ 718.238177] ? free_irq_cpu_rmap+0x53/0x80\n[ 718.241885] ? free_irq_cpu_rmap+0x53/0x80\n[ 718.245539] kasan_report.cold.18+0x7f/0x11b\n[ 718.249197] ? free_irq_cpu_rmap+0x53/0x80\n[ 718.252852] free_irq_cpu_rmap+0x53/0x80\n[ 718.256471] ice_free_cpu_rx_rmap.part.11+0x37/0x50 [ice]\n[ 718.260174] ice_remove_arfs+0x5f/0x70 [ice]\n[ 718.263810] ice_rebuild_arfs+0x3b/0x70 [ice]\n[ 718.267419] ice_rebuild+0x39c/0xb60 [ice]\n[ 718.270974] ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[ 718.274472] ? ice_init_phy_user_cfg+0x360/0x360 [ice]\n[ 718.278033] ? delay_tsc+0x4a/0xb0\n[ 718.281513] ? preempt_count_sub+0x14/0xc0\n[ 718.284984] ? delay_tsc+0x8f/0xb0\n[ 718.288463] ice_do_reset+0x92/0xf0 [ice]\n[ 718.292014] ice_pci_err_resume+0x91/0xf0 [ice]\n[ 718.295561] pci_reset_function+0x53/0x80\n\u003c...\u003e\n[ 718.393035] Allocated by task 690:\n[ 718.433497] Freed by task 20834:\n[ 718.495688] Last potentially related work creation:\n[ 718.568966] The buggy address belongs to the object at ffff8881bd127e00\n which belongs to the cache kmalloc-96 of size 96\n[ 718.574085] The buggy address is located 0 bytes inside of\n 96-byte region [ffff8881bd127e00, ffff8881bd127e60)\n[ 718.579265] The buggy address belongs to the page:\n[ 718.598905] Memory state around the buggy address:\n[ 718.601809] ffff8881bd127d00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n[ 718.604796] ffff8881bd127d80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc\n[ 718.607794] \u003effff8881bd127e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n[ 718.610811] ^\n[ 718.613819] ffff8881bd127e80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc\n[ 718.617107] ffff8881bd127f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n\nThis is due to that free_irq_cpu_rmap() is always being called\n*after* (devm_)free_irq() and thus it tries to work with IRQ descs\nalready freed. For example, on device reset the driver frees the\nrmap right before allocating a new one (the splat above).\nMake rmap creation and freeing function symmetrical with\n{request,free}_irq() calls i.e. do that on ifup/ifdown instead\nof device probe/remove/resume. These operations can be performed\nindependently from the actual device aRFS configuration.\nAlso, make sure ice_vsi_free_irq() clears IRQ affinity notifiers\nonly when aRFS is disabled -- otherwise, CPU rmap sets and clears\nits own and they must not be touched manually."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T12:57:13.027Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ba2f6ec28733fb6b24ed086e676df3df4c138f3f"
},
{
"url": "https://git.kernel.org/stable/c/618df75f2e30c7838a3e010ca32cd4893ec9fe33"
},
{
"url": "https://git.kernel.org/stable/c/d08d2fb6d99d82da1c63aba5c0d1c6f237e150f3"
},
{
"url": "https://git.kernel.org/stable/c/d7442f512b71fc63a99c8a801422dde4fbbf9f93"
}
],
"title": "ice: arfs: fix use-after-free when freeing @rx_cpu_rmap",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49063",
"datePublished": "2025-02-26T01:54:32.460Z",
"dateReserved": "2025-02-26T01:49:39.244Z",
"dateUpdated": "2025-11-03T17:31:01.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49227 (GCVE-0-2022-49227)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
igc: avoid kernel warning when changing RX ring parameters
Calling ethtool changing the RX ring parameters like this:
$ ethtool -G eth0 rx 1024
on igc triggers kernel warnings like this:
[ 225.198467] ------------[ cut here ]------------
[ 225.198473] Missing unregister, handled but fix driver
[ 225.198485] WARNING: CPU: 7 PID: 959 at net/core/xdp.c:168
xdp_rxq_info_reg+0x79/0xd0
[...]
[ 225.198601] Call Trace:
[ 225.198604] <TASK>
[ 225.198609] igc_setup_rx_resources+0x3f/0xe0 [igc]
[ 225.198617] igc_ethtool_set_ringparam+0x30e/0x450 [igc]
[ 225.198626] ethnl_set_rings+0x18a/0x250
[ 225.198631] genl_family_rcv_msg_doit+0xca/0x110
[ 225.198637] genl_rcv_msg+0xce/0x1c0
[ 225.198640] ? rings_prepare_data+0x60/0x60
[ 225.198644] ? genl_get_cmd+0xd0/0xd0
[ 225.198647] netlink_rcv_skb+0x4e/0xf0
[ 225.198652] genl_rcv+0x24/0x40
[ 225.198655] netlink_unicast+0x20e/0x330
[ 225.198659] netlink_sendmsg+0x23f/0x480
[ 225.198663] sock_sendmsg+0x5b/0x60
[ 225.198667] __sys_sendto+0xf0/0x160
[ 225.198671] ? handle_mm_fault+0xb2/0x280
[ 225.198676] ? do_user_addr_fault+0x1eb/0x690
[ 225.198680] __x64_sys_sendto+0x20/0x30
[ 225.198683] do_syscall_64+0x38/0x90
[ 225.198687] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 225.198693] RIP: 0033:0x7f7ae38ac3aa
igc_ethtool_set_ringparam() copies the igc_ring structure but neglects to
reset the xdp_rxq_info member before calling igc_setup_rx_resources().
This in turn calls xdp_rxq_info_reg() with an already registered xdp_rxq_info.
Make sure to unregister the xdp_rxq_info structure first in
igc_setup_rx_resources.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igc/igc_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ab8c107470d12e7ef99030bf0911a10cdef62d16",
"status": "affected",
"version": "73f1071c1d2952b8c93cd6cd99744768c59ec840",
"versionType": "git"
},
{
"lessThan": "3ddb49af08094ebee250b461172ee7b8e27a35d3",
"status": "affected",
"version": "73f1071c1d2952b8c93cd6cd99744768c59ec840",
"versionType": "git"
},
{
"lessThan": "65aebcf1e05bd97d2e7ffcdff36efea1757c9450",
"status": "affected",
"version": "73f1071c1d2952b8c93cd6cd99744768c59ec840",
"versionType": "git"
},
{
"lessThan": "453307b569a0d41bddd07f26bf41b784cd82a4c9",
"status": "affected",
"version": "73f1071c1d2952b8c93cd6cd99744768c59ec840",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igc/igc_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: avoid kernel warning when changing RX ring parameters\n\nCalling ethtool changing the RX ring parameters like this:\n\n $ ethtool -G eth0 rx 1024\n\non igc triggers kernel warnings like this:\n\n[ 225.198467] ------------[ cut here ]------------\n[ 225.198473] Missing unregister, handled but fix driver\n[ 225.198485] WARNING: CPU: 7 PID: 959 at net/core/xdp.c:168\nxdp_rxq_info_reg+0x79/0xd0\n[...]\n[ 225.198601] Call Trace:\n[ 225.198604] \u003cTASK\u003e\n[ 225.198609] igc_setup_rx_resources+0x3f/0xe0 [igc]\n[ 225.198617] igc_ethtool_set_ringparam+0x30e/0x450 [igc]\n[ 225.198626] ethnl_set_rings+0x18a/0x250\n[ 225.198631] genl_family_rcv_msg_doit+0xca/0x110\n[ 225.198637] genl_rcv_msg+0xce/0x1c0\n[ 225.198640] ? rings_prepare_data+0x60/0x60\n[ 225.198644] ? genl_get_cmd+0xd0/0xd0\n[ 225.198647] netlink_rcv_skb+0x4e/0xf0\n[ 225.198652] genl_rcv+0x24/0x40\n[ 225.198655] netlink_unicast+0x20e/0x330\n[ 225.198659] netlink_sendmsg+0x23f/0x480\n[ 225.198663] sock_sendmsg+0x5b/0x60\n[ 225.198667] __sys_sendto+0xf0/0x160\n[ 225.198671] ? handle_mm_fault+0xb2/0x280\n[ 225.198676] ? do_user_addr_fault+0x1eb/0x690\n[ 225.198680] __x64_sys_sendto+0x20/0x30\n[ 225.198683] do_syscall_64+0x38/0x90\n[ 225.198687] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 225.198693] RIP: 0033:0x7f7ae38ac3aa\n\nigc_ethtool_set_ringparam() copies the igc_ring structure but neglects to\nreset the xdp_rxq_info member before calling igc_setup_rx_resources().\nThis in turn calls xdp_rxq_info_reg() with an already registered xdp_rxq_info.\n\nMake sure to unregister the xdp_rxq_info structure first in\nigc_setup_rx_resources."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:52.411Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ab8c107470d12e7ef99030bf0911a10cdef62d16"
},
{
"url": "https://git.kernel.org/stable/c/3ddb49af08094ebee250b461172ee7b8e27a35d3"
},
{
"url": "https://git.kernel.org/stable/c/65aebcf1e05bd97d2e7ffcdff36efea1757c9450"
},
{
"url": "https://git.kernel.org/stable/c/453307b569a0d41bddd07f26bf41b784cd82a4c9"
}
],
"title": "igc: avoid kernel warning when changing RX ring parameters",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49227",
"datePublished": "2025-02-26T01:55:56.202Z",
"dateReserved": "2025-02-26T01:49:39.293Z",
"dateUpdated": "2025-05-04T08:32:52.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49645 (GCVE-0-2022-49645)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/panfrost: Fix shrinker list corruption by madvise IOCTL
Calling madvise IOCTL twice on BO causes memory shrinker list corruption
and crashes kernel because BO is already on the list and it's added to
the list again, while BO should be removed from the list before it's
re-added. Fix it.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/panfrost/panfrost_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "393594aad55179eb761af41533d8d1d6eb4543b0",
"status": "affected",
"version": "013b6510131568ce4e01856d5360bfdfe9c3632f",
"versionType": "git"
},
{
"lessThan": "0581613df7f9a4c5fac096ce1d5fb15b7b994240",
"status": "affected",
"version": "013b6510131568ce4e01856d5360bfdfe9c3632f",
"versionType": "git"
},
{
"lessThan": "1807d8867402a58b831a7fc16832747ff559a0d1",
"status": "affected",
"version": "013b6510131568ce4e01856d5360bfdfe9c3632f",
"versionType": "git"
},
{
"lessThan": "f036392edd9c49090781d8cca26ad6557a63bae4",
"status": "affected",
"version": "013b6510131568ce4e01856d5360bfdfe9c3632f",
"versionType": "git"
},
{
"lessThan": "9fc33eaaa979d112d10fea729edcd2a2e21aa912",
"status": "affected",
"version": "013b6510131568ce4e01856d5360bfdfe9c3632f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/panfrost/panfrost_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panfrost: Fix shrinker list corruption by madvise IOCTL\n\nCalling madvise IOCTL twice on BO causes memory shrinker list corruption\nand crashes kernel because BO is already on the list and it\u0027s added to\nthe list again, while BO should be removed from the list before it\u0027s\nre-added. Fix it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:28.901Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/393594aad55179eb761af41533d8d1d6eb4543b0"
},
{
"url": "https://git.kernel.org/stable/c/0581613df7f9a4c5fac096ce1d5fb15b7b994240"
},
{
"url": "https://git.kernel.org/stable/c/1807d8867402a58b831a7fc16832747ff559a0d1"
},
{
"url": "https://git.kernel.org/stable/c/f036392edd9c49090781d8cca26ad6557a63bae4"
},
{
"url": "https://git.kernel.org/stable/c/9fc33eaaa979d112d10fea729edcd2a2e21aa912"
}
],
"title": "drm/panfrost: Fix shrinker list corruption by madvise IOCTL",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49645",
"datePublished": "2025-02-26T02:23:50.598Z",
"dateReserved": "2025-02-26T02:21:30.432Z",
"dateUpdated": "2025-05-04T08:42:28.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47642 (GCVE-0-2021-47642)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 07:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
Coverity complains of a possible buffer overflow. However,
given the 'static' scope of nvidia_setup_i2c_bus() it looks
like that can't happen after examiniing the call sites.
CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
1. fixed_size_dest: You might overrun the 48-character fixed-size string
chan->adapter.name by copying name without checking the length.
2. parameter_as_source: Note: This defect has an elevated risk because the
source argument is a parameter of the current function.
89 strcpy(chan->adapter.name, name);
Fix this warning by using strscpy() which will silence the warning and
prevent any future buffer overflows should the names used to identify the
channel become much longer.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/nvidia/nv_i2c.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "47e5533adf118afaf06d25a3e2aaaab89371b1c5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "580e5d3815474b8349250c25c16416585a72c7fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "72dd5c46a152136712a55bf026a9aa8c1b12b60d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "055cdd2e7b992921424d4daaa285ced787fb205f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "08dff482012758935c185532b1ad7d584785a86e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6a5226e544ac043bb2d8dc1bfe8920d02282f7cd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "41baa86b6c802cdc6ab8ff2d46c083c9be93de81",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "37a1a2e6eeeb101285cd34e12e48a881524701aa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/nvidia/nv_i2c.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow\n\nCoverity complains of a possible buffer overflow. However,\ngiven the \u0027static\u0027 scope of nvidia_setup_i2c_bus() it looks\nlike that can\u0027t happen after examiniing the call sites.\n\nCID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)\n1. fixed_size_dest: You might overrun the 48-character fixed-size string\n chan-\u003eadapter.name by copying name without checking the length.\n2. parameter_as_source: Note: This defect has an elevated risk because the\n source argument is a parameter of the current function.\n 89 strcpy(chan-\u003eadapter.name, name);\n\nFix this warning by using strscpy() which will silence the warning and\nprevent any future buffer overflows should the names used to identify the\nchannel become much longer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:22.072Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5"
},
{
"url": "https://git.kernel.org/stable/c/580e5d3815474b8349250c25c16416585a72c7fe"
},
{
"url": "https://git.kernel.org/stable/c/72dd5c46a152136712a55bf026a9aa8c1b12b60d"
},
{
"url": "https://git.kernel.org/stable/c/055cdd2e7b992921424d4daaa285ced787fb205f"
},
{
"url": "https://git.kernel.org/stable/c/08dff482012758935c185532b1ad7d584785a86e"
},
{
"url": "https://git.kernel.org/stable/c/9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834"
},
{
"url": "https://git.kernel.org/stable/c/6a5226e544ac043bb2d8dc1bfe8920d02282f7cd"
},
{
"url": "https://git.kernel.org/stable/c/41baa86b6c802cdc6ab8ff2d46c083c9be93de81"
},
{
"url": "https://git.kernel.org/stable/c/37a1a2e6eeeb101285cd34e12e48a881524701aa"
}
],
"title": "video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47642",
"datePublished": "2025-02-26T01:54:13.193Z",
"dateReserved": "2025-02-26T01:48:21.519Z",
"dateUpdated": "2025-05-04T07:15:22.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49501 (GCVE-0-2022-49501)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-07-17 16:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usbnet: Run unregister_netdev() before unbind() again
Commit 2c9d6c2b871d ("usbnet: run unbind() before unregister_netdev()")
sought to fix a use-after-free on disconnect of USB Ethernet adapters.
It turns out that a different fix is necessary to address the issue:
https://lore.kernel.org/netdev/18b3541e5372bc9b9fc733d422f4e698c089077c.1650177997.git.lukas@wunner.de/
So the commit was not necessary.
The commit made binding and unbinding of USB Ethernet asymmetrical:
Before, usbnet_probe() first invoked the ->bind() callback and then
register_netdev(). usbnet_disconnect() mirrored that by first invoking
unregister_netdev() and then ->unbind().
Since the commit, the order in usbnet_disconnect() is reversed and no
longer mirrors usbnet_probe().
One consequence is that a PHY disconnected (and stopped) in ->unbind()
is afterwards stopped once more by unregister_netdev() as it closes the
netdev before unregistering. That necessitates a contortion in ->stop()
because the PHY may only be stopped if it hasn't already been
disconnected.
Reverting the commit allows making the call to phy_stop() unconditional
in ->stop().
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:15:41.764586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:32.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/asix_devices.c",
"drivers/net/usb/smsc95xx.c",
"drivers/net/usb/usbnet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6d5deb242874d924beccf7eb3cef04c1c3b0da79",
"status": "affected",
"version": "2c9d6c2b871d5841ce26ede3e81fd37e2e33c42c",
"versionType": "git"
},
{
"lessThan": "fbda837107f9bd4ec658d2aa88c6856dba606f06",
"status": "affected",
"version": "2c9d6c2b871d5841ce26ede3e81fd37e2e33c42c",
"versionType": "git"
},
{
"lessThan": "969a1b3ea3cb7d58a16fe12fd1b04bfc0ea40509",
"status": "affected",
"version": "2c9d6c2b871d5841ce26ede3e81fd37e2e33c42c",
"versionType": "git"
},
{
"lessThan": "d1408f6b4dd78fb1b9e26bcf64477984e5f85409",
"status": "affected",
"version": "2c9d6c2b871d5841ce26ede3e81fd37e2e33c42c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/asix_devices.c",
"drivers/net/usb/smsc95xx.c",
"drivers/net/usb/usbnet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: Run unregister_netdev() before unbind() again\n\nCommit 2c9d6c2b871d (\"usbnet: run unbind() before unregister_netdev()\")\nsought to fix a use-after-free on disconnect of USB Ethernet adapters.\n\nIt turns out that a different fix is necessary to address the issue:\nhttps://lore.kernel.org/netdev/18b3541e5372bc9b9fc733d422f4e698c089077c.1650177997.git.lukas@wunner.de/\n\nSo the commit was not necessary.\n\nThe commit made binding and unbinding of USB Ethernet asymmetrical:\nBefore, usbnet_probe() first invoked the -\u003ebind() callback and then\nregister_netdev(). usbnet_disconnect() mirrored that by first invoking\nunregister_netdev() and then -\u003eunbind().\n\nSince the commit, the order in usbnet_disconnect() is reversed and no\nlonger mirrors usbnet_probe().\n\nOne consequence is that a PHY disconnected (and stopped) in -\u003eunbind()\nis afterwards stopped once more by unregister_netdev() as it closes the\nnetdev before unregistering. That necessitates a contortion in -\u003estop()\nbecause the PHY may only be stopped if it hasn\u0027t already been\ndisconnected.\n\nReverting the commit allows making the call to phy_stop() unconditional\nin -\u003estop()."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T16:56:35.614Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6d5deb242874d924beccf7eb3cef04c1c3b0da79"
},
{
"url": "https://git.kernel.org/stable/c/fbda837107f9bd4ec658d2aa88c6856dba606f06"
},
{
"url": "https://git.kernel.org/stable/c/969a1b3ea3cb7d58a16fe12fd1b04bfc0ea40509"
},
{
"url": "https://git.kernel.org/stable/c/d1408f6b4dd78fb1b9e26bcf64477984e5f85409"
}
],
"title": "usbnet: Run unregister_netdev() before unbind() again",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49501",
"datePublished": "2025-02-26T02:13:34.885Z",
"dateReserved": "2025-02-26T02:08:31.586Z",
"dateUpdated": "2025-07-17T16:56:35.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49294 (GCVE-0-2022-49294)
Vulnerability from cvelistv5
Published
2025-02-26 02:01
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check if modulo is 0 before dividing.
[How & Why]
If a value of 0 is read, then this will cause a divide-by-0 panic.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49294",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:45:08.467620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:00.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "10ef82d6e0af5536ec64770c07f6bbabfdd6977c",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "96725758eff7b3805e4e94d1443a100757412720",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "07efce8269a038c37814eb656b4de14aa3015fc6",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "49947b906a6bd9668eaf4f9cf691973c25c26955",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check if modulo is 0 before dividing.\n\n[How \u0026 Why]\nIf a value of 0 is read, then this will cause a divide-by-0 panic."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:19:11.181Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/10ef82d6e0af5536ec64770c07f6bbabfdd6977c"
},
{
"url": "https://git.kernel.org/stable/c/96725758eff7b3805e4e94d1443a100757412720"
},
{
"url": "https://git.kernel.org/stable/c/07efce8269a038c37814eb656b4de14aa3015fc6"
},
{
"url": "https://git.kernel.org/stable/c/49947b906a6bd9668eaf4f9cf691973c25c26955"
}
],
"title": "drm/amd/display: Check if modulo is 0 before dividing.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49294",
"datePublished": "2025-02-26T02:01:25.159Z",
"dateReserved": "2025-02-26T01:49:39.302Z",
"dateUpdated": "2025-10-01T19:47:00.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49480 (GCVE-0-2022-49480)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe
of_find_device_by_node() takes reference, we should use put_device()
to release it. when devm_kzalloc() fails, it doesn't have a
put_device(), it will cause refcount leak.
Add missing put_device() to fix this.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:26.314297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:45.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/fsl/imx-hdmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cf760e494ee5fa6bc2dc222f0098c741ad460801",
"status": "affected",
"version": "6a5f850aa83a1d844d27e3e53ca2f247e55d438b",
"versionType": "git"
},
{
"lessThan": "8205a0114db10ec41bd2b748cdd7528632082eca",
"status": "affected",
"version": "6a5f850aa83a1d844d27e3e53ca2f247e55d438b",
"versionType": "git"
},
{
"lessThan": "81b7edaabd44ba133006ad72056914eb36828d60",
"status": "affected",
"version": "6a5f850aa83a1d844d27e3e53ca2f247e55d438b",
"versionType": "git"
},
{
"lessThan": "ed46731d8e86c8d65f5fc717671e1f1f6c3146d2",
"status": "affected",
"version": "6a5f850aa83a1d844d27e3e53ca2f247e55d438b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/fsl/imx-hdmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe\n\nof_find_device_by_node() takes reference, we should use put_device()\nto release it. when devm_kzalloc() fails, it doesn\u0027t have a\nput_device(), it will cause refcount leak.\nAdd missing put_device() to fix this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:38.183Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cf760e494ee5fa6bc2dc222f0098c741ad460801"
},
{
"url": "https://git.kernel.org/stable/c/8205a0114db10ec41bd2b748cdd7528632082eca"
},
{
"url": "https://git.kernel.org/stable/c/81b7edaabd44ba133006ad72056914eb36828d60"
},
{
"url": "https://git.kernel.org/stable/c/ed46731d8e86c8d65f5fc717671e1f1f6c3146d2"
}
],
"title": "ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49480",
"datePublished": "2025-02-26T02:13:20.651Z",
"dateReserved": "2025-02-26T02:08:31.581Z",
"dateUpdated": "2025-10-01T19:46:45.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49286 (GCVE-0-2022-49286)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tpm: use try_get_ops() in tpm-space.c
As part of the series conversion to remove nested TPM operations:
https://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/
exposure of the chip->tpm_mutex was removed from much of the upper
level code. In this conversion, tpm2_del_space() was missed. This
didn't matter much because it's usually called closely after a
converted operation, so there's only a very tiny race window where the
chip can be removed before the space flushing is done which causes a
NULL deref on the mutex. However, there are reports of this window
being hit in practice, so fix this by converting tpm2_del_space() to
use tpm_try_get_ops(), which performs all the teardown checks before
acquring the mutex.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 745b361e989af21ad40811c2586b60229f870a68 Version: 745b361e989af21ad40811c2586b60229f870a68 Version: 745b361e989af21ad40811c2586b60229f870a68 Version: 745b361e989af21ad40811c2586b60229f870a68 Version: 745b361e989af21ad40811c2586b60229f870a68 Version: 745b361e989af21ad40811c2586b60229f870a68 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm2-space.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5b1d2561a03e534064b51c50c774657833d3d2cf",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "95193d12f10a8a088843b25e0f5fe1d83ec6b079",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "476ddd23f818fb94cf86fb5617f3bb9a7c92113d",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "eda1662cce964c8a65bb86321f8d9cfa6e9ceaab",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "ba84f9a48366dcc3cdef978599433efe101dd5bd",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
},
{
"lessThan": "fb5abce6b2bb5cb3d628aaa63fa821da8c4600f9",
"status": "affected",
"version": "745b361e989af21ad40811c2586b60229f870a68",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm2-space.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.188",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.188",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.109",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.32",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.18",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.1",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: use try_get_ops() in tpm-space.c\n\nAs part of the series conversion to remove nested TPM operations:\n\nhttps://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/\n\nexposure of the chip-\u003etpm_mutex was removed from much of the upper\nlevel code. In this conversion, tpm2_del_space() was missed. This\ndidn\u0027t matter much because it\u0027s usually called closely after a\nconverted operation, so there\u0027s only a very tiny race window where the\nchip can be removed before the space flushing is done which causes a\nNULL deref on the mutex. However, there are reports of this window\nbeing hit in practice, so fix this by converting tpm2_del_space() to\nuse tpm_try_get_ops(), which performs all the teardown checks before\nacquring the mutex."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:16.652Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5b1d2561a03e534064b51c50c774657833d3d2cf"
},
{
"url": "https://git.kernel.org/stable/c/95193d12f10a8a088843b25e0f5fe1d83ec6b079"
},
{
"url": "https://git.kernel.org/stable/c/476ddd23f818fb94cf86fb5617f3bb9a7c92113d"
},
{
"url": "https://git.kernel.org/stable/c/eda1662cce964c8a65bb86321f8d9cfa6e9ceaab"
},
{
"url": "https://git.kernel.org/stable/c/ba84f9a48366dcc3cdef978599433efe101dd5bd"
},
{
"url": "https://git.kernel.org/stable/c/fb5abce6b2bb5cb3d628aaa63fa821da8c4600f9"
}
],
"title": "tpm: use try_get_ops() in tpm-space.c",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49286",
"datePublished": "2025-02-26T01:56:25.566Z",
"dateReserved": "2025-02-26T01:49:39.302Z",
"dateUpdated": "2025-05-04T08:34:16.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49675 (GCVE-0-2022-49675)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tick/nohz: unexport __init-annotated tick_nohz_full_setup()
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it had been broken for a decade.
Commit 28438794aba4 ("modpost: fix section mismatch check for exported
init/exit sections") fixed it so modpost started to warn it again, then
this showed up:
MODPOST vmlinux.symvers
WARNING: modpost: vmlinux.o(___ksymtab_gpl+tick_nohz_full_setup+0x0): Section mismatch in reference from the variable __ksymtab_tick_nohz_full_setup to the function .init.text:tick_nohz_full_setup()
The symbol tick_nohz_full_setup is exported and annotated __init
Fix this by removing the __init annotation of tick_nohz_full_setup or drop the export.
Drop the export because tick_nohz_full_setup() is only called from the
built-in code in kernel/sched/isolation.c.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/time/tick-sched.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c4ff3ffe0138234774602152fe67e3a898c615c6",
"status": "affected",
"version": "ae9e557b5be2e285f48ee945d9c8faf75d4f6a66",
"versionType": "git"
},
{
"lessThan": "f4a80ec8c51d68be4b7a7830c510f75080c5e417",
"status": "affected",
"version": "ae9e557b5be2e285f48ee945d9c8faf75d4f6a66",
"versionType": "git"
},
{
"lessThan": "ea32b27e2f8c58c92bff5ecba7fcf64b97707089",
"status": "affected",
"version": "ae9e557b5be2e285f48ee945d9c8faf75d4f6a66",
"versionType": "git"
},
{
"lessThan": "2390095113e98fc52fffe35c5206d30d9efe3f78",
"status": "affected",
"version": "ae9e557b5be2e285f48ee945d9c8faf75d4f6a66",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/time/tick-sched.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.128",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.52",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.128",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.52",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.9",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntick/nohz: unexport __init-annotated tick_nohz_full_setup()\n\nEXPORT_SYMBOL and __init is a bad combination because the .init.text\nsection is freed up after the initialization. Hence, modules cannot\nuse symbols annotated __init. The access to a freed symbol may end up\nwith kernel panic.\n\nmodpost used to detect it, but it had been broken for a decade.\n\nCommit 28438794aba4 (\"modpost: fix section mismatch check for exported\ninit/exit sections\") fixed it so modpost started to warn it again, then\nthis showed up:\n\n MODPOST vmlinux.symvers\n WARNING: modpost: vmlinux.o(___ksymtab_gpl+tick_nohz_full_setup+0x0): Section mismatch in reference from the variable __ksymtab_tick_nohz_full_setup to the function .init.text:tick_nohz_full_setup()\n The symbol tick_nohz_full_setup is exported and annotated __init\n Fix this by removing the __init annotation of tick_nohz_full_setup or drop the export.\n\nDrop the export because tick_nohz_full_setup() is only called from the\nbuilt-in code in kernel/sched/isolation.c."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:04.795Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c4ff3ffe0138234774602152fe67e3a898c615c6"
},
{
"url": "https://git.kernel.org/stable/c/f4a80ec8c51d68be4b7a7830c510f75080c5e417"
},
{
"url": "https://git.kernel.org/stable/c/ea32b27e2f8c58c92bff5ecba7fcf64b97707089"
},
{
"url": "https://git.kernel.org/stable/c/2390095113e98fc52fffe35c5206d30d9efe3f78"
}
],
"title": "tick/nohz: unexport __init-annotated tick_nohz_full_setup()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49675",
"datePublished": "2025-02-26T02:24:07.395Z",
"dateReserved": "2025-02-26T02:21:30.438Z",
"dateUpdated": "2025-05-04T08:43:04.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3303 (GCVE-0-2022-3303)
Vulnerability from cvelistv5
Published
2022-09-27 00:00
Modified
2025-05-21 15:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-667 - ->CWE-362->CWE-476
Summary
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Linux kernel |
Version: Fixed in kernel 6.0-rc5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA%40mail.gmail.com/"
},
{
"name": "DSA-5257",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5257"
},
{
"name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3303",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:31:25.170645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:31:49.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in kernel 6.0-rc5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667-\u003eCWE-362-\u003eCWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-01T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d"
},
{
"url": "https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA%40mail.gmail.com/"
},
{
"name": "DSA-5257",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5257"
},
{
"name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3303",
"datePublished": "2022-09-27T00:00:00.000Z",
"dateReserved": "2022-09-26T00:00:00.000Z",
"dateUpdated": "2025-05-21T15:31:49.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49447 (GCVE-0-2022-49447)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: hisi: Add missing of_node_put after of_find_compatible_node
of_find_compatible_node will increment the refcount of the returned
device_node. Calling of_node_put() to avoid the refcount leak
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:40:43.032853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:48.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-hisi/platsmp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "46cb7868811d025c3d29c10d18b3422db1cf20d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f8da78b2bae1f54746647a2bb44f8bd6025c57af",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dd4be8ecfb41a29e7c4e551b4e866157ce4a3429",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e109058165137ef42841abd989f080adfefa14fa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "21a3effe446dd6dc5eed7fe897c2f9b88c9a5d6d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a3265a9440030068547a20dfee646666f3ca5278",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cafaaae4bb9ce84a2791fa29bf6907a9466c3883",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "45d211668d33c49d73f5213e8c2b58468108647c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9bc72e47d4630d58a840a66a869c56b29554cfe4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-hisi/platsmp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: hisi: Add missing of_node_put after of_find_compatible_node\n\nof_find_compatible_node will increment the refcount of the returned\ndevice_node. Calling of_node_put() to avoid the refcount leak"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:56.632Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/46cb7868811d025c3d29c10d18b3422db1cf20d5"
},
{
"url": "https://git.kernel.org/stable/c/f8da78b2bae1f54746647a2bb44f8bd6025c57af"
},
{
"url": "https://git.kernel.org/stable/c/dd4be8ecfb41a29e7c4e551b4e866157ce4a3429"
},
{
"url": "https://git.kernel.org/stable/c/e109058165137ef42841abd989f080adfefa14fa"
},
{
"url": "https://git.kernel.org/stable/c/21a3effe446dd6dc5eed7fe897c2f9b88c9a5d6d"
},
{
"url": "https://git.kernel.org/stable/c/a3265a9440030068547a20dfee646666f3ca5278"
},
{
"url": "https://git.kernel.org/stable/c/cafaaae4bb9ce84a2791fa29bf6907a9466c3883"
},
{
"url": "https://git.kernel.org/stable/c/45d211668d33c49d73f5213e8c2b58468108647c"
},
{
"url": "https://git.kernel.org/stable/c/9bc72e47d4630d58a840a66a869c56b29554cfe4"
}
],
"title": "ARM: hisi: Add missing of_node_put after of_find_compatible_node",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49447",
"datePublished": "2025-02-26T02:12:58.540Z",
"dateReserved": "2025-02-26T02:08:31.571Z",
"dateUpdated": "2025-10-01T19:46:48.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49609 (GCVE-0-2022-49609)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
of_find_matching_node_and_match() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0e545f57b708630c54c8c5c24ea7f7034f6c40d9 Version: 0e545f57b708630c54c8c5c24ea7f7034f6c40d9 Version: 0e545f57b708630c54c8c5c24ea7f7034f6c40d9 Version: 0e545f57b708630c54c8c5c24ea7f7034f6c40d9 Version: 0e545f57b708630c54c8c5c24ea7f7034f6c40d9 Version: 0e545f57b708630c54c8c5c24ea7f7034f6c40d9 Version: 0e545f57b708630c54c8c5c24ea7f7034f6c40d9 Version: 0e545f57b708630c54c8c5c24ea7f7034f6c40d9 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:34:54.763276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:51.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/power/reset/arm-versatile-reboot.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b4d224eec96a18fa8959512cd9e5b6a50bd16a41",
"status": "affected",
"version": "0e545f57b708630c54c8c5c24ea7f7034f6c40d9",
"versionType": "git"
},
{
"lessThan": "a9ed3ad3a8d1dfbc829d86edb3236873a315db11",
"status": "affected",
"version": "0e545f57b708630c54c8c5c24ea7f7034f6c40d9",
"versionType": "git"
},
{
"lessThan": "6689754b121bd487f99680280102b3a5cd7374af",
"status": "affected",
"version": "0e545f57b708630c54c8c5c24ea7f7034f6c40d9",
"versionType": "git"
},
{
"lessThan": "78bdf732cf5d74d1c6ecda06830a91f80a4aef6f",
"status": "affected",
"version": "0e545f57b708630c54c8c5c24ea7f7034f6c40d9",
"versionType": "git"
},
{
"lessThan": "493ceca3271316e74639c89ff8ac35883de64256",
"status": "affected",
"version": "0e545f57b708630c54c8c5c24ea7f7034f6c40d9",
"versionType": "git"
},
{
"lessThan": "71ab83ac65e2d671552374123bf920c1d698335a",
"status": "affected",
"version": "0e545f57b708630c54c8c5c24ea7f7034f6c40d9",
"versionType": "git"
},
{
"lessThan": "49fa778ee044b00471dd9ccae5f6a121fffea1ac",
"status": "affected",
"version": "0e545f57b708630c54c8c5c24ea7f7034f6c40d9",
"versionType": "git"
},
{
"lessThan": "80192eff64eee9b3bc0594a47381937b94b9d65a",
"status": "affected",
"version": "0e545f57b708630c54c8c5c24ea7f7034f6c40d9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/power/reset/arm-versatile-reboot.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.325",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.290",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.254",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.208",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.325",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.290",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.254",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.208",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.134",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe\n\nof_find_matching_node_and_match() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:43.208Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b4d224eec96a18fa8959512cd9e5b6a50bd16a41"
},
{
"url": "https://git.kernel.org/stable/c/a9ed3ad3a8d1dfbc829d86edb3236873a315db11"
},
{
"url": "https://git.kernel.org/stable/c/6689754b121bd487f99680280102b3a5cd7374af"
},
{
"url": "https://git.kernel.org/stable/c/78bdf732cf5d74d1c6ecda06830a91f80a4aef6f"
},
{
"url": "https://git.kernel.org/stable/c/493ceca3271316e74639c89ff8ac35883de64256"
},
{
"url": "https://git.kernel.org/stable/c/71ab83ac65e2d671552374123bf920c1d698335a"
},
{
"url": "https://git.kernel.org/stable/c/49fa778ee044b00471dd9ccae5f6a121fffea1ac"
},
{
"url": "https://git.kernel.org/stable/c/80192eff64eee9b3bc0594a47381937b94b9d65a"
}
],
"title": "power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49609",
"datePublished": "2025-02-26T02:23:32.818Z",
"dateReserved": "2025-02-26T02:21:30.417Z",
"dateUpdated": "2025-10-01T19:36:51.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49378 (GCVE-0-2022-49378)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sfc: fix considering that all channels have TX queues
Normally, all channels have RX and TX queues, but this is not true if
modparam efx_separate_tx_channels=1 is used. In that cases, some
channels only have RX queues and others only TX queues (or more
preciselly, they have them allocated, but not initialized).
Fix efx_channel_has_tx_queues to return the correct value for this case
too.
Messages shown at probe time before the fix:
sfc 0000:03:00.0 ens6f0np0: MC command 0x82 inlen 544 failed rc=-22 (raw=0) arg=0
------------[ cut here ]------------
netdevice: ens6f0np0: failed to initialise TXQ -1
WARNING: CPU: 1 PID: 626 at drivers/net/ethernet/sfc/ef10.c:2393 efx_ef10_tx_init+0x201/0x300 [sfc]
[...] stripped
RIP: 0010:efx_ef10_tx_init+0x201/0x300 [sfc]
[...] stripped
Call Trace:
efx_init_tx_queue+0xaa/0xf0 [sfc]
efx_start_channels+0x49/0x120 [sfc]
efx_start_all+0x1f8/0x430 [sfc]
efx_net_open+0x5a/0xe0 [sfc]
__dev_open+0xd0/0x190
__dev_change_flags+0x1b3/0x220
dev_change_flags+0x21/0x60
[...] stripped
Messages shown at remove time before the fix:
sfc 0000:03:00.0 ens6f0np0: failed to flush 10 queues
sfc 0000:03:00.0 ens6f0np0: failed to flush queues
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/sfc/net_driver.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8f81a4113e1e574d2cbde4f2cd599380a9189c0f",
"status": "affected",
"version": "8700aff089843399f95bc7701ae87b642b35a716",
"versionType": "git"
},
{
"lessThan": "5567d69b95b9c07e1c56f15cf0301251d12e5f97",
"status": "affected",
"version": "8700aff089843399f95bc7701ae87b642b35a716",
"versionType": "git"
},
{
"lessThan": "e7e8d5e25dc762b70f9c88ec6b7d451d0816eead",
"status": "affected",
"version": "8700aff089843399f95bc7701ae87b642b35a716",
"versionType": "git"
},
{
"lessThan": "913d45f02d346ce41c4aad057eaf53a8ed449dc3",
"status": "affected",
"version": "8700aff089843399f95bc7701ae87b642b35a716",
"versionType": "git"
},
{
"lessThan": "2e102b53f8a778f872dc137f4c7ac548705817aa",
"status": "affected",
"version": "8700aff089843399f95bc7701ae87b642b35a716",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/sfc/net_driver.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix considering that all channels have TX queues\n\nNormally, all channels have RX and TX queues, but this is not true if\nmodparam efx_separate_tx_channels=1 is used. In that cases, some\nchannels only have RX queues and others only TX queues (or more\npreciselly, they have them allocated, but not initialized).\n\nFix efx_channel_has_tx_queues to return the correct value for this case\ntoo.\n\nMessages shown at probe time before the fix:\n sfc 0000:03:00.0 ens6f0np0: MC command 0x82 inlen 544 failed rc=-22 (raw=0) arg=0\n ------------[ cut here ]------------\n netdevice: ens6f0np0: failed to initialise TXQ -1\n WARNING: CPU: 1 PID: 626 at drivers/net/ethernet/sfc/ef10.c:2393 efx_ef10_tx_init+0x201/0x300 [sfc]\n [...] stripped\n RIP: 0010:efx_ef10_tx_init+0x201/0x300 [sfc]\n [...] stripped\n Call Trace:\n efx_init_tx_queue+0xaa/0xf0 [sfc]\n efx_start_channels+0x49/0x120 [sfc]\n efx_start_all+0x1f8/0x430 [sfc]\n efx_net_open+0x5a/0xe0 [sfc]\n __dev_open+0xd0/0x190\n __dev_change_flags+0x1b3/0x220\n dev_change_flags+0x21/0x60\n [...] stripped\n\nMessages shown at remove time before the fix:\n sfc 0000:03:00.0 ens6f0np0: failed to flush 10 queues\n sfc 0000:03:00.0 ens6f0np0: failed to flush queues"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:24.847Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8f81a4113e1e574d2cbde4f2cd599380a9189c0f"
},
{
"url": "https://git.kernel.org/stable/c/5567d69b95b9c07e1c56f15cf0301251d12e5f97"
},
{
"url": "https://git.kernel.org/stable/c/e7e8d5e25dc762b70f9c88ec6b7d451d0816eead"
},
{
"url": "https://git.kernel.org/stable/c/913d45f02d346ce41c4aad057eaf53a8ed449dc3"
},
{
"url": "https://git.kernel.org/stable/c/2e102b53f8a778f872dc137f4c7ac548705817aa"
}
],
"title": "sfc: fix considering that all channels have TX queues",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49378",
"datePublished": "2025-02-26T02:11:17.084Z",
"dateReserved": "2025-02-26T02:08:31.558Z",
"dateUpdated": "2025-05-04T08:36:24.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49382 (GCVE-0-2022-49382)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: rockchip: Fix refcount leak in rockchip_grf_init
of_find_matching_node_and_match returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4c58063d4258f6beb4fd5647db6b58f49e337c8f Version: 4c58063d4258f6beb4fd5647db6b58f49e337c8f Version: 4c58063d4258f6beb4fd5647db6b58f49e337c8f Version: 4c58063d4258f6beb4fd5647db6b58f49e337c8f Version: 4c58063d4258f6beb4fd5647db6b58f49e337c8f Version: 4c58063d4258f6beb4fd5647db6b58f49e337c8f Version: 4c58063d4258f6beb4fd5647db6b58f49e337c8f Version: 4c58063d4258f6beb4fd5647db6b58f49e337c8f |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:52.025245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:51.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/rockchip/grf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d5422f323858cad3ac3581075f9a3a5e0d41c0d8",
"status": "affected",
"version": "4c58063d4258f6beb4fd5647db6b58f49e337c8f",
"versionType": "git"
},
{
"lessThan": "28133325526b92921f3269fdf97a20d90b92b217",
"status": "affected",
"version": "4c58063d4258f6beb4fd5647db6b58f49e337c8f",
"versionType": "git"
},
{
"lessThan": "69a30b2ed620c2206cbbd1e9c112e4fc584e02bd",
"status": "affected",
"version": "4c58063d4258f6beb4fd5647db6b58f49e337c8f",
"versionType": "git"
},
{
"lessThan": "5b3e990f85eb034faa461e691e719e8ce9e2a3c8",
"status": "affected",
"version": "4c58063d4258f6beb4fd5647db6b58f49e337c8f",
"versionType": "git"
},
{
"lessThan": "aab25b669cb9fd3698c2631be4435f4fe92d9e59",
"status": "affected",
"version": "4c58063d4258f6beb4fd5647db6b58f49e337c8f",
"versionType": "git"
},
{
"lessThan": "042571fe1d171773655ad706715ecc865913d9a4",
"status": "affected",
"version": "4c58063d4258f6beb4fd5647db6b58f49e337c8f",
"versionType": "git"
},
{
"lessThan": "8f64e84924604bb969ee1fbc4b8d7d09b9214889",
"status": "affected",
"version": "4c58063d4258f6beb4fd5647db6b58f49e337c8f",
"versionType": "git"
},
{
"lessThan": "9b59588d8be91c96bfb0371e912ceb4f16315dbf",
"status": "affected",
"version": "4c58063d4258f6beb4fd5647db6b58f49e337c8f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/rockchip/grf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: rockchip: Fix refcount leak in rockchip_grf_init\n\nof_find_matching_node_and_match returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:29.676Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d5422f323858cad3ac3581075f9a3a5e0d41c0d8"
},
{
"url": "https://git.kernel.org/stable/c/28133325526b92921f3269fdf97a20d90b92b217"
},
{
"url": "https://git.kernel.org/stable/c/69a30b2ed620c2206cbbd1e9c112e4fc584e02bd"
},
{
"url": "https://git.kernel.org/stable/c/5b3e990f85eb034faa461e691e719e8ce9e2a3c8"
},
{
"url": "https://git.kernel.org/stable/c/aab25b669cb9fd3698c2631be4435f4fe92d9e59"
},
{
"url": "https://git.kernel.org/stable/c/042571fe1d171773655ad706715ecc865913d9a4"
},
{
"url": "https://git.kernel.org/stable/c/8f64e84924604bb969ee1fbc4b8d7d09b9214889"
},
{
"url": "https://git.kernel.org/stable/c/9b59588d8be91c96bfb0371e912ceb4f16315dbf"
}
],
"title": "soc: rockchip: Fix refcount leak in rockchip_grf_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49382",
"datePublished": "2025-02-26T02:11:19.294Z",
"dateReserved": "2025-02-26T02:08:31.559Z",
"dateUpdated": "2025-10-01T19:46:51.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49290 (GCVE-0-2022-49290)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mac80211: fix potential double free on mesh join
While commit 6a01afcf8468 ("mac80211: mesh: Free ie data when leaving
mesh") fixed a memory leak on mesh leave / teardown it introduced a
potential memory corruption caused by a double free when rejoining the
mesh:
ieee80211_leave_mesh()
-> kfree(sdata->u.mesh.ie);
...
ieee80211_join_mesh()
-> copy_mesh_setup()
-> old_ie = ifmsh->ie;
-> kfree(old_ie);
This double free / kernel panics can be reproduced by using wpa_supplicant
with an encrypted mesh (if set up without encryption via "iw" then
ifmsh->ie is always NULL, which avoids this issue). And then calling:
$ iw dev mesh0 mesh leave
$ iw dev mesh0 mesh join my-mesh
Note that typically these commands are not used / working when using
wpa_supplicant. And it seems that wpa_supplicant or wpa_cli are going
through a NETDEV_DOWN/NETDEV_UP cycle between a mesh leave and mesh join
where the NETDEV_UP resets the mesh.ie to NULL via a memcpy of
default_mesh_setup in cfg80211_netdev_notifier_call, which then avoids
the memory corruption, too.
The issue was first observed in an application which was not using
wpa_supplicant but "Senf" instead, which implements its own calls to
nl80211.
Fixing the issue by removing the kfree()'ing of the mesh IE in the mesh
join function and leaving it solely up to the mesh leave to free the
mesh IE.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3212d6248faf0efce6b7a718e198feecce0eea05 Version: 86e7d4cd2ed5f4b0188afce8199faffcf1ae7c7e Version: 37bccfa89559a70c044b5ccde3c916a91388e14a Version: 3f15e3e62c80e180282f0cbc5559264e11c328b7 Version: 6a01afcf8468d3ca2bd8bbb27503f60dcf643b20 Version: 6a01afcf8468d3ca2bd8bbb27503f60dcf643b20 Version: 6a01afcf8468d3ca2bd8bbb27503f60dcf643b20 Version: 6a01afcf8468d3ca2bd8bbb27503f60dcf643b20 Version: 6a01afcf8468d3ca2bd8bbb27503f60dcf643b20 Version: 12e9cb1e7c93413112260991d094cfda712fdc97 Version: 4f3193e08602462a806e8f53212e79c60a6f7488 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:45:11.938129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:00.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/cfg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "615716af8644813355e014314a0bc1e961250f5a",
"status": "affected",
"version": "3212d6248faf0efce6b7a718e198feecce0eea05",
"versionType": "git"
},
{
"lessThan": "c1d9c3628ef0a0ca197595d0f9e01cd3b5dda186",
"status": "affected",
"version": "86e7d4cd2ed5f4b0188afce8199faffcf1ae7c7e",
"versionType": "git"
},
{
"lessThan": "273ebddc5fda2967492cb0b6cdd7d81cfb821b76",
"status": "affected",
"version": "37bccfa89559a70c044b5ccde3c916a91388e14a",
"versionType": "git"
},
{
"lessThan": "3bbd0000d012f92aec423b224784fbf0f7bf40f8",
"status": "affected",
"version": "3f15e3e62c80e180282f0cbc5559264e11c328b7",
"versionType": "git"
},
{
"lessThan": "5d3ff9542a40ce034416bca03864709540a36016",
"status": "affected",
"version": "6a01afcf8468d3ca2bd8bbb27503f60dcf643b20",
"versionType": "git"
},
{
"lessThan": "12e407a8ef17623823fd0c066fbd7f103953d28d",
"status": "affected",
"version": "6a01afcf8468d3ca2bd8bbb27503f60dcf643b20",
"versionType": "git"
},
{
"lessThan": "582d8c60c0c053684f7138875e8150d5749ffc17",
"status": "affected",
"version": "6a01afcf8468d3ca2bd8bbb27503f60dcf643b20",
"versionType": "git"
},
{
"lessThan": "46bb87d40683337757a2f902fcd4244b32bb4e86",
"status": "affected",
"version": "6a01afcf8468d3ca2bd8bbb27503f60dcf643b20",
"versionType": "git"
},
{
"lessThan": "4a2d4496e15ea5bb5c8e83b94ca8ca7fb045e7d3",
"status": "affected",
"version": "6a01afcf8468d3ca2bd8bbb27503f60dcf643b20",
"versionType": "git"
},
{
"status": "affected",
"version": "12e9cb1e7c93413112260991d094cfda712fdc97",
"versionType": "git"
},
{
"status": "affected",
"version": "4f3193e08602462a806e8f53212e79c60a6f7488",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/cfg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.188",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.309",
"versionStartIncluding": "4.9.233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.274",
"versionStartIncluding": "4.14.192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.237",
"versionStartIncluding": "4.19.137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.188",
"versionStartIncluding": "5.4.56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.109",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.32",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.18",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.1",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix potential double free on mesh join\n\nWhile commit 6a01afcf8468 (\"mac80211: mesh: Free ie data when leaving\nmesh\") fixed a memory leak on mesh leave / teardown it introduced a\npotential memory corruption caused by a double free when rejoining the\nmesh:\n\n ieee80211_leave_mesh()\n -\u003e kfree(sdata-\u003eu.mesh.ie);\n ...\n ieee80211_join_mesh()\n -\u003e copy_mesh_setup()\n -\u003e old_ie = ifmsh-\u003eie;\n -\u003e kfree(old_ie);\n\nThis double free / kernel panics can be reproduced by using wpa_supplicant\nwith an encrypted mesh (if set up without encryption via \"iw\" then\nifmsh-\u003eie is always NULL, which avoids this issue). And then calling:\n\n $ iw dev mesh0 mesh leave\n $ iw dev mesh0 mesh join my-mesh\n\nNote that typically these commands are not used / working when using\nwpa_supplicant. And it seems that wpa_supplicant or wpa_cli are going\nthrough a NETDEV_DOWN/NETDEV_UP cycle between a mesh leave and mesh join\nwhere the NETDEV_UP resets the mesh.ie to NULL via a memcpy of\ndefault_mesh_setup in cfg80211_netdev_notifier_call, which then avoids\nthe memory corruption, too.\n\nThe issue was first observed in an application which was not using\nwpa_supplicant but \"Senf\" instead, which implements its own calls to\nnl80211.\n\nFixing the issue by removing the kfree()\u0027ing of the mesh IE in the mesh\njoin function and leaving it solely up to the mesh leave to free the\nmesh IE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:25.773Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/615716af8644813355e014314a0bc1e961250f5a"
},
{
"url": "https://git.kernel.org/stable/c/c1d9c3628ef0a0ca197595d0f9e01cd3b5dda186"
},
{
"url": "https://git.kernel.org/stable/c/273ebddc5fda2967492cb0b6cdd7d81cfb821b76"
},
{
"url": "https://git.kernel.org/stable/c/3bbd0000d012f92aec423b224784fbf0f7bf40f8"
},
{
"url": "https://git.kernel.org/stable/c/5d3ff9542a40ce034416bca03864709540a36016"
},
{
"url": "https://git.kernel.org/stable/c/12e407a8ef17623823fd0c066fbd7f103953d28d"
},
{
"url": "https://git.kernel.org/stable/c/582d8c60c0c053684f7138875e8150d5749ffc17"
},
{
"url": "https://git.kernel.org/stable/c/46bb87d40683337757a2f902fcd4244b32bb4e86"
},
{
"url": "https://git.kernel.org/stable/c/4a2d4496e15ea5bb5c8e83b94ca8ca7fb045e7d3"
}
],
"title": "mac80211: fix potential double free on mesh join",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49290",
"datePublished": "2025-02-26T01:56:27.500Z",
"dateReserved": "2025-02-26T01:49:39.302Z",
"dateUpdated": "2025-10-01T19:47:00.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49126 (GCVE-0-2022-49126)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Fix memory leaks
Fix memory leaks related to operational reply queue's memory segments which
are not getting freed while unloading the driver.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:48:28.246318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:03.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/mpi3mr/mpi3mr_fw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5d76a88b8536d75ff5362e232097e85946b8aadf",
"status": "affected",
"version": "c4f7ac64616ee513f9ac4ae6c4d8c3cccb6974df",
"versionType": "git"
},
{
"lessThan": "27fc9e90171ab0a94a411f3fdb3522ef5acb9537",
"status": "affected",
"version": "c4f7ac64616ee513f9ac4ae6c4d8c3cccb6974df",
"versionType": "git"
},
{
"lessThan": "71c7ac65a084ae7d387c3c1d02d59edfdecb009f",
"status": "affected",
"version": "c4f7ac64616ee513f9ac4ae6c4d8c3cccb6974df",
"versionType": "git"
},
{
"lessThan": "d44b5fefb22e139408ae12b864da1ecb9ad9d1d2",
"status": "affected",
"version": "c4f7ac64616ee513f9ac4ae6c4d8c3cccb6974df",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/mpi3mr/mpi3mr_fw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix memory leaks\n\nFix memory leaks related to operational reply queue\u0027s memory segments which\nare not getting freed while unloading the driver."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:33.216Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d76a88b8536d75ff5362e232097e85946b8aadf"
},
{
"url": "https://git.kernel.org/stable/c/27fc9e90171ab0a94a411f3fdb3522ef5acb9537"
},
{
"url": "https://git.kernel.org/stable/c/71c7ac65a084ae7d387c3c1d02d59edfdecb009f"
},
{
"url": "https://git.kernel.org/stable/c/d44b5fefb22e139408ae12b864da1ecb9ad9d1d2"
}
],
"title": "scsi: mpi3mr: Fix memory leaks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49126",
"datePublished": "2025-02-26T01:55:04.161Z",
"dateReserved": "2025-02-26T01:49:39.266Z",
"dateUpdated": "2025-10-01T19:57:03.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49720 (GCVE-0-2022-49720)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: Fix handling of offline queues in blk_mq_alloc_request_hctx()
This patch prevents that test nvme/004 triggers the following:
UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9
index 512 is out of range for type 'long unsigned int [512]'
Call Trace:
show_stack+0x52/0x58
dump_stack_lvl+0x49/0x5e
dump_stack+0x10/0x12
ubsan_epilogue+0x9/0x3b
__ubsan_handle_out_of_bounds.cold+0x44/0x49
blk_mq_alloc_request_hctx+0x304/0x310
__nvme_submit_sync_cmd+0x70/0x200 [nvme_core]
nvmf_connect_io_queue+0x23e/0x2a0 [nvme_fabrics]
nvme_loop_connect_io_queues+0x8d/0xb0 [nvme_loop]
nvme_loop_create_ctrl+0x58e/0x7d0 [nvme_loop]
nvmf_create_ctrl+0x1d7/0x4d0 [nvme_fabrics]
nvmf_dev_write+0xae/0x111 [nvme_fabrics]
vfs_write+0x144/0x560
ksys_write+0xb7/0x140
__x64_sys_write+0x42/0x50
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:32:03.276274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:44.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7fa28a7c3d74933a4fc22d341b60927952f31c19",
"status": "affected",
"version": "20e4d813931961fe26d26a1e98b3aba6ec00b130",
"versionType": "git"
},
{
"lessThan": "b5e65ef044d627effdc2599040b6d204e003f955",
"status": "affected",
"version": "20e4d813931961fe26d26a1e98b3aba6ec00b130",
"versionType": "git"
},
{
"lessThan": "b202a0bd2580ee5b0453772c46d464152fafff73",
"status": "affected",
"version": "20e4d813931961fe26d26a1e98b3aba6ec00b130",
"versionType": "git"
},
{
"lessThan": "14dc7a18abbe4176f5626c13c333670da8e06aa1",
"status": "affected",
"version": "20e4d813931961fe26d26a1e98b3aba6ec00b130",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix handling of offline queues in blk_mq_alloc_request_hctx()\n\nThis patch prevents that test nvme/004 triggers the following:\n\nUBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9\nindex 512 is out of range for type \u0027long unsigned int [512]\u0027\nCall Trace:\n show_stack+0x52/0x58\n dump_stack_lvl+0x49/0x5e\n dump_stack+0x10/0x12\n ubsan_epilogue+0x9/0x3b\n __ubsan_handle_out_of_bounds.cold+0x44/0x49\n blk_mq_alloc_request_hctx+0x304/0x310\n __nvme_submit_sync_cmd+0x70/0x200 [nvme_core]\n nvmf_connect_io_queue+0x23e/0x2a0 [nvme_fabrics]\n nvme_loop_connect_io_queues+0x8d/0xb0 [nvme_loop]\n nvme_loop_create_ctrl+0x58e/0x7d0 [nvme_loop]\n nvmf_create_ctrl+0x1d7/0x4d0 [nvme_fabrics]\n nvmf_dev_write+0xae/0x111 [nvme_fabrics]\n vfs_write+0x144/0x560\n ksys_write+0xb7/0x140\n __x64_sys_write+0x42/0x50\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:44:03.149Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7fa28a7c3d74933a4fc22d341b60927952f31c19"
},
{
"url": "https://git.kernel.org/stable/c/b5e65ef044d627effdc2599040b6d204e003f955"
},
{
"url": "https://git.kernel.org/stable/c/b202a0bd2580ee5b0453772c46d464152fafff73"
},
{
"url": "https://git.kernel.org/stable/c/14dc7a18abbe4176f5626c13c333670da8e06aa1"
}
],
"title": "block: Fix handling of offline queues in blk_mq_alloc_request_hctx()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49720",
"datePublished": "2025-02-26T02:24:34.194Z",
"dateReserved": "2025-02-26T02:21:30.445Z",
"dateUpdated": "2025-10-01T19:36:44.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49370 (GCVE-0-2022-49370)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
kobject_init_and_add() takes reference even when it fails.
According to the doc of kobject_init_and_add()
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object.
Fix this issue by calling kobject_put().
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 Version: 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 Version: 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 Version: 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 Version: 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 Version: 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 Version: 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 Version: 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 Version: 948af1f0bbc8526448e8cbe3f8d3bf211bdf5181 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:21.167334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:53.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/dmi-sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a9bfb37d6ba7c376b0d53337a4c5f5ff324bd725",
"status": "affected",
"version": "948af1f0bbc8526448e8cbe3f8d3bf211bdf5181",
"versionType": "git"
},
{
"lessThan": "ed38d04342dfbe9e5aca745c8b5eb4188a74f0ef",
"status": "affected",
"version": "948af1f0bbc8526448e8cbe3f8d3bf211bdf5181",
"versionType": "git"
},
{
"lessThan": "c66cc3c62870a27ea8f060a7e4c1ad8d26dd3f0d",
"status": "affected",
"version": "948af1f0bbc8526448e8cbe3f8d3bf211bdf5181",
"versionType": "git"
},
{
"lessThan": "a724634b2a49f6ff0177a9e19a5a92fc1545e1b7",
"status": "affected",
"version": "948af1f0bbc8526448e8cbe3f8d3bf211bdf5181",
"versionType": "git"
},
{
"lessThan": "985706bd3bbeffc8737bc05965ca8d24837bc7db",
"status": "affected",
"version": "948af1f0bbc8526448e8cbe3f8d3bf211bdf5181",
"versionType": "git"
},
{
"lessThan": "fdffa4ad8f6bf1ece877edfb807f2b2c729d8578",
"status": "affected",
"version": "948af1f0bbc8526448e8cbe3f8d3bf211bdf5181",
"versionType": "git"
},
{
"lessThan": "3ba359ebe914ac3f8c6c832b28007c14c39d3766",
"status": "affected",
"version": "948af1f0bbc8526448e8cbe3f8d3bf211bdf5181",
"versionType": "git"
},
{
"lessThan": "ec752973aa721ee281d5441e497364637c626c7b",
"status": "affected",
"version": "948af1f0bbc8526448e8cbe3f8d3bf211bdf5181",
"versionType": "git"
},
{
"lessThan": "660ba678f9998aca6db74f2dd912fa5124f0fa31",
"status": "affected",
"version": "948af1f0bbc8526448e8cbe3f8d3bf211bdf5181",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/dmi-sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.39"
},
{
"lessThan": "2.6.39",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "2.6.39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle\n\nkobject_init_and_add() takes reference even when it fails.\nAccording to the doc of kobject_init_and_add()\n\n If this function returns an error, kobject_put() must be called to\n properly clean up the memory associated with the object.\n\nFix this issue by calling kobject_put()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:14.867Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a9bfb37d6ba7c376b0d53337a4c5f5ff324bd725"
},
{
"url": "https://git.kernel.org/stable/c/ed38d04342dfbe9e5aca745c8b5eb4188a74f0ef"
},
{
"url": "https://git.kernel.org/stable/c/c66cc3c62870a27ea8f060a7e4c1ad8d26dd3f0d"
},
{
"url": "https://git.kernel.org/stable/c/a724634b2a49f6ff0177a9e19a5a92fc1545e1b7"
},
{
"url": "https://git.kernel.org/stable/c/985706bd3bbeffc8737bc05965ca8d24837bc7db"
},
{
"url": "https://git.kernel.org/stable/c/fdffa4ad8f6bf1ece877edfb807f2b2c729d8578"
},
{
"url": "https://git.kernel.org/stable/c/3ba359ebe914ac3f8c6c832b28007c14c39d3766"
},
{
"url": "https://git.kernel.org/stable/c/ec752973aa721ee281d5441e497364637c626c7b"
},
{
"url": "https://git.kernel.org/stable/c/660ba678f9998aca6db74f2dd912fa5124f0fa31"
}
],
"title": "firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49370",
"datePublished": "2025-02-26T02:11:13.176Z",
"dateReserved": "2025-02-26T02:08:31.555Z",
"dateUpdated": "2025-10-01T19:46:53.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49525 (GCVE-0-2022-49525)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: cx25821: Fix the warning when removing the module
When removing the module, we will get the following warning:
[ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least 'cx25821[1]'
[ 14.747449] WARNING: CPU: 4 PID: 368 at fs/proc/generic.c:717 remove_proc_entry+0x389/0x3f0
[ 14.751611] RIP: 0010:remove_proc_entry+0x389/0x3f0
[ 14.759589] Call Trace:
[ 14.759792] <TASK>
[ 14.759975] unregister_irq_proc+0x14c/0x170
[ 14.760340] irq_free_descs+0x94/0xe0
[ 14.760640] mp_unmap_irq+0xb6/0x100
[ 14.760937] acpi_unregister_gsi_ioapic+0x27/0x40
[ 14.761334] acpi_pci_irq_disable+0x1d3/0x320
[ 14.761688] pci_disable_device+0x1ad/0x380
[ 14.762027] ? _raw_spin_unlock_irqrestore+0x2d/0x60
[ 14.762442] ? cx25821_shutdown+0x20/0x9f0 [cx25821]
[ 14.762848] cx25821_finidev+0x48/0xc0 [cx25821]
[ 14.763242] pci_device_remove+0x92/0x240
Fix this by freeing the irq before call pci_disable_device().
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/cx25821/cx25821-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4d6295b6d986476232332fffd08575b185f90d81",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5beb85ff7d005ddb7bf604a4f2dc76f01b84b318",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "258639bc55a586ee6df92d89786ccf1c71546d70",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "222292930c8ecc3516e03ec1f9fa8448be7ff496",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3f94169affa33c9db4a439d88f09cb2ed3a33332",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1f0fc1dfb5fdd456657519a97fab83691b96c6a0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9d92291698e5cc35a2b8a1106a01ddd7d60ade2d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "005fd553f5f10fe8618d92f94ad10f9051eac331",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2203436a4d24302871617373a7eb21bc17e38762",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/cx25821/cx25821-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx25821: Fix the warning when removing the module\n\nWhen removing the module, we will get the following warning:\n\n[ 14.746697] remove_proc_entry: removing non-empty directory \u0027irq/21\u0027, leaking at least \u0027cx25821[1]\u0027\n[ 14.747449] WARNING: CPU: 4 PID: 368 at fs/proc/generic.c:717 remove_proc_entry+0x389/0x3f0\n[ 14.751611] RIP: 0010:remove_proc_entry+0x389/0x3f0\n[ 14.759589] Call Trace:\n[ 14.759792] \u003cTASK\u003e\n[ 14.759975] unregister_irq_proc+0x14c/0x170\n[ 14.760340] irq_free_descs+0x94/0xe0\n[ 14.760640] mp_unmap_irq+0xb6/0x100\n[ 14.760937] acpi_unregister_gsi_ioapic+0x27/0x40\n[ 14.761334] acpi_pci_irq_disable+0x1d3/0x320\n[ 14.761688] pci_disable_device+0x1ad/0x380\n[ 14.762027] ? _raw_spin_unlock_irqrestore+0x2d/0x60\n[ 14.762442] ? cx25821_shutdown+0x20/0x9f0 [cx25821]\n[ 14.762848] cx25821_finidev+0x48/0xc0 [cx25821]\n[ 14.763242] pci_device_remove+0x92/0x240\n\nFix this by freeing the irq before call pci_disable_device()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:48.140Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4d6295b6d986476232332fffd08575b185f90d81"
},
{
"url": "https://git.kernel.org/stable/c/5beb85ff7d005ddb7bf604a4f2dc76f01b84b318"
},
{
"url": "https://git.kernel.org/stable/c/258639bc55a586ee6df92d89786ccf1c71546d70"
},
{
"url": "https://git.kernel.org/stable/c/222292930c8ecc3516e03ec1f9fa8448be7ff496"
},
{
"url": "https://git.kernel.org/stable/c/3f94169affa33c9db4a439d88f09cb2ed3a33332"
},
{
"url": "https://git.kernel.org/stable/c/1f0fc1dfb5fdd456657519a97fab83691b96c6a0"
},
{
"url": "https://git.kernel.org/stable/c/9d92291698e5cc35a2b8a1106a01ddd7d60ade2d"
},
{
"url": "https://git.kernel.org/stable/c/005fd553f5f10fe8618d92f94ad10f9051eac331"
},
{
"url": "https://git.kernel.org/stable/c/2203436a4d24302871617373a7eb21bc17e38762"
}
],
"title": "media: cx25821: Fix the warning when removing the module",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49525",
"datePublished": "2025-02-26T02:13:48.674Z",
"dateReserved": "2025-02-26T02:08:31.588Z",
"dateUpdated": "2025-05-04T08:39:48.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49693 (GCVE-0-2022-49693)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
of_graph_get_remote_node() returns remote device node pointer with
refcount incremented, we should use of_node_put() on it
when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Patchwork: https://patchwork.freedesktop.org/patch/488473/
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:32:42.459745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:45.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/mdp4/mdp4_kms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d1592d3e362cc59b29f15019707b16c695d70ca3",
"status": "affected",
"version": "86418f90a4c1a0073db65d8a1e2bf94421117a60",
"versionType": "git"
},
{
"lessThan": "d16a4339825e64f9ddcdff5277982d640bae933b",
"status": "affected",
"version": "86418f90a4c1a0073db65d8a1e2bf94421117a60",
"versionType": "git"
},
{
"lessThan": "3c39a17197733bc37786ed68c83267c2f491840b",
"status": "affected",
"version": "86418f90a4c1a0073db65d8a1e2bf94421117a60",
"versionType": "git"
},
{
"lessThan": "d607da76fd2b1cf1d377af9d9b7c6f8fecbb0e1d",
"status": "affected",
"version": "86418f90a4c1a0073db65d8a1e2bf94421117a60",
"versionType": "git"
},
{
"lessThan": "b9cc4598607cb7f7eae5c75fc1e3209cd52ff5e0",
"status": "affected",
"version": "86418f90a4c1a0073db65d8a1e2bf94421117a60",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/mdp4/mdp4_kms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.202",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf\n\nof_graph_get_remote_node() returns remote device node pointer with\nrefcount incremented, we should use of_node_put() on it\nwhen not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\n\nPatchwork: https://patchwork.freedesktop.org/patch/488473/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:24.409Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d1592d3e362cc59b29f15019707b16c695d70ca3"
},
{
"url": "https://git.kernel.org/stable/c/d16a4339825e64f9ddcdff5277982d640bae933b"
},
{
"url": "https://git.kernel.org/stable/c/3c39a17197733bc37786ed68c83267c2f491840b"
},
{
"url": "https://git.kernel.org/stable/c/d607da76fd2b1cf1d377af9d9b7c6f8fecbb0e1d"
},
{
"url": "https://git.kernel.org/stable/c/b9cc4598607cb7f7eae5c75fc1e3209cd52ff5e0"
}
],
"title": "drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49693",
"datePublished": "2025-02-26T02:24:16.263Z",
"dateReserved": "2025-02-26T02:21:30.442Z",
"dateUpdated": "2025-10-01T19:36:45.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49217 (GCVE-0-2022-49217)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm8001: Fix abort all task initialization
In pm80xx_send_abort_all(), the n_elem field of the ccb used is not
initialized to 0. This missing initialization sometimes lead to the task
completion path seeing the ccb with a non-zero n_elem resulting in the
execution of invalid dma_unmap_sg() calls in pm8001_ccb_task_free(),
causing a crash such as:
[ 197.676341] RIP: 0010:iommu_dma_unmap_sg+0x6d/0x280
[ 197.700204] RSP: 0018:ffff889bbcf89c88 EFLAGS: 00010012
[ 197.705485] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83d0bda0
[ 197.712687] RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff88810dffc0d0
[ 197.719887] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff8881c790098b
[ 197.727089] R10: ffffed1038f20131 R11: 0000000000000001 R12: 0000000000000000
[ 197.734296] R13: ffff88810dffc0d0 R14: 0000000000000010 R15: 0000000000000000
[ 197.741493] FS: 0000000000000000(0000) GS:ffff889bbcf80000(0000) knlGS:0000000000000000
[ 197.749659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 197.755459] CR2: 00007f16c1b42734 CR3: 0000000004814000 CR4: 0000000000350ee0
[ 197.762656] Call Trace:
[ 197.765127] <IRQ>
[ 197.767162] pm8001_ccb_task_free+0x5f1/0x820 [pm80xx]
[ 197.772364] ? do_raw_spin_unlock+0x54/0x220
[ 197.776680] pm8001_mpi_task_abort_resp+0x2ce/0x4f0 [pm80xx]
[ 197.782406] process_oq+0xe85/0x7890 [pm80xx]
[ 197.786817] ? lock_acquire+0x194/0x490
[ 197.790697] ? handle_irq_event+0x10e/0x1b0
[ 197.794920] ? mpi_sata_completion+0x2d70/0x2d70 [pm80xx]
[ 197.800378] ? __wake_up_bit+0x100/0x100
[ 197.804340] ? lock_is_held_type+0x98/0x110
[ 197.808565] pm80xx_chip_isr+0x94/0x130 [pm80xx]
[ 197.813243] tasklet_action_common.constprop.0+0x24b/0x2f0
[ 197.818785] __do_softirq+0x1b5/0x82d
[ 197.822485] ? do_raw_spin_unlock+0x54/0x220
[ 197.826799] __irq_exit_rcu+0x17e/0x1e0
[ 197.830678] irq_exit_rcu+0xa/0x20
[ 197.834114] common_interrupt+0x78/0x90
[ 197.840051] </IRQ>
[ 197.844236] <TASK>
[ 197.848397] asm_common_interrupt+0x1e/0x40
Avoid this issue by always initializing the ccb n_elem field to 0 in
pm8001_send_abort_all(), pm8001_send_read_log() and
pm80xx_send_abort_all().
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c6b9ef5779c3e1edfa9de949d2a51252bc347663 Version: c6b9ef5779c3e1edfa9de949d2a51252bc347663 Version: c6b9ef5779c3e1edfa9de949d2a51252bc347663 Version: c6b9ef5779c3e1edfa9de949d2a51252bc347663 Version: c6b9ef5779c3e1edfa9de949d2a51252bc347663 Version: c6b9ef5779c3e1edfa9de949d2a51252bc347663 Version: c6b9ef5779c3e1edfa9de949d2a51252bc347663 Version: c6b9ef5779c3e1edfa9de949d2a51252bc347663 Version: c6b9ef5779c3e1edfa9de949d2a51252bc347663 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/pm8001/pm8001_hwi.c",
"drivers/scsi/pm8001/pm80xx_hwi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9914461db82caee6c519acfbe10a86fe11bcdeca",
"status": "affected",
"version": "c6b9ef5779c3e1edfa9de949d2a51252bc347663",
"versionType": "git"
},
{
"lessThan": "d6ec4471550cc53e96485a7124c5891e6a38d1c3",
"status": "affected",
"version": "c6b9ef5779c3e1edfa9de949d2a51252bc347663",
"versionType": "git"
},
{
"lessThan": "1824a21b2cedc5774a5adfa74f5f7b90472d8677",
"status": "affected",
"version": "c6b9ef5779c3e1edfa9de949d2a51252bc347663",
"versionType": "git"
},
{
"lessThan": "765674e3b30121782a2b792684554baa48c61f5e",
"status": "affected",
"version": "c6b9ef5779c3e1edfa9de949d2a51252bc347663",
"versionType": "git"
},
{
"lessThan": "279f318bd7d6e04e6e0bc7b8cd8e190da8fa37a4",
"status": "affected",
"version": "c6b9ef5779c3e1edfa9de949d2a51252bc347663",
"versionType": "git"
},
{
"lessThan": "c8db786858d895ac58342f67767b4999ae6538fa",
"status": "affected",
"version": "c6b9ef5779c3e1edfa9de949d2a51252bc347663",
"versionType": "git"
},
{
"lessThan": "326d894adf89f3c707b7784becbe241830daaab6",
"status": "affected",
"version": "c6b9ef5779c3e1edfa9de949d2a51252bc347663",
"versionType": "git"
},
{
"lessThan": "16cd02e0951b520bef324adb9a35afcc92501caf",
"status": "affected",
"version": "c6b9ef5779c3e1edfa9de949d2a51252bc347663",
"versionType": "git"
},
{
"lessThan": "7f12845c8389855dbcc67baa068b6832dc4a396e",
"status": "affected",
"version": "c6b9ef5779c3e1edfa9de949d2a51252bc347663",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/pm8001/pm8001_hwi.c",
"drivers/scsi/pm8001/pm80xx_hwi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix abort all task initialization\n\nIn pm80xx_send_abort_all(), the n_elem field of the ccb used is not\ninitialized to 0. This missing initialization sometimes lead to the task\ncompletion path seeing the ccb with a non-zero n_elem resulting in the\nexecution of invalid dma_unmap_sg() calls in pm8001_ccb_task_free(),\ncausing a crash such as:\n\n[ 197.676341] RIP: 0010:iommu_dma_unmap_sg+0x6d/0x280\n[ 197.700204] RSP: 0018:ffff889bbcf89c88 EFLAGS: 00010012\n[ 197.705485] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff83d0bda0\n[ 197.712687] RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff88810dffc0d0\n[ 197.719887] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff8881c790098b\n[ 197.727089] R10: ffffed1038f20131 R11: 0000000000000001 R12: 0000000000000000\n[ 197.734296] R13: ffff88810dffc0d0 R14: 0000000000000010 R15: 0000000000000000\n[ 197.741493] FS: 0000000000000000(0000) GS:ffff889bbcf80000(0000) knlGS:0000000000000000\n[ 197.749659] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 197.755459] CR2: 00007f16c1b42734 CR3: 0000000004814000 CR4: 0000000000350ee0\n[ 197.762656] Call Trace:\n[ 197.765127] \u003cIRQ\u003e\n[ 197.767162] pm8001_ccb_task_free+0x5f1/0x820 [pm80xx]\n[ 197.772364] ? do_raw_spin_unlock+0x54/0x220\n[ 197.776680] pm8001_mpi_task_abort_resp+0x2ce/0x4f0 [pm80xx]\n[ 197.782406] process_oq+0xe85/0x7890 [pm80xx]\n[ 197.786817] ? lock_acquire+0x194/0x490\n[ 197.790697] ? handle_irq_event+0x10e/0x1b0\n[ 197.794920] ? mpi_sata_completion+0x2d70/0x2d70 [pm80xx]\n[ 197.800378] ? __wake_up_bit+0x100/0x100\n[ 197.804340] ? lock_is_held_type+0x98/0x110\n[ 197.808565] pm80xx_chip_isr+0x94/0x130 [pm80xx]\n[ 197.813243] tasklet_action_common.constprop.0+0x24b/0x2f0\n[ 197.818785] __do_softirq+0x1b5/0x82d\n[ 197.822485] ? do_raw_spin_unlock+0x54/0x220\n[ 197.826799] __irq_exit_rcu+0x17e/0x1e0\n[ 197.830678] irq_exit_rcu+0xa/0x20\n[ 197.834114] common_interrupt+0x78/0x90\n[ 197.840051] \u003c/IRQ\u003e\n[ 197.844236] \u003cTASK\u003e\n[ 197.848397] asm_common_interrupt+0x1e/0x40\n\nAvoid this issue by always initializing the ccb n_elem field to 0 in\npm8001_send_abort_all(), pm8001_send_read_log() and\npm80xx_send_abort_all()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:34.514Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9914461db82caee6c519acfbe10a86fe11bcdeca"
},
{
"url": "https://git.kernel.org/stable/c/d6ec4471550cc53e96485a7124c5891e6a38d1c3"
},
{
"url": "https://git.kernel.org/stable/c/1824a21b2cedc5774a5adfa74f5f7b90472d8677"
},
{
"url": "https://git.kernel.org/stable/c/765674e3b30121782a2b792684554baa48c61f5e"
},
{
"url": "https://git.kernel.org/stable/c/279f318bd7d6e04e6e0bc7b8cd8e190da8fa37a4"
},
{
"url": "https://git.kernel.org/stable/c/c8db786858d895ac58342f67767b4999ae6538fa"
},
{
"url": "https://git.kernel.org/stable/c/326d894adf89f3c707b7784becbe241830daaab6"
},
{
"url": "https://git.kernel.org/stable/c/16cd02e0951b520bef324adb9a35afcc92501caf"
},
{
"url": "https://git.kernel.org/stable/c/7f12845c8389855dbcc67baa068b6832dc4a396e"
}
],
"title": "scsi: pm8001: Fix abort all task initialization",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49217",
"datePublished": "2025-02-26T01:55:51.156Z",
"dateReserved": "2025-02-26T01:49:39.292Z",
"dateUpdated": "2025-05-04T08:32:34.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49522 (GCVE-0-2022-49522)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mmc: jz4740: Apply DMA engine limits to maximum segment size
Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and
limit the maximum segment size based on the DMA engine's capabilities. This
is needed to avoid warnings like the following with CONFIG_DMA_API_DEBUG=y.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 21 at kernel/dma/debug.c:1162 debug_dma_map_sg+0x2f4/0x39c
DMA-API: jz4780-dma 13420000.dma-controller: mapping sg segment longer than device claims to support [len=98304] [max=65536]
CPU: 0 PID: 21 Comm: kworker/0:1H Not tainted 5.18.0-rc1 #19
Workqueue: kblockd blk_mq_run_work_fn
Stack : 81575aec 00000004 80620000 80620000 80620000 805e7358 00000009 801537ac
814c832c 806276e3 806e34b4 80620000 81575aec 00000001 81575ab8 09291444
00000000 00000000 805e7358 81575958 ffffffea 8157596c 00000000 636f6c62
6220646b 80387a70 0000000f 6d5f6b6c 80620000 00000000 81575ba4 00000009
805e170c 80896640 00000001 00010000 00000000 00000000 00006098 806e0000
...
Call Trace:
[<80107670>] show_stack+0x84/0x120
[<80528cd8>] __warn+0xb8/0xec
[<80528d78>] warn_slowpath_fmt+0x6c/0xb8
[<8016f1d4>] debug_dma_map_sg+0x2f4/0x39c
[<80169d4c>] __dma_map_sg_attrs+0xf0/0x118
[<8016a27c>] dma_map_sg_attrs+0x14/0x28
[<804f66b4>] jz4740_mmc_prepare_dma_data+0x74/0xa4
[<804f6714>] jz4740_mmc_pre_request+0x30/0x54
[<804f4ff4>] mmc_blk_mq_issue_rq+0x6e0/0x7bc
[<804f5590>] mmc_mq_queue_rq+0x220/0x2d4
[<8038b2c0>] blk_mq_dispatch_rq_list+0x480/0x664
[<80391040>] blk_mq_do_dispatch_sched+0x2dc/0x370
[<80391468>] __blk_mq_sched_dispatch_requests+0xec/0x164
[<80391540>] blk_mq_sched_dispatch_requests+0x44/0x94
[<80387900>] __blk_mq_run_hw_queue+0xb0/0xcc
[<80134c14>] process_one_work+0x1b8/0x264
[<80134ff8>] worker_thread+0x2ec/0x3b8
[<8013b13c>] kthread+0x104/0x10c
[<80101dcc>] ret_from_kernel_thread+0x14/0x1c
---[ end trace 0000000000000000 ]---
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mmc/host/jz4740_mmc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7923f95997a79cef2ad161a2facae64c25a0bca0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "90281cadf5077f2d2bec8b08c2ead1f8cd12660e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "353298cadbd4c7d8e8a16d6000066414694933c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "807f90f1960a59dc557542b818c484a8db9ac978",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a828920b9ec0d89d3011198d482b7fe224d2de19",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "afadb04f1d6e74b18a253403f5274cde5e3fd7bd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mmc/host/jz4740_mmc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: jz4740: Apply DMA engine limits to maximum segment size\n\nDo what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and\nlimit the maximum segment size based on the DMA engine\u0027s capabilities. This\nis needed to avoid warnings like the following with CONFIG_DMA_API_DEBUG=y.\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 21 at kernel/dma/debug.c:1162 debug_dma_map_sg+0x2f4/0x39c\nDMA-API: jz4780-dma 13420000.dma-controller: mapping sg segment longer than device claims to support [len=98304] [max=65536]\nCPU: 0 PID: 21 Comm: kworker/0:1H Not tainted 5.18.0-rc1 #19\nWorkqueue: kblockd blk_mq_run_work_fn\nStack : 81575aec 00000004 80620000 80620000 80620000 805e7358 00000009 801537ac\n 814c832c 806276e3 806e34b4 80620000 81575aec 00000001 81575ab8 09291444\n 00000000 00000000 805e7358 81575958 ffffffea 8157596c 00000000 636f6c62\n 6220646b 80387a70 0000000f 6d5f6b6c 80620000 00000000 81575ba4 00000009\n 805e170c 80896640 00000001 00010000 00000000 00000000 00006098 806e0000\n ...\nCall Trace:\n[\u003c80107670\u003e] show_stack+0x84/0x120\n[\u003c80528cd8\u003e] __warn+0xb8/0xec\n[\u003c80528d78\u003e] warn_slowpath_fmt+0x6c/0xb8\n[\u003c8016f1d4\u003e] debug_dma_map_sg+0x2f4/0x39c\n[\u003c80169d4c\u003e] __dma_map_sg_attrs+0xf0/0x118\n[\u003c8016a27c\u003e] dma_map_sg_attrs+0x14/0x28\n[\u003c804f66b4\u003e] jz4740_mmc_prepare_dma_data+0x74/0xa4\n[\u003c804f6714\u003e] jz4740_mmc_pre_request+0x30/0x54\n[\u003c804f4ff4\u003e] mmc_blk_mq_issue_rq+0x6e0/0x7bc\n[\u003c804f5590\u003e] mmc_mq_queue_rq+0x220/0x2d4\n[\u003c8038b2c0\u003e] blk_mq_dispatch_rq_list+0x480/0x664\n[\u003c80391040\u003e] blk_mq_do_dispatch_sched+0x2dc/0x370\n[\u003c80391468\u003e] __blk_mq_sched_dispatch_requests+0xec/0x164\n[\u003c80391540\u003e] blk_mq_sched_dispatch_requests+0x44/0x94\n[\u003c80387900\u003e] __blk_mq_run_hw_queue+0xb0/0xcc\n[\u003c80134c14\u003e] process_one_work+0x1b8/0x264\n[\u003c80134ff8\u003e] worker_thread+0x2ec/0x3b8\n[\u003c8013b13c\u003e] kthread+0x104/0x10c\n[\u003c80101dcc\u003e] ret_from_kernel_thread+0x14/0x1c\n\n---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:43.953Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7923f95997a79cef2ad161a2facae64c25a0bca0"
},
{
"url": "https://git.kernel.org/stable/c/90281cadf5077f2d2bec8b08c2ead1f8cd12660e"
},
{
"url": "https://git.kernel.org/stable/c/353298cadbd4c7d8e8a16d6000066414694933c3"
},
{
"url": "https://git.kernel.org/stable/c/807f90f1960a59dc557542b818c484a8db9ac978"
},
{
"url": "https://git.kernel.org/stable/c/a828920b9ec0d89d3011198d482b7fe224d2de19"
},
{
"url": "https://git.kernel.org/stable/c/afadb04f1d6e74b18a253403f5274cde5e3fd7bd"
}
],
"title": "mmc: jz4740: Apply DMA engine limits to maximum segment size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49522",
"datePublished": "2025-02-26T02:13:47.278Z",
"dateReserved": "2025-02-26T02:08:31.588Z",
"dateUpdated": "2025-05-04T08:39:43.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49379 (GCVE-0-2022-49379)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction
Mounting NFS rootfs was timing out when deferred_probe_timeout was
non-zero [1]. This was because ip_auto_config() initcall times out
waiting for the network interfaces to show up when
deferred_probe_timeout was non-zero. While ip_auto_config() calls
wait_for_device_probe() to make sure any currently running deferred
probe work or asynchronous probe finishes, that wasn't sufficient to
account for devices being deferred until deferred_probe_timeout.
Commit 35a672363ab3 ("driver core: Ensure wait_for_device_probe() waits
until the deferred_probe_timeout fires") tried to fix that by making
sure wait_for_device_probe() waits for deferred_probe_timeout to expire
before returning.
However, if wait_for_device_probe() is called from the kernel_init()
context:
- Before deferred_probe_initcall() [2], it causes the boot process to
hang due to a deadlock.
- After deferred_probe_initcall() [3], it blocks kernel_init() from
continuing till deferred_probe_timeout expires and beats the point of
deferred_probe_timeout that's trying to wait for userspace to load
modules.
Neither of this is good. So revert the changes to
wait_for_device_probe().
[1] - https://lore.kernel.org/lkml/TYAPR01MB45443DF63B9EF29054F7C41FD8C60@TYAPR01MB4544.jpnprd01.prod.outlook.com/
[2] - https://lore.kernel.org/lkml/YowHNo4sBjr9ijZr@dev-arch.thelio-3990X/
[3] - https://lore.kernel.org/lkml/Yo3WvGnNk3LvLb7R@linutronix.de/
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/dd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "71cbce75031aed26c72c2dc8a83111d181685f1b",
"status": "affected",
"version": "35a672363ab3e8dfe4ebcadb4dd0b2d06bb85ebe",
"versionType": "git"
},
{
"lessThan": "29357883a89193863f3cc6a2c5e0b42ceb022761",
"status": "affected",
"version": "35a672363ab3e8dfe4ebcadb4dd0b2d06bb85ebe",
"versionType": "git"
},
{
"lessThan": "528229474e1cbb1b3451cb713d94aecb5f6ee264",
"status": "affected",
"version": "35a672363ab3e8dfe4ebcadb4dd0b2d06bb85ebe",
"versionType": "git"
},
{
"lessThan": "4ad6af07efcca85369c21e4897b3020cff2c170b",
"status": "affected",
"version": "35a672363ab3e8dfe4ebcadb4dd0b2d06bb85ebe",
"versionType": "git"
},
{
"lessThan": "5ee76c256e928455212ab759c51d198fedbe7523",
"status": "affected",
"version": "35a672363ab3e8dfe4ebcadb4dd0b2d06bb85ebe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/dd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: Fix wait_for_device_probe() \u0026 deferred_probe_timeout interaction\n\nMounting NFS rootfs was timing out when deferred_probe_timeout was\nnon-zero [1]. This was because ip_auto_config() initcall times out\nwaiting for the network interfaces to show up when\ndeferred_probe_timeout was non-zero. While ip_auto_config() calls\nwait_for_device_probe() to make sure any currently running deferred\nprobe work or asynchronous probe finishes, that wasn\u0027t sufficient to\naccount for devices being deferred until deferred_probe_timeout.\n\nCommit 35a672363ab3 (\"driver core: Ensure wait_for_device_probe() waits\nuntil the deferred_probe_timeout fires\") tried to fix that by making\nsure wait_for_device_probe() waits for deferred_probe_timeout to expire\nbefore returning.\n\nHowever, if wait_for_device_probe() is called from the kernel_init()\ncontext:\n\n- Before deferred_probe_initcall() [2], it causes the boot process to\n hang due to a deadlock.\n\n- After deferred_probe_initcall() [3], it blocks kernel_init() from\n continuing till deferred_probe_timeout expires and beats the point of\n deferred_probe_timeout that\u0027s trying to wait for userspace to load\n modules.\n\nNeither of this is good. So revert the changes to\nwait_for_device_probe().\n\n[1] - https://lore.kernel.org/lkml/TYAPR01MB45443DF63B9EF29054F7C41FD8C60@TYAPR01MB4544.jpnprd01.prod.outlook.com/\n[2] - https://lore.kernel.org/lkml/YowHNo4sBjr9ijZr@dev-arch.thelio-3990X/\n[3] - https://lore.kernel.org/lkml/Yo3WvGnNk3LvLb7R@linutronix.de/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:25.934Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/71cbce75031aed26c72c2dc8a83111d181685f1b"
},
{
"url": "https://git.kernel.org/stable/c/29357883a89193863f3cc6a2c5e0b42ceb022761"
},
{
"url": "https://git.kernel.org/stable/c/528229474e1cbb1b3451cb713d94aecb5f6ee264"
},
{
"url": "https://git.kernel.org/stable/c/4ad6af07efcca85369c21e4897b3020cff2c170b"
},
{
"url": "https://git.kernel.org/stable/c/5ee76c256e928455212ab759c51d198fedbe7523"
}
],
"title": "driver core: Fix wait_for_device_probe() \u0026 deferred_probe_timeout interaction",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49379",
"datePublished": "2025-02-26T02:11:17.795Z",
"dateReserved": "2025-02-26T02:08:31.558Z",
"dateUpdated": "2025-05-04T08:36:25.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49116 (GCVE-0-2022-49116)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: use memset avoid memory leaks
Use memset to initialize structs to prevent memory leaks
in l2cap_ecred_connect
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:48:46.556414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:04.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/l2cap_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9567d54e70ff58c2695c2cc2e53c86c67551d3e6",
"status": "affected",
"version": "da49b602f7f75ccc91386e1274b3ef71676cd092",
"versionType": "git"
},
{
"lessThan": "42b6a39f439b6f37cc2024d91ce547d83290ff78",
"status": "affected",
"version": "da49b602f7f75ccc91386e1274b3ef71676cd092",
"versionType": "git"
},
{
"lessThan": "e9e55acee9b7a737ec7f5161b94a78932a5514c8",
"status": "affected",
"version": "da49b602f7f75ccc91386e1274b3ef71676cd092",
"versionType": "git"
},
{
"lessThan": "d588c183a971b85c775ad66da563ee6e8bc8158f",
"status": "affected",
"version": "da49b602f7f75ccc91386e1274b3ef71676cd092",
"versionType": "git"
},
{
"lessThan": "d3715b2333e9a21692ba16ef8645eda584a9515d",
"status": "affected",
"version": "da49b602f7f75ccc91386e1274b3ef71676cd092",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/l2cap_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: use memset avoid memory leaks\n\nUse memset to initialize structs to prevent memory leaks\nin l2cap_ecred_connect"
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:56:14.711Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9567d54e70ff58c2695c2cc2e53c86c67551d3e6"
},
{
"url": "https://git.kernel.org/stable/c/42b6a39f439b6f37cc2024d91ce547d83290ff78"
},
{
"url": "https://git.kernel.org/stable/c/e9e55acee9b7a737ec7f5161b94a78932a5514c8"
},
{
"url": "https://git.kernel.org/stable/c/d588c183a971b85c775ad66da563ee6e8bc8158f"
},
{
"url": "https://git.kernel.org/stable/c/d3715b2333e9a21692ba16ef8645eda584a9515d"
}
],
"title": "Bluetooth: use memset avoid memory leaks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49116",
"datePublished": "2025-02-26T01:54:59.129Z",
"dateReserved": "2025-02-26T01:49:39.263Z",
"dateUpdated": "2025-10-01T19:57:04.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47631 (GCVE-0-2021-47631)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: davinci: da850-evm: Avoid NULL pointer dereference
With newer versions of GCC, there is a panic in da850_evm_config_emac()
when booting multi_v5_defconfig in QEMU under the palmetto-bmc machine:
Unable to handle kernel NULL pointer dereference at virtual address 00000020
pgd = (ptrval)
[00000020] *pgd=00000000
Internal error: Oops: 5 [#1] PREEMPT ARM
Modules linked in:
CPU: 0 PID: 1 Comm: swapper Not tainted 5.15.0 #1
Hardware name: Generic DT based system
PC is at da850_evm_config_emac+0x1c/0x120
LR is at do_one_initcall+0x50/0x1e0
The emac_pdata pointer in soc_info is NULL because davinci_soc_info only
gets populated on davinci machines but da850_evm_config_emac() is called
on all machines via device_initcall().
Move the rmii_en assignment below the machine check so that it is only
dereferenced when running on a supported SoC.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bae105879f2f2404155da6f50b3636193d228a62 Version: bae105879f2f2404155da6f50b3636193d228a62 Version: bae105879f2f2404155da6f50b3636193d228a62 Version: bae105879f2f2404155da6f50b3636193d228a62 Version: bae105879f2f2404155da6f50b3636193d228a62 Version: bae105879f2f2404155da6f50b3636193d228a62 Version: bae105879f2f2404155da6f50b3636193d228a62 Version: bae105879f2f2404155da6f50b3636193d228a62 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:51:01.274417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:09.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-davinci/board-da850-evm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c06f476e5b74bcabb8c4a2fba55864a37e62843b",
"status": "affected",
"version": "bae105879f2f2404155da6f50b3636193d228a62",
"versionType": "git"
},
{
"lessThan": "a12b356d45cbb6e8a1b718d1436b3d6239a862f3",
"status": "affected",
"version": "bae105879f2f2404155da6f50b3636193d228a62",
"versionType": "git"
},
{
"lessThan": "c64e2ed5cc376e137e572babfd2edc38b2cfb61b",
"status": "affected",
"version": "bae105879f2f2404155da6f50b3636193d228a62",
"versionType": "git"
},
{
"lessThan": "89931d4762572aaee6edbe5673d41f8082de110f",
"status": "affected",
"version": "bae105879f2f2404155da6f50b3636193d228a62",
"versionType": "git"
},
{
"lessThan": "0a312ec66a03133d28570f07bc52749ccfef54da",
"status": "affected",
"version": "bae105879f2f2404155da6f50b3636193d228a62",
"versionType": "git"
},
{
"lessThan": "0940795c6834fbe7705acc5c3d4b2f7a5f67527a",
"status": "affected",
"version": "bae105879f2f2404155da6f50b3636193d228a62",
"versionType": "git"
},
{
"lessThan": "c5628533a3ece64235d04fe11ec44d2be99e423d",
"status": "affected",
"version": "bae105879f2f2404155da6f50b3636193d228a62",
"versionType": "git"
},
{
"lessThan": "83a1cde5c74bfb44b49cb2a940d044bb2380f4ea",
"status": "affected",
"version": "bae105879f2f2404155da6f50b3636193d228a62",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-davinci/board-da850-evm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.239",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.239",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.190",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.112",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.35",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: davinci: da850-evm: Avoid NULL pointer dereference\n\nWith newer versions of GCC, there is a panic in da850_evm_config_emac()\nwhen booting multi_v5_defconfig in QEMU under the palmetto-bmc machine:\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000020\npgd = (ptrval)\n[00000020] *pgd=00000000\nInternal error: Oops: 5 [#1] PREEMPT ARM\nModules linked in:\nCPU: 0 PID: 1 Comm: swapper Not tainted 5.15.0 #1\nHardware name: Generic DT based system\nPC is at da850_evm_config_emac+0x1c/0x120\nLR is at do_one_initcall+0x50/0x1e0\n\nThe emac_pdata pointer in soc_info is NULL because davinci_soc_info only\ngets populated on davinci machines but da850_evm_config_emac() is called\non all machines via device_initcall().\n\nMove the rmii_en assignment below the machine check so that it is only\ndereferenced when running on a supported SoC."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:09.911Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c06f476e5b74bcabb8c4a2fba55864a37e62843b"
},
{
"url": "https://git.kernel.org/stable/c/a12b356d45cbb6e8a1b718d1436b3d6239a862f3"
},
{
"url": "https://git.kernel.org/stable/c/c64e2ed5cc376e137e572babfd2edc38b2cfb61b"
},
{
"url": "https://git.kernel.org/stable/c/89931d4762572aaee6edbe5673d41f8082de110f"
},
{
"url": "https://git.kernel.org/stable/c/0a312ec66a03133d28570f07bc52749ccfef54da"
},
{
"url": "https://git.kernel.org/stable/c/0940795c6834fbe7705acc5c3d4b2f7a5f67527a"
},
{
"url": "https://git.kernel.org/stable/c/c5628533a3ece64235d04fe11ec44d2be99e423d"
},
{
"url": "https://git.kernel.org/stable/c/83a1cde5c74bfb44b49cb2a940d044bb2380f4ea"
}
],
"title": "ARM: davinci: da850-evm: Avoid NULL pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47631",
"datePublished": "2025-02-26T01:54:07.513Z",
"dateReserved": "2025-02-26T01:48:21.518Z",
"dateUpdated": "2025-10-01T19:57:09.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49463 (GCVE-0-2022-49463)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe
of_find_node_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:40:03.403188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:46.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/imx_sc_thermal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8bbf522a2c51ef939d0e8835e236bfcd252193af",
"status": "affected",
"version": "e20db70dba1c0783b9878ce37171ad560b1ebaf3",
"versionType": "git"
},
{
"lessThan": "3ade442ea5d3512a3c67984489ab4d8a6fb3b29f",
"status": "affected",
"version": "e20db70dba1c0783b9878ce37171ad560b1ebaf3",
"versionType": "git"
},
{
"lessThan": "0ec10303c10833c1bcba7a1bde2f297e494d5464",
"status": "affected",
"version": "e20db70dba1c0783b9878ce37171ad560b1ebaf3",
"versionType": "git"
},
{
"lessThan": "ec0925b731697db7cab5944a3e55d2d58bb3d075",
"status": "affected",
"version": "e20db70dba1c0783b9878ce37171ad560b1ebaf3",
"versionType": "git"
},
{
"lessThan": "09700c504d8e63faffd2a2235074e8c5d130cb8f",
"status": "affected",
"version": "e20db70dba1c0783b9878ce37171ad560b1ebaf3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/imx_sc_thermal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe\n\nof_find_node_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:16.963Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8bbf522a2c51ef939d0e8835e236bfcd252193af"
},
{
"url": "https://git.kernel.org/stable/c/3ade442ea5d3512a3c67984489ab4d8a6fb3b29f"
},
{
"url": "https://git.kernel.org/stable/c/0ec10303c10833c1bcba7a1bde2f297e494d5464"
},
{
"url": "https://git.kernel.org/stable/c/ec0925b731697db7cab5944a3e55d2d58bb3d075"
},
{
"url": "https://git.kernel.org/stable/c/09700c504d8e63faffd2a2235074e8c5d130cb8f"
}
],
"title": "thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49463",
"datePublished": "2025-02-26T02:13:09.673Z",
"dateReserved": "2025-02-26T02:08:31.576Z",
"dateUpdated": "2025-10-01T19:46:46.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49196 (GCVE-0-2022-49196)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries: Fix use after free in remove_phb_dynamic()
In remove_phb_dynamic() we use &phb->io_resource, after we've called
device_unregister(&host_bridge->dev). But the unregister may have freed
phb, because pcibios_free_controller_deferred() is the release function
for the host_bridge.
If there are no outstanding references when we call device_unregister()
then phb will be freed out from under us.
This has gone mainly unnoticed, but with slub_debug and page_poison
enabled it can lead to a crash:
PID: 7574 TASK: c0000000d492cb80 CPU: 13 COMMAND: "drmgr"
#0 [c0000000e4f075a0] crash_kexec at c00000000027d7dc
#1 [c0000000e4f075d0] oops_end at c000000000029608
#2 [c0000000e4f07650] __bad_page_fault at c0000000000904b4
#3 [c0000000e4f076c0] do_bad_slb_fault at c00000000009a5a8
#4 [c0000000e4f076f0] data_access_slb_common_virt at c000000000008b30
Data SLB Access [380] exception frame:
R0: c000000000167250 R1: c0000000e4f07a00 R2: c000000002a46100
R3: c000000002b39ce8 R4: 00000000000000c0 R5: 00000000000000a9
R6: 3894674d000000c0 R7: 0000000000000000 R8: 00000000000000ff
R9: 0000000000000100 R10: 6b6b6b6b6b6b6b6b R11: 0000000000008000
R12: c00000000023da80 R13: c0000009ffd38b00 R14: 0000000000000000
R15: 000000011c87f0f0 R16: 0000000000000006 R17: 0000000000000003
R18: 0000000000000002 R19: 0000000000000004 R20: 0000000000000005
R21: 000000011c87ede8 R22: 000000011c87c5a8 R23: 000000011c87d3a0
R24: 0000000000000000 R25: 0000000000000001 R26: c0000000e4f07cc8
R27: c00000004d1cc400 R28: c0080000031d00e8 R29: c00000004d23d800
R30: c00000004d1d2400 R31: c00000004d1d2540
NIP: c000000000167258 MSR: 8000000000009033 OR3: c000000000e9f474
CTR: 0000000000000000 LR: c000000000167250 XER: 0000000020040003
CCR: 0000000024088420 MQ: 0000000000000000 DAR: 6b6b6b6b6b6b6ba3
DSISR: c0000000e4f07920 Syscall Result: fffffffffffffff2
[NIP : release_resource+56]
[LR : release_resource+48]
#5 [c0000000e4f07a00] release_resource at c000000000167258 (unreliable)
#6 [c0000000e4f07a30] remove_phb_dynamic at c000000000105648
#7 [c0000000e4f07ab0] dlpar_remove_slot at c0080000031a09e8 [rpadlpar_io]
#8 [c0000000e4f07b50] remove_slot_store at c0080000031a0b9c [rpadlpar_io]
#9 [c0000000e4f07be0] kobj_attr_store at c000000000817d8c
#10 [c0000000e4f07c00] sysfs_kf_write at c00000000063e504
#11 [c0000000e4f07c20] kernfs_fop_write_iter at c00000000063d868
#12 [c0000000e4f07c70] new_sync_write at c00000000054339c
#13 [c0000000e4f07d10] vfs_write at c000000000546624
#14 [c0000000e4f07d60] ksys_write at c0000000005469f4
#15 [c0000000e4f07db0] system_call_exception at c000000000030840
#16 [c0000000e4f07e10] system_call_vectored_common at c00000000000c168
To avoid it, we can take a reference to the host_bridge->dev until we're
done using phb. Then when we drop the reference the phb will be freed.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2dd9c11b9d4dfbd6c070eab7b81197f65e82f1a0 Version: 2dd9c11b9d4dfbd6c070eab7b81197f65e82f1a0 Version: 2dd9c11b9d4dfbd6c070eab7b81197f65e82f1a0 Version: 2dd9c11b9d4dfbd6c070eab7b81197f65e82f1a0 Version: c3e740838fe3117413425c956ac56a5724ccd9f9 Version: 83573addff2b4e16df9fad9a561a0d77d554b370 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T18:03:23.162575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T17:19:08.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/pseries/pci_dlpar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "33d39efb61a84e055ca2386157d39ebbdf6b7d31",
"status": "affected",
"version": "2dd9c11b9d4dfbd6c070eab7b81197f65e82f1a0",
"versionType": "git"
},
{
"lessThan": "403f9e0bc5535a0a5184d1352fa3a70e6ffacb6f",
"status": "affected",
"version": "2dd9c11b9d4dfbd6c070eab7b81197f65e82f1a0",
"versionType": "git"
},
{
"lessThan": "895ca4ae1f72e0a0160ab162723e59c9f265ec93",
"status": "affected",
"version": "2dd9c11b9d4dfbd6c070eab7b81197f65e82f1a0",
"versionType": "git"
},
{
"lessThan": "fe2640bd7a62f1f7c3f55fbda31084085075bc30",
"status": "affected",
"version": "2dd9c11b9d4dfbd6c070eab7b81197f65e82f1a0",
"versionType": "git"
},
{
"status": "affected",
"version": "c3e740838fe3117413425c956ac56a5724ccd9f9",
"versionType": "git"
},
{
"status": "affected",
"version": "83573addff2b4e16df9fad9a561a0d77d554b370",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/pseries/pci_dlpar.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix use after free in remove_phb_dynamic()\n\nIn remove_phb_dynamic() we use \u0026phb-\u003eio_resource, after we\u0027ve called\ndevice_unregister(\u0026host_bridge-\u003edev). But the unregister may have freed\nphb, because pcibios_free_controller_deferred() is the release function\nfor the host_bridge.\n\nIf there are no outstanding references when we call device_unregister()\nthen phb will be freed out from under us.\n\nThis has gone mainly unnoticed, but with slub_debug and page_poison\nenabled it can lead to a crash:\n\n PID: 7574 TASK: c0000000d492cb80 CPU: 13 COMMAND: \"drmgr\"\n #0 [c0000000e4f075a0] crash_kexec at c00000000027d7dc\n #1 [c0000000e4f075d0] oops_end at c000000000029608\n #2 [c0000000e4f07650] __bad_page_fault at c0000000000904b4\n #3 [c0000000e4f076c0] do_bad_slb_fault at c00000000009a5a8\n #4 [c0000000e4f076f0] data_access_slb_common_virt at c000000000008b30\n Data SLB Access [380] exception frame:\n R0: c000000000167250 R1: c0000000e4f07a00 R2: c000000002a46100\n R3: c000000002b39ce8 R4: 00000000000000c0 R5: 00000000000000a9\n R6: 3894674d000000c0 R7: 0000000000000000 R8: 00000000000000ff\n R9: 0000000000000100 R10: 6b6b6b6b6b6b6b6b R11: 0000000000008000\n R12: c00000000023da80 R13: c0000009ffd38b00 R14: 0000000000000000\n R15: 000000011c87f0f0 R16: 0000000000000006 R17: 0000000000000003\n R18: 0000000000000002 R19: 0000000000000004 R20: 0000000000000005\n R21: 000000011c87ede8 R22: 000000011c87c5a8 R23: 000000011c87d3a0\n R24: 0000000000000000 R25: 0000000000000001 R26: c0000000e4f07cc8\n R27: c00000004d1cc400 R28: c0080000031d00e8 R29: c00000004d23d800\n R30: c00000004d1d2400 R31: c00000004d1d2540\n NIP: c000000000167258 MSR: 8000000000009033 OR3: c000000000e9f474\n CTR: 0000000000000000 LR: c000000000167250 XER: 0000000020040003\n CCR: 0000000024088420 MQ: 0000000000000000 DAR: 6b6b6b6b6b6b6ba3\n DSISR: c0000000e4f07920 Syscall Result: fffffffffffffff2\n [NIP : release_resource+56]\n [LR : release_resource+48]\n #5 [c0000000e4f07a00] release_resource at c000000000167258 (unreliable)\n #6 [c0000000e4f07a30] remove_phb_dynamic at c000000000105648\n #7 [c0000000e4f07ab0] dlpar_remove_slot at c0080000031a09e8 [rpadlpar_io]\n #8 [c0000000e4f07b50] remove_slot_store at c0080000031a0b9c [rpadlpar_io]\n #9 [c0000000e4f07be0] kobj_attr_store at c000000000817d8c\n #10 [c0000000e4f07c00] sysfs_kf_write at c00000000063e504\n #11 [c0000000e4f07c20] kernfs_fop_write_iter at c00000000063d868\n #12 [c0000000e4f07c70] new_sync_write at c00000000054339c\n #13 [c0000000e4f07d10] vfs_write at c000000000546624\n #14 [c0000000e4f07d60] ksys_write at c0000000005469f4\n #15 [c0000000e4f07db0] system_call_exception at c000000000030840\n #16 [c0000000e4f07e10] system_call_vectored_common at c00000000000c168\n\nTo avoid it, we can take a reference to the host_bridge-\u003edev until we\u0027re\ndone using phb. Then when we drop the reference the phb will be freed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:21.162Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/33d39efb61a84e055ca2386157d39ebbdf6b7d31"
},
{
"url": "https://git.kernel.org/stable/c/403f9e0bc5535a0a5184d1352fa3a70e6ffacb6f"
},
{
"url": "https://git.kernel.org/stable/c/895ca4ae1f72e0a0160ab162723e59c9f265ec93"
},
{
"url": "https://git.kernel.org/stable/c/fe2640bd7a62f1f7c3f55fbda31084085075bc30"
}
],
"title": "powerpc/pseries: Fix use after free in remove_phb_dynamic()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49196",
"datePublished": "2025-02-26T01:55:40.626Z",
"dateReserved": "2025-02-26T01:49:39.290Z",
"dateUpdated": "2025-05-04T12:44:21.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49409 (GCVE-0-2022-49409)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix bug_on in __es_tree_search
Hulk Robot reported a BUG_ON:
==================================================================
kernel BUG at fs/ext4/extents_status.c:199!
[...]
RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline]
RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217
[...]
Call Trace:
ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766
ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561
ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964
ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384
ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567
ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980
ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031
ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257
v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63
v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82
vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368
dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490
ext4_quota_enable fs/ext4/super.c:6137 [inline]
ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163
ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754
mount_bdev+0x2e9/0x3b0 fs/super.c:1158
mount_fs+0x4b/0x1e4 fs/super.c:1261
[...]
==================================================================
Above issue may happen as follows:
-------------------------------------
ext4_fill_super
ext4_enable_quotas
ext4_quota_enable
ext4_iget
__ext4_iget
ext4_ext_check_inode
ext4_ext_check
__ext4_ext_check
ext4_valid_extent_entries
Check for overlapping extents does't take effect
dquot_enable
vfs_load_quota_inode
v2_check_quota_file
v2_read_header
ext4_quota_read
ext4_bread
ext4_getblk
ext4_map_blocks
ext4_ext_map_blocks
ext4_find_extent
ext4_cache_extents
ext4_es_cache_extent
ext4_es_cache_extent
__es_tree_search
ext4_es_end
BUG_ON(es->es_lblk + es->es_len < es->es_lblk)
The error ext4 extents is as follows:
0af3 0300 0400 0000 00000000 extent_header
00000000 0100 0000 12000000 extent1
00000000 0100 0000 18000000 extent2
02000000 0400 0000 14000000 extent3
In the ext4_valid_extent_entries function,
if prev is 0, no error is returned even if lblock<=prev.
This was intended to skip the check on the first extent, but
in the error image above, prev=0+1-1=0 when checking the second extent,
so even though lblock<=prev, the function does not return an error.
As a result, bug_ON occurs in __es_tree_search and the system panics.
To solve this problem, we only need to check that:
1. The lblock of the first extent is not less than 0.
2. The lblock of the next extent is not less than
the next block of the previous extent.
The same applies to extent_idx.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 5946d089379a35dda0e531710b48fca05446a196 Version: 5946d089379a35dda0e531710b48fca05446a196 Version: 5946d089379a35dda0e531710b48fca05446a196 Version: 5946d089379a35dda0e531710b48fca05446a196 Version: 5946d089379a35dda0e531710b48fca05446a196 Version: 5946d089379a35dda0e531710b48fca05446a196 Version: 4645e4ee32aee01a85bdc03348982a65c65ce216 Version: a1192c0e5d037def6763f3873d3340615c241fe7 Version: ae21dda05193c441bde106a4bbf88c185a68fbed Version: ea214c946ee77588c4313be3e9951edd25d6b270 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d0083459e2b6b07ebd78bea2fe684a19cc0f3d0f",
"status": "affected",
"version": "5946d089379a35dda0e531710b48fca05446a196",
"versionType": "git"
},
{
"lessThan": "4fd58b5cf118d2d9038a0b8c9cc0e43096297686",
"status": "affected",
"version": "5946d089379a35dda0e531710b48fca05446a196",
"versionType": "git"
},
{
"lessThan": "3c617827cd51018bc377bd2954e176920ddbcfad",
"status": "affected",
"version": "5946d089379a35dda0e531710b48fca05446a196",
"versionType": "git"
},
{
"lessThan": "59cf2fabbfe76de29d88dd7ae69858a25735b59f",
"status": "affected",
"version": "5946d089379a35dda0e531710b48fca05446a196",
"versionType": "git"
},
{
"lessThan": "ea6ea18b3ab0c0d7fefffb3c4d27df758b1c790a",
"status": "affected",
"version": "5946d089379a35dda0e531710b48fca05446a196",
"versionType": "git"
},
{
"lessThan": "d36f6ed761b53933b0b4126486c10d3da7751e7f",
"status": "affected",
"version": "5946d089379a35dda0e531710b48fca05446a196",
"versionType": "git"
},
{
"status": "affected",
"version": "4645e4ee32aee01a85bdc03348982a65c65ce216",
"versionType": "git"
},
{
"status": "affected",
"version": "a1192c0e5d037def6763f3873d3340615c241fe7",
"versionType": "git"
},
{
"status": "affected",
"version": "ae21dda05193c441bde106a4bbf88c185a68fbed",
"versionType": "git"
},
{
"status": "affected",
"version": "ea214c946ee77588c4313be3e9951edd25d6b270",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.277",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.277",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug_on in __es_tree_search\n\nHulk Robot reported a BUG_ON:\n==================================================================\nkernel BUG at fs/ext4/extents_status.c:199!\n[...]\nRIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline]\nRIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217\n[...]\nCall Trace:\n ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766\n ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561\n ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964\n ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384\n ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567\n ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980\n ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031\n ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257\n v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63\n v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82\n vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368\n dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490\n ext4_quota_enable fs/ext4/super.c:6137 [inline]\n ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163\n ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754\n mount_bdev+0x2e9/0x3b0 fs/super.c:1158\n mount_fs+0x4b/0x1e4 fs/super.c:1261\n[...]\n==================================================================\n\nAbove issue may happen as follows:\n-------------------------------------\next4_fill_super\n ext4_enable_quotas\n ext4_quota_enable\n ext4_iget\n __ext4_iget\n ext4_ext_check_inode\n ext4_ext_check\n __ext4_ext_check\n ext4_valid_extent_entries\n Check for overlapping extents does\u0027t take effect\n dquot_enable\n vfs_load_quota_inode\n v2_check_quota_file\n v2_read_header\n ext4_quota_read\n ext4_bread\n ext4_getblk\n ext4_map_blocks\n ext4_ext_map_blocks\n ext4_find_extent\n ext4_cache_extents\n ext4_es_cache_extent\n ext4_es_cache_extent\n __es_tree_search\n ext4_es_end\n BUG_ON(es-\u003ees_lblk + es-\u003ees_len \u003c es-\u003ees_lblk)\n\nThe error ext4 extents is as follows:\n0af3 0300 0400 0000 00000000 extent_header\n00000000 0100 0000 12000000 extent1\n00000000 0100 0000 18000000 extent2\n02000000 0400 0000 14000000 extent3\n\nIn the ext4_valid_extent_entries function,\nif prev is 0, no error is returned even if lblock\u003c=prev.\nThis was intended to skip the check on the first extent, but\nin the error image above, prev=0+1-1=0 when checking the second extent,\nso even though lblock\u003c=prev, the function does not return an error.\nAs a result, bug_ON occurs in __es_tree_search and the system panics.\n\nTo solve this problem, we only need to check that:\n1. The lblock of the first extent is not less than 0.\n2. The lblock of the next extent is not less than\n the next block of the previous extent.\nThe same applies to extent_idx."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:39.209Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d0083459e2b6b07ebd78bea2fe684a19cc0f3d0f"
},
{
"url": "https://git.kernel.org/stable/c/4fd58b5cf118d2d9038a0b8c9cc0e43096297686"
},
{
"url": "https://git.kernel.org/stable/c/3c617827cd51018bc377bd2954e176920ddbcfad"
},
{
"url": "https://git.kernel.org/stable/c/59cf2fabbfe76de29d88dd7ae69858a25735b59f"
},
{
"url": "https://git.kernel.org/stable/c/ea6ea18b3ab0c0d7fefffb3c4d27df758b1c790a"
},
{
"url": "https://git.kernel.org/stable/c/d36f6ed761b53933b0b4126486c10d3da7751e7f"
}
],
"title": "ext4: fix bug_on in __es_tree_search",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49409",
"datePublished": "2025-02-26T02:12:32.591Z",
"dateReserved": "2025-02-26T02:08:31.567Z",
"dateUpdated": "2025-05-04T12:44:39.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49695 (GCVE-0-2022-49695)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
igb: fix a use-after-free issue in igb_clean_tx_ring
Fix the following use-after-free bug in igb_clean_tx_ring routine when
the NIC is running in XDP mode. The issue can be triggered redirecting
traffic into the igb NIC and then closing the device while the traffic
is flowing.
[ 73.322719] CPU: 1 PID: 487 Comm: xdp_redirect Not tainted 5.18.3-apu2 #9
[ 73.330639] Hardware name: PC Engines APU2/APU2, BIOS 4.0.7 02/28/2017
[ 73.337434] RIP: 0010:refcount_warn_saturate+0xa7/0xf0
[ 73.362283] RSP: 0018:ffffc9000081f798 EFLAGS: 00010282
[ 73.367761] RAX: 0000000000000000 RBX: ffffc90000420f80 RCX: 0000000000000000
[ 73.375200] RDX: ffff88811ad22d00 RSI: ffff88811ad171e0 RDI: ffff88811ad171e0
[ 73.382590] RBP: 0000000000000900 R08: ffffffff82298f28 R09: 0000000000000058
[ 73.390008] R10: 0000000000000219 R11: ffffffff82280f40 R12: 0000000000000090
[ 73.397356] R13: ffff888102343a40 R14: ffff88810359e0e4 R15: 0000000000000000
[ 73.404806] FS: 00007ff38d31d740(0000) GS:ffff88811ad00000(0000) knlGS:0000000000000000
[ 73.413129] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 73.419096] CR2: 000055cff35f13f8 CR3: 0000000106391000 CR4: 00000000000406e0
[ 73.426565] Call Trace:
[ 73.429087] <TASK>
[ 73.431314] igb_clean_tx_ring+0x43/0x140 [igb]
[ 73.436002] igb_down+0x1d7/0x220 [igb]
[ 73.439974] __igb_close+0x3c/0x120 [igb]
[ 73.444118] igb_xdp+0x10c/0x150 [igb]
[ 73.447983] ? igb_pci_sriov_configure+0x70/0x70 [igb]
[ 73.453362] dev_xdp_install+0xda/0x110
[ 73.457371] dev_xdp_attach+0x1da/0x550
[ 73.461369] do_setlink+0xfd0/0x10f0
[ 73.465166] ? __nla_validate_parse+0x89/0xc70
[ 73.469714] rtnl_setlink+0x11a/0x1e0
[ 73.473547] rtnetlink_rcv_msg+0x145/0x3d0
[ 73.477709] ? rtnl_calcit.isra.0+0x130/0x130
[ 73.482258] netlink_rcv_skb+0x8d/0x110
[ 73.486229] netlink_unicast+0x230/0x340
[ 73.490317] netlink_sendmsg+0x215/0x470
[ 73.494395] __sys_sendto+0x179/0x190
[ 73.498268] ? move_addr_to_user+0x37/0x70
[ 73.502547] ? __sys_getsockname+0x84/0xe0
[ 73.506853] ? netlink_setsockopt+0x1c1/0x4a0
[ 73.511349] ? __sys_setsockopt+0xc8/0x1d0
[ 73.515636] __x64_sys_sendto+0x20/0x30
[ 73.519603] do_syscall_64+0x3b/0x80
[ 73.523399] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 73.528712] RIP: 0033:0x7ff38d41f20c
[ 73.551866] RSP: 002b:00007fff3b945a68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 73.559640] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff38d41f20c
[ 73.567066] RDX: 0000000000000034 RSI: 00007fff3b945b30 RDI: 0000000000000003
[ 73.574457] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[ 73.581852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff3b945ab0
[ 73.589179] R13: 0000000000000000 R14: 0000000000000003 R15: 00007fff3b945b30
[ 73.596545] </TASK>
[ 73.598842] ---[ end trace 0000000000000000 ]---
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:15:05.537306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:30.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igb/igb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c12a2c9b1b460ed72e6b3c33aac1ef51b0329b66",
"status": "affected",
"version": "9cbc948b5a20c9c054d9631099c0426c16da546b",
"versionType": "git"
},
{
"lessThan": "2af944210dc23d43d8208dafac4df7be7e3c168b",
"status": "affected",
"version": "9cbc948b5a20c9c054d9631099c0426c16da546b",
"versionType": "git"
},
{
"lessThan": "68a0ed06dcd5d3ea732d011c0b83d66e4791f521",
"status": "affected",
"version": "9cbc948b5a20c9c054d9631099c0426c16da546b",
"versionType": "git"
},
{
"lessThan": "3f6a57ee8544ec3982f8a3cbcbf4aea7d47eb9ec",
"status": "affected",
"version": "9cbc948b5a20c9c054d9631099c0426c16da546b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igb/igb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: fix a use-after-free issue in igb_clean_tx_ring\n\nFix the following use-after-free bug in igb_clean_tx_ring routine when\nthe NIC is running in XDP mode. The issue can be triggered redirecting\ntraffic into the igb NIC and then closing the device while the traffic\nis flowing.\n\n[ 73.322719] CPU: 1 PID: 487 Comm: xdp_redirect Not tainted 5.18.3-apu2 #9\n[ 73.330639] Hardware name: PC Engines APU2/APU2, BIOS 4.0.7 02/28/2017\n[ 73.337434] RIP: 0010:refcount_warn_saturate+0xa7/0xf0\n[ 73.362283] RSP: 0018:ffffc9000081f798 EFLAGS: 00010282\n[ 73.367761] RAX: 0000000000000000 RBX: ffffc90000420f80 RCX: 0000000000000000\n[ 73.375200] RDX: ffff88811ad22d00 RSI: ffff88811ad171e0 RDI: ffff88811ad171e0\n[ 73.382590] RBP: 0000000000000900 R08: ffffffff82298f28 R09: 0000000000000058\n[ 73.390008] R10: 0000000000000219 R11: ffffffff82280f40 R12: 0000000000000090\n[ 73.397356] R13: ffff888102343a40 R14: ffff88810359e0e4 R15: 0000000000000000\n[ 73.404806] FS: 00007ff38d31d740(0000) GS:ffff88811ad00000(0000) knlGS:0000000000000000\n[ 73.413129] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 73.419096] CR2: 000055cff35f13f8 CR3: 0000000106391000 CR4: 00000000000406e0\n[ 73.426565] Call Trace:\n[ 73.429087] \u003cTASK\u003e\n[ 73.431314] igb_clean_tx_ring+0x43/0x140 [igb]\n[ 73.436002] igb_down+0x1d7/0x220 [igb]\n[ 73.439974] __igb_close+0x3c/0x120 [igb]\n[ 73.444118] igb_xdp+0x10c/0x150 [igb]\n[ 73.447983] ? igb_pci_sriov_configure+0x70/0x70 [igb]\n[ 73.453362] dev_xdp_install+0xda/0x110\n[ 73.457371] dev_xdp_attach+0x1da/0x550\n[ 73.461369] do_setlink+0xfd0/0x10f0\n[ 73.465166] ? __nla_validate_parse+0x89/0xc70\n[ 73.469714] rtnl_setlink+0x11a/0x1e0\n[ 73.473547] rtnetlink_rcv_msg+0x145/0x3d0\n[ 73.477709] ? rtnl_calcit.isra.0+0x130/0x130\n[ 73.482258] netlink_rcv_skb+0x8d/0x110\n[ 73.486229] netlink_unicast+0x230/0x340\n[ 73.490317] netlink_sendmsg+0x215/0x470\n[ 73.494395] __sys_sendto+0x179/0x190\n[ 73.498268] ? move_addr_to_user+0x37/0x70\n[ 73.502547] ? __sys_getsockname+0x84/0xe0\n[ 73.506853] ? netlink_setsockopt+0x1c1/0x4a0\n[ 73.511349] ? __sys_setsockopt+0xc8/0x1d0\n[ 73.515636] __x64_sys_sendto+0x20/0x30\n[ 73.519603] do_syscall_64+0x3b/0x80\n[ 73.523399] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 73.528712] RIP: 0033:0x7ff38d41f20c\n[ 73.551866] RSP: 002b:00007fff3b945a68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\n[ 73.559640] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff38d41f20c\n[ 73.567066] RDX: 0000000000000034 RSI: 00007fff3b945b30 RDI: 0000000000000003\n[ 73.574457] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000\n[ 73.581852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff3b945ab0\n[ 73.589179] R13: 0000000000000000 R14: 0000000000000003 R15: 00007fff3b945b30\n[ 73.596545] \u003c/TASK\u003e\n[ 73.598842] ---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:26.888Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c12a2c9b1b460ed72e6b3c33aac1ef51b0329b66"
},
{
"url": "https://git.kernel.org/stable/c/2af944210dc23d43d8208dafac4df7be7e3c168b"
},
{
"url": "https://git.kernel.org/stable/c/68a0ed06dcd5d3ea732d011c0b83d66e4791f521"
},
{
"url": "https://git.kernel.org/stable/c/3f6a57ee8544ec3982f8a3cbcbf4aea7d47eb9ec"
}
],
"title": "igb: fix a use-after-free issue in igb_clean_tx_ring",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49695",
"datePublished": "2025-02-26T02:24:17.545Z",
"dateReserved": "2025-02-26T02:21:30.442Z",
"dateUpdated": "2025-05-04T08:43:26.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49462 (GCVE-0-2022-49462)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
a6xx_gmu_init() passes the node to of_find_device_by_node()
and of_dma_configure(), of_find_device_by_node() will takes its
reference, of_dma_configure() doesn't need the node after usage.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4b565ca5a2cbbbb6345e8789da89c193b6b00e5a Version: 4b565ca5a2cbbbb6345e8789da89c193b6b00e5a Version: 4b565ca5a2cbbbb6345e8789da89c193b6b00e5a Version: 4b565ca5a2cbbbb6345e8789da89c193b6b00e5a Version: 4b565ca5a2cbbbb6345e8789da89c193b6b00e5a Version: 4b565ca5a2cbbbb6345e8789da89c193b6b00e5a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:40:06.681342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:47.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/adreno/a6xx_gpu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6832e36f156ea35a6ed74bca72727806116effdd",
"status": "affected",
"version": "4b565ca5a2cbbbb6345e8789da89c193b6b00e5a",
"versionType": "git"
},
{
"lessThan": "48e82ce8cdb19c20a5020fa446b286d6a147450c",
"status": "affected",
"version": "4b565ca5a2cbbbb6345e8789da89c193b6b00e5a",
"versionType": "git"
},
{
"lessThan": "edff4c1af831d0c02e654eed9da7d74174de49d5",
"status": "affected",
"version": "4b565ca5a2cbbbb6345e8789da89c193b6b00e5a",
"versionType": "git"
},
{
"lessThan": "65ddbc0d26824e2a5d6154d01d8cf39344900213",
"status": "affected",
"version": "4b565ca5a2cbbbb6345e8789da89c193b6b00e5a",
"versionType": "git"
},
{
"lessThan": "06907a374f1b74f8f2fb30720dc6df81331e4fb5",
"status": "affected",
"version": "4b565ca5a2cbbbb6345e8789da89c193b6b00e5a",
"versionType": "git"
},
{
"lessThan": "c56de483093d7ad0782327f95dda7da97bc4c315",
"status": "affected",
"version": "4b565ca5a2cbbbb6345e8789da89c193b6b00e5a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/adreno/a6xx_gpu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/a6xx: Fix refcount leak in a6xx_gpu_init\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\n\na6xx_gmu_init() passes the node to of_find_device_by_node()\nand of_dma_configure(), of_find_device_by_node() will takes its\nreference, of_dma_configure() doesn\u0027t need the node after usage.\n\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:15.805Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6832e36f156ea35a6ed74bca72727806116effdd"
},
{
"url": "https://git.kernel.org/stable/c/48e82ce8cdb19c20a5020fa446b286d6a147450c"
},
{
"url": "https://git.kernel.org/stable/c/edff4c1af831d0c02e654eed9da7d74174de49d5"
},
{
"url": "https://git.kernel.org/stable/c/65ddbc0d26824e2a5d6154d01d8cf39344900213"
},
{
"url": "https://git.kernel.org/stable/c/06907a374f1b74f8f2fb30720dc6df81331e4fb5"
},
{
"url": "https://git.kernel.org/stable/c/c56de483093d7ad0782327f95dda7da97bc4c315"
}
],
"title": "drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49462",
"datePublished": "2025-02-26T02:13:09.016Z",
"dateReserved": "2025-02-26T02:08:31.576Z",
"dateUpdated": "2025-10-01T19:46:47.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49515 (GCVE-0-2022-49515)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t
The CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defined in
the array otp_map_1/2[CS35L41_NUM_OTP_ELEM], this will trigger UBSAN
to report a shift-out-of-bounds warning in the cs35l41_otp_unpack()
since the last entry in the array will result in GENMASK(-1, 0).
UBSAN reports this problem:
UBSAN: shift-out-of-bounds in /home/hwang4/build/jammy/jammy/sound/soc/codecs/cs35l41-lib.c:836:8
shift exponent 64 is too large for 64-bit type 'long unsigned int'
CPU: 10 PID: 595 Comm: systemd-udevd Not tainted 5.15.0-23-generic #23
Hardware name: LENOVO \x02MFG_IN_GO/\x02MFG_IN_GO, BIOS N3GET19W (1.00 ) 03/11/2022
Call Trace:
<TASK>
show_stack+0x52/0x58
dump_stack_lvl+0x4a/0x5f
dump_stack+0x10/0x12
ubsan_epilogue+0x9/0x45
__ubsan_handle_shift_out_of_bounds.cold+0x61/0xef
? regmap_unlock_mutex+0xe/0x10
cs35l41_otp_unpack.cold+0x1c6/0x2b2 [snd_soc_cs35l41_lib]
cs35l41_hda_probe+0x24f/0x33a [snd_hda_scodec_cs35l41]
cs35l41_hda_i2c_probe+0x65/0x90 [snd_hda_scodec_cs35l41_i2c]
? cs35l41_hda_i2c_remove+0x20/0x20 [snd_hda_scodec_cs35l41_i2c]
i2c_device_probe+0x252/0x2b0
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/sound/cs35l41.h",
"sound/soc/codecs/cs35l41-lib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dbc35268e14d5d89c7a9db72009ad4dcd9ede646",
"status": "affected",
"version": "6450ef55905688602175fae4ed1bfbfef6a14dde",
"versionType": "git"
},
{
"lessThan": "a59b9958416096dd21dc4f62b0c5be525d459ca8",
"status": "affected",
"version": "6450ef55905688602175fae4ed1bfbfef6a14dde",
"versionType": "git"
},
{
"lessThan": "9f342904216f378e88008bb0ce1ae200a4b99fe8",
"status": "affected",
"version": "6450ef55905688602175fae4ed1bfbfef6a14dde",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/sound/cs35l41.h",
"sound/soc/codecs/cs35l41-lib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t\n\nThe CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defined in\nthe array otp_map_1/2[CS35L41_NUM_OTP_ELEM], this will trigger UBSAN\nto report a shift-out-of-bounds warning in the cs35l41_otp_unpack()\nsince the last entry in the array will result in GENMASK(-1, 0).\n\nUBSAN reports this problem:\n UBSAN: shift-out-of-bounds in /home/hwang4/build/jammy/jammy/sound/soc/codecs/cs35l41-lib.c:836:8\n shift exponent 64 is too large for 64-bit type \u0027long unsigned int\u0027\n CPU: 10 PID: 595 Comm: systemd-udevd Not tainted 5.15.0-23-generic #23\n Hardware name: LENOVO \\x02MFG_IN_GO/\\x02MFG_IN_GO, BIOS N3GET19W (1.00 ) 03/11/2022\n Call Trace:\n \u003cTASK\u003e\n show_stack+0x52/0x58\n dump_stack_lvl+0x4a/0x5f\n dump_stack+0x10/0x12\n ubsan_epilogue+0x9/0x45\n __ubsan_handle_shift_out_of_bounds.cold+0x61/0xef\n ? regmap_unlock_mutex+0xe/0x10\n cs35l41_otp_unpack.cold+0x1c6/0x2b2 [snd_soc_cs35l41_lib]\n cs35l41_hda_probe+0x24f/0x33a [snd_hda_scodec_cs35l41]\n cs35l41_hda_i2c_probe+0x65/0x90 [snd_hda_scodec_cs35l41_i2c]\n ? cs35l41_hda_i2c_remove+0x20/0x20 [snd_hda_scodec_cs35l41_i2c]\n i2c_device_probe+0x252/0x2b0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:35.897Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dbc35268e14d5d89c7a9db72009ad4dcd9ede646"
},
{
"url": "https://git.kernel.org/stable/c/a59b9958416096dd21dc4f62b0c5be525d459ca8"
},
{
"url": "https://git.kernel.org/stable/c/9f342904216f378e88008bb0ce1ae200a4b99fe8"
}
],
"title": "ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49515",
"datePublished": "2025-02-26T02:13:43.888Z",
"dateReserved": "2025-02-26T02:08:31.587Z",
"dateUpdated": "2025-05-04T08:39:35.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49102 (GCVE-0-2022-49102)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
habanalabs: fix possible memory leak in MMU DR fini
This patch fixes what seems to be copy paste error.
We will have a memory leak if the host-resident shadow is NULL (which
will likely happen as the DR and HR are not dependent).
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49102",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:49:25.360080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:05.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/misc/habanalabs/common/mmu/mmu_v1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "12e49aefda2e04b07604f13e03f40027cbeb0dc6",
"status": "affected",
"version": "0feaf86d4e69507ab9b2af7dcc63a6886352d5db",
"versionType": "git"
},
{
"lessThan": "6d421fb7a9eddd8ce0a05641a3db97283fe20699",
"status": "affected",
"version": "0feaf86d4e69507ab9b2af7dcc63a6886352d5db",
"versionType": "git"
},
{
"lessThan": "30058d3a83cfe8c6aacbfe5ab13c01dd0c1799e3",
"status": "affected",
"version": "0feaf86d4e69507ab9b2af7dcc63a6886352d5db",
"versionType": "git"
},
{
"lessThan": "eb85eec858c1a5c11d3a0bff403f6440b05b40dc",
"status": "affected",
"version": "0feaf86d4e69507ab9b2af7dcc63a6886352d5db",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/misc/habanalabs/common/mmu/mmu_v1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhabanalabs: fix possible memory leak in MMU DR fini\n\nThis patch fixes what seems to be copy paste error.\n\nWe will have a memory leak if the host-resident shadow is NULL (which\nwill likely happen as the DR and HR are not dependent)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:54.183Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/12e49aefda2e04b07604f13e03f40027cbeb0dc6"
},
{
"url": "https://git.kernel.org/stable/c/6d421fb7a9eddd8ce0a05641a3db97283fe20699"
},
{
"url": "https://git.kernel.org/stable/c/30058d3a83cfe8c6aacbfe5ab13c01dd0c1799e3"
},
{
"url": "https://git.kernel.org/stable/c/eb85eec858c1a5c11d3a0bff403f6440b05b40dc"
}
],
"title": "habanalabs: fix possible memory leak in MMU DR fini",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49102",
"datePublished": "2025-02-26T01:54:52.038Z",
"dateReserved": "2025-02-26T01:49:39.250Z",
"dateUpdated": "2025-10-01T19:57:05.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49066 (GCVE-0-2022-49066)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
veth: Ensure eth header is in skb's linear part
After feeding a decapsulated packet to a veth device with act_mirred,
skb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(),
which expects at least ETH_HLEN byte of linear data (as
__dev_forward_skb2() calls eth_type_trans(), which pulls ETH_HLEN bytes
unconditionally).
Use pskb_may_pull() to ensure veth_xmit() respects this constraint.
kernel BUG at include/linux/skbuff.h:2328!
RIP: 0010:eth_type_trans+0xcf/0x140
Call Trace:
<IRQ>
__dev_forward_skb2+0xe3/0x160
veth_xmit+0x6e/0x250 [veth]
dev_hard_start_xmit+0xc7/0x200
__dev_queue_xmit+0x47f/0x520
? skb_ensure_writable+0x85/0xa0
? skb_mpls_pop+0x98/0x1c0
tcf_mirred_act+0x442/0x47e [act_mirred]
tcf_action_exec+0x86/0x140
fl_classify+0x1d8/0x1e0 [cls_flower]
? dma_pte_clear_level+0x129/0x1a0
? dma_pte_clear_level+0x129/0x1a0
? prb_fill_curr_block+0x2f/0xc0
? skb_copy_bits+0x11a/0x220
__tcf_classify+0x58/0x110
tcf_classify_ingress+0x6b/0x140
__netif_receive_skb_core.constprop.0+0x47d/0xfd0
? __iommu_dma_unmap_swiotlb+0x44/0x90
__netif_receive_skb_one_core+0x3d/0xa0
netif_receive_skb+0x116/0x170
be_process_rx+0x22f/0x330 [be2net]
be_poll+0x13c/0x370 [be2net]
__napi_poll+0x2a/0x170
net_rx_action+0x22f/0x2f0
__do_softirq+0xca/0x2a8
__irq_exit_rcu+0xc1/0xe0
common_interrupt+0x83/0xa0
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568 Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568 Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568 Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568 Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568 Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568 Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568 Version: e314dbdc1c0dc6a548ecf0afce28ecfd538ff568 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/veth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3de2a02b60a4ef0ab76263216f08c7d095fc7c42",
"status": "affected",
"version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
"versionType": "git"
},
{
"lessThan": "d417a859221f127e8edf09c14b76ab50f825e171",
"status": "affected",
"version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
"versionType": "git"
},
{
"lessThan": "1ef0088e43af1de4e3b365218c4d3179d9a37eec",
"status": "affected",
"version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
"versionType": "git"
},
{
"lessThan": "2fd90b86dff413fbf8128780c04ea9c6849c16e2",
"status": "affected",
"version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
"versionType": "git"
},
{
"lessThan": "d67c900f1947d64ba8a64f693504bcaab8d9000c",
"status": "affected",
"version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
"versionType": "git"
},
{
"lessThan": "93940fc4cb81840dc0fa202de48cccb949a0261d",
"status": "affected",
"version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
"versionType": "git"
},
{
"lessThan": "46bc359fec0c6d87b70d7a008bcd9a5e30dd6f27",
"status": "affected",
"version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
"versionType": "git"
},
{
"lessThan": "726e2c5929de841fdcef4e2bf995680688ae1b87",
"status": "affected",
"version": "e314dbdc1c0dc6a548ecf0afce28ecfd538ff568",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/veth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.24"
},
{
"lessThan": "2.6.24",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.239",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.239",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.190",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.112",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.35",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nveth: Ensure eth header is in skb\u0027s linear part\n\nAfter feeding a decapsulated packet to a veth device with act_mirred,\nskb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(),\nwhich expects at least ETH_HLEN byte of linear data (as\n__dev_forward_skb2() calls eth_type_trans(), which pulls ETH_HLEN bytes\nunconditionally).\n\nUse pskb_may_pull() to ensure veth_xmit() respects this constraint.\n\nkernel BUG at include/linux/skbuff.h:2328!\nRIP: 0010:eth_type_trans+0xcf/0x140\nCall Trace:\n \u003cIRQ\u003e\n __dev_forward_skb2+0xe3/0x160\n veth_xmit+0x6e/0x250 [veth]\n dev_hard_start_xmit+0xc7/0x200\n __dev_queue_xmit+0x47f/0x520\n ? skb_ensure_writable+0x85/0xa0\n ? skb_mpls_pop+0x98/0x1c0\n tcf_mirred_act+0x442/0x47e [act_mirred]\n tcf_action_exec+0x86/0x140\n fl_classify+0x1d8/0x1e0 [cls_flower]\n ? dma_pte_clear_level+0x129/0x1a0\n ? dma_pte_clear_level+0x129/0x1a0\n ? prb_fill_curr_block+0x2f/0xc0\n ? skb_copy_bits+0x11a/0x220\n __tcf_classify+0x58/0x110\n tcf_classify_ingress+0x6b/0x140\n __netif_receive_skb_core.constprop.0+0x47d/0xfd0\n ? __iommu_dma_unmap_swiotlb+0x44/0x90\n __netif_receive_skb_one_core+0x3d/0xa0\n netif_receive_skb+0x116/0x170\n be_process_rx+0x22f/0x330 [be2net]\n be_poll+0x13c/0x370 [be2net]\n __napi_poll+0x2a/0x170\n net_rx_action+0x22f/0x2f0\n __do_softirq+0xca/0x2a8\n __irq_exit_rcu+0xc1/0xe0\n common_interrupt+0x83/0xa0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:00.333Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3de2a02b60a4ef0ab76263216f08c7d095fc7c42"
},
{
"url": "https://git.kernel.org/stable/c/d417a859221f127e8edf09c14b76ab50f825e171"
},
{
"url": "https://git.kernel.org/stable/c/1ef0088e43af1de4e3b365218c4d3179d9a37eec"
},
{
"url": "https://git.kernel.org/stable/c/2fd90b86dff413fbf8128780c04ea9c6849c16e2"
},
{
"url": "https://git.kernel.org/stable/c/d67c900f1947d64ba8a64f693504bcaab8d9000c"
},
{
"url": "https://git.kernel.org/stable/c/93940fc4cb81840dc0fa202de48cccb949a0261d"
},
{
"url": "https://git.kernel.org/stable/c/46bc359fec0c6d87b70d7a008bcd9a5e30dd6f27"
},
{
"url": "https://git.kernel.org/stable/c/726e2c5929de841fdcef4e2bf995680688ae1b87"
}
],
"title": "veth: Ensure eth header is in skb\u0027s linear part",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49066",
"datePublished": "2025-02-26T01:54:34.395Z",
"dateReserved": "2025-02-26T01:49:39.244Z",
"dateUpdated": "2025-05-04T08:29:00.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49129 (GCVE-0-2022-49129)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7921: fix crash when startup fails.
If the nic fails to start, it is possible that the
reset_work has already been scheduled. Ensure the
work item is canceled so we do not have use-after-free
crash in case cleanup is called before the work item
is executed.
This fixes crash on my x86_64 apu2 when mt7921k radio
fails to work. Radio still fails, but OS does not
crash.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49129",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:17:14.426944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:34.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt7921/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "38fbe806645090c07aa97171f20fc62c3d7d3a98",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "c1a5e6002ec441a3b9fb4d048b4b49ae93409a46",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "ac1260b661c2ef0d0a56680cdb5672b931b7be8f",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "827e7799c61b978fbc2cc9dac66cb62401b2b3f0",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt7921/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7921: fix crash when startup fails.\n\nIf the nic fails to start, it is possible that the\nreset_work has already been scheduled. Ensure the\nwork item is canceled so we do not have use-after-free\ncrash in case cleanup is called before the work item\nis executed.\n\nThis fixes crash on my x86_64 apu2 when mt7921k radio\nfails to work. Radio still fails, but OS does not\ncrash."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:36.683Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/38fbe806645090c07aa97171f20fc62c3d7d3a98"
},
{
"url": "https://git.kernel.org/stable/c/c1a5e6002ec441a3b9fb4d048b4b49ae93409a46"
},
{
"url": "https://git.kernel.org/stable/c/ac1260b661c2ef0d0a56680cdb5672b931b7be8f"
},
{
"url": "https://git.kernel.org/stable/c/827e7799c61b978fbc2cc9dac66cb62401b2b3f0"
}
],
"title": "mt76: mt7921: fix crash when startup fails.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49129",
"datePublished": "2025-02-26T01:55:05.624Z",
"dateReserved": "2025-02-26T01:49:39.266Z",
"dateUpdated": "2025-05-04T08:30:36.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49315 (GCVE-0-2022-49315)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
There is a deadlock in rtllib_beacons_stop(), which is shown
below:
(Thread 1) | (Thread 2)
| rtllib_send_beacon()
rtllib_beacons_stop() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | rtllib_send_beacon_cb()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold ieee->beacon_lock in position (1) of thread 1 and
use del_timer_sync() to wait timer to stop, but timer handler
also need ieee->beacon_lock in position (2) of thread 2.
As a result, rtllib_beacons_stop() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_irqsave(), which could let timer handler to obtain
the needed lock.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:03.346443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:57.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8192e/rtllib_softmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4681129fda9e8555392eaaadb239ec6a6e2b3e12",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "381045dc64d23a2229c47c5524c06bfc33d34446",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "08bacf871c019163ccd1389d0bc957a43324967a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "64b05fa212c7e4d057676e8b7e7120c6eb2f615b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0f69d7d5e918aa43423d86bd17ddb11b1b5e8ada",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fef451f0fbbe85dbd2962b18379d02e2965610db",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "46c861009bf437a18417df24cea0d181741b7d72",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ffd4c4d5293e4985092ea45ba21cad9326e2e434",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9b6bdbd9337de3917945847bde262a34a87a6303",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8192e/rtllib_softmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()\n\nThere is a deadlock in rtllib_beacons_stop(), which is shown\nbelow:\n\n (Thread 1) | (Thread 2)\n | rtllib_send_beacon()\nrtllib_beacons_stop() | mod_timer()\n spin_lock_irqsave() //(1) | (wait a time)\n ... | rtllib_send_beacon_cb()\n del_timer_sync() | spin_lock_irqsave() //(2)\n (wait timer to stop) | ...\n\nWe hold ieee-\u003ebeacon_lock in position (1) of thread 1 and\nuse del_timer_sync() to wait timer to stop, but timer handler\nalso need ieee-\u003ebeacon_lock in position (2) of thread 2.\nAs a result, rtllib_beacons_stop() will block forever.\n\nThis patch extracts del_timer_sync() from the protection of\nspin_lock_irqsave(), which could let timer handler to obtain\nthe needed lock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:02.193Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4681129fda9e8555392eaaadb239ec6a6e2b3e12"
},
{
"url": "https://git.kernel.org/stable/c/381045dc64d23a2229c47c5524c06bfc33d34446"
},
{
"url": "https://git.kernel.org/stable/c/08bacf871c019163ccd1389d0bc957a43324967a"
},
{
"url": "https://git.kernel.org/stable/c/64b05fa212c7e4d057676e8b7e7120c6eb2f615b"
},
{
"url": "https://git.kernel.org/stable/c/0f69d7d5e918aa43423d86bd17ddb11b1b5e8ada"
},
{
"url": "https://git.kernel.org/stable/c/fef451f0fbbe85dbd2962b18379d02e2965610db"
},
{
"url": "https://git.kernel.org/stable/c/46c861009bf437a18417df24cea0d181741b7d72"
},
{
"url": "https://git.kernel.org/stable/c/ffd4c4d5293e4985092ea45ba21cad9326e2e434"
},
{
"url": "https://git.kernel.org/stable/c/9b6bdbd9337de3917945847bde262a34a87a6303"
}
],
"title": "drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49315",
"datePublished": "2025-02-26T02:10:43.082Z",
"dateReserved": "2025-02-26T02:08:31.536Z",
"dateUpdated": "2025-10-01T19:46:57.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49715 (GCVE-0-2022-49715)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions
of_find_node_by_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e3825ba1af3a27d7522c9f5f929f5a13b8b138ae Version: e3825ba1af3a27d7522c9f5f929f5a13b8b138ae Version: e3825ba1af3a27d7522c9f5f929f5a13b8b138ae Version: e3825ba1af3a27d7522c9f5f929f5a13b8b138ae Version: e3825ba1af3a27d7522c9f5f929f5a13b8b138ae Version: e3825ba1af3a27d7522c9f5f929f5a13b8b138ae |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:32:19.820025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:44.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-gic-v3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e824482e2c5edacc961b7dd30a92fd47606c3036",
"status": "affected",
"version": "e3825ba1af3a27d7522c9f5f929f5a13b8b138ae",
"versionType": "git"
},
{
"lessThan": "8d884c08eeb83142a7173cb46bcff0434ec42cf1",
"status": "affected",
"version": "e3825ba1af3a27d7522c9f5f929f5a13b8b138ae",
"versionType": "git"
},
{
"lessThan": "506a88a5bf261d76a5214c0338a320f2214c67ac",
"status": "affected",
"version": "e3825ba1af3a27d7522c9f5f929f5a13b8b138ae",
"versionType": "git"
},
{
"lessThan": "cc5984cf270b69d03f9f4b27063e535036c659e9",
"status": "affected",
"version": "e3825ba1af3a27d7522c9f5f929f5a13b8b138ae",
"versionType": "git"
},
{
"lessThan": "c136c2924a59a399aa789858cfb320d481964fb7",
"status": "affected",
"version": "e3825ba1af3a27d7522c9f5f929f5a13b8b138ae",
"versionType": "git"
},
{
"lessThan": "fa1ad9d4cc47ca2470cd904ad4519f05d7e43a2b",
"status": "affected",
"version": "e3825ba1af3a27d7522c9f5f929f5a13b8b138ae",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-gic-v3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.249",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions\n\nof_find_node_by_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:56.719Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e824482e2c5edacc961b7dd30a92fd47606c3036"
},
{
"url": "https://git.kernel.org/stable/c/8d884c08eeb83142a7173cb46bcff0434ec42cf1"
},
{
"url": "https://git.kernel.org/stable/c/506a88a5bf261d76a5214c0338a320f2214c67ac"
},
{
"url": "https://git.kernel.org/stable/c/cc5984cf270b69d03f9f4b27063e535036c659e9"
},
{
"url": "https://git.kernel.org/stable/c/c136c2924a59a399aa789858cfb320d481964fb7"
},
{
"url": "https://git.kernel.org/stable/c/fa1ad9d4cc47ca2470cd904ad4519f05d7e43a2b"
}
],
"title": "irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49715",
"datePublished": "2025-02-26T02:24:30.901Z",
"dateReserved": "2025-02-26T02:21:30.445Z",
"dateUpdated": "2025-10-01T19:36:44.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49524 (GCVE-0-2022-49524)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: pci: cx23885: Fix the error handling in cx23885_initdev()
When the driver fails to call the dma_set_mask(), the driver will get
the following splat:
[ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240
[ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590
[ 55.856822] Call Trace:
[ 55.860327] __process_removed_driver+0x3c/0x240
[ 55.861347] bus_for_each_dev+0x102/0x160
[ 55.861681] i2c_del_driver+0x2f/0x50
This is because the driver has initialized the i2c related resources
in cx23885_dev_setup() but not released them in error handling, fix this
bug by modifying the error path that jumps after failing to call the
dma_set_mask().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:15:37.962378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:31.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/cx23885/cx23885-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6041d1a0365baa729b6adfb6ed5386d9388018db",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7b9978e1c94e569d65a0e7e719abb9340f5db4a0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fa636e9ee4442215cd9a2e079cd5a8e1fe0cb8ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ca17e7a532d1a55466cc007b3f4d319541a27493",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "98106f100f50c487469903b9cf6d966785fc9cc3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "86bd6a579c6c60547706cabf299cd2c9feab3332",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "453514a874c78df1e7804e6e3aaa60c8d8deb6a8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e8123311cf06d7dae71e8c5fe78e0510d20cd30b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/cx23885/cx23885-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: cx23885: Fix the error handling in cx23885_initdev()\n\nWhen the driver fails to call the dma_set_mask(), the driver will get\nthe following splat:\n\n[ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240\n[ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590\n[ 55.856822] Call Trace:\n[ 55.860327] __process_removed_driver+0x3c/0x240\n[ 55.861347] bus_for_each_dev+0x102/0x160\n[ 55.861681] i2c_del_driver+0x2f/0x50\n\nThis is because the driver has initialized the i2c related resources\nin cx23885_dev_setup() but not released them in error handling, fix this\nbug by modifying the error path that jumps after failing to call the\ndma_set_mask()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:46.613Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6041d1a0365baa729b6adfb6ed5386d9388018db"
},
{
"url": "https://git.kernel.org/stable/c/7b9978e1c94e569d65a0e7e719abb9340f5db4a0"
},
{
"url": "https://git.kernel.org/stable/c/fa636e9ee4442215cd9a2e079cd5a8e1fe0cb8ba"
},
{
"url": "https://git.kernel.org/stable/c/ca17e7a532d1a55466cc007b3f4d319541a27493"
},
{
"url": "https://git.kernel.org/stable/c/98106f100f50c487469903b9cf6d966785fc9cc3"
},
{
"url": "https://git.kernel.org/stable/c/86bd6a579c6c60547706cabf299cd2c9feab3332"
},
{
"url": "https://git.kernel.org/stable/c/453514a874c78df1e7804e6e3aaa60c8d8deb6a8"
},
{
"url": "https://git.kernel.org/stable/c/e8123311cf06d7dae71e8c5fe78e0510d20cd30b"
}
],
"title": "media: pci: cx23885: Fix the error handling in cx23885_initdev()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49524",
"datePublished": "2025-02-26T02:13:48.222Z",
"dateReserved": "2025-02-26T02:08:31.588Z",
"dateUpdated": "2025-05-04T08:39:46.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49710 (GCVE-0-2022-49710)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm mirror log: round up region bitmap size to BITS_PER_LONG
The code in dm-log rounds up bitset_size to 32 bits. It then uses
find_next_zero_bit_le on the allocated region. find_next_zero_bit_le
accesses the bitmap using unsigned long pointers. So, on 64-bit
architectures, it may access 4 bytes beyond the allocated size.
Fix this bug by rounding up bitset_size to BITS_PER_LONG.
This bug was found by running the lvm2 testsuite with kasan.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-log.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae460312875159285cef5bf3dc654593f404a1ef",
"status": "affected",
"version": "29121bd0b00ebb9524971a583fea4a2f7afe8041",
"versionType": "git"
},
{
"lessThan": "ba751f0d25f07aa21ce9b85372a3792bf7969d13",
"status": "affected",
"version": "29121bd0b00ebb9524971a583fea4a2f7afe8041",
"versionType": "git"
},
{
"lessThan": "0d2209b54f1de0c2f99cab246d4cf2cfe24aaaa9",
"status": "affected",
"version": "29121bd0b00ebb9524971a583fea4a2f7afe8041",
"versionType": "git"
},
{
"lessThan": "9a02f3275acc628c0d956be771405ced79ac36df",
"status": "affected",
"version": "29121bd0b00ebb9524971a583fea4a2f7afe8041",
"versionType": "git"
},
{
"lessThan": "85e123c27d5cbc22cfdc01de1e2ca1d9003a02d0",
"status": "affected",
"version": "29121bd0b00ebb9524971a583fea4a2f7afe8041",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-log.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.18"
},
{
"lessThan": "2.6.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "2.6.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm mirror log: round up region bitmap size to BITS_PER_LONG\n\nThe code in dm-log rounds up bitset_size to 32 bits. It then uses\nfind_next_zero_bit_le on the allocated region. find_next_zero_bit_le\naccesses the bitmap using unsigned long pointers. So, on 64-bit\narchitectures, it may access 4 bytes beyond the allocated size.\n\nFix this bug by rounding up bitset_size to BITS_PER_LONG.\n\nThis bug was found by running the lvm2 testsuite with kasan."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:50.278Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae460312875159285cef5bf3dc654593f404a1ef"
},
{
"url": "https://git.kernel.org/stable/c/ba751f0d25f07aa21ce9b85372a3792bf7969d13"
},
{
"url": "https://git.kernel.org/stable/c/0d2209b54f1de0c2f99cab246d4cf2cfe24aaaa9"
},
{
"url": "https://git.kernel.org/stable/c/9a02f3275acc628c0d956be771405ced79ac36df"
},
{
"url": "https://git.kernel.org/stable/c/85e123c27d5cbc22cfdc01de1e2ca1d9003a02d0"
}
],
"title": "dm mirror log: round up region bitmap size to BITS_PER_LONG",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49710",
"datePublished": "2025-02-26T02:24:27.532Z",
"dateReserved": "2025-02-26T02:21:30.444Z",
"dateUpdated": "2025-05-04T08:43:50.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49570 (GCVE-0-2022-49570)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpio: gpio-xilinx: Fix integer overflow
Current implementation is not able to configure more than 32 pins
due to incorrect data type. So type casting with unsigned long
to avoid it.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:36:49.913016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:37.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-xilinx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e129e5486b981d324057e6986059f852658b0d00",
"status": "affected",
"version": "02b3f84d9080b0f4297f31258307f626a43faba5",
"versionType": "git"
},
{
"lessThan": "6f16a5390640807dde420ee5ccbc4c95577aea6a",
"status": "affected",
"version": "02b3f84d9080b0f4297f31258307f626a43faba5",
"versionType": "git"
},
{
"lessThan": "32c094a09d5829ad9b02cdf667569aefa8de0ea6",
"status": "affected",
"version": "02b3f84d9080b0f4297f31258307f626a43faba5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpio-xilinx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: gpio-xilinx: Fix integer overflow\n\nCurrent implementation is not able to configure more than 32 pins\ndue to incorrect data type. So type casting with unsigned long\nto avoid it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:51.913Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e129e5486b981d324057e6986059f852658b0d00"
},
{
"url": "https://git.kernel.org/stable/c/6f16a5390640807dde420ee5ccbc4c95577aea6a"
},
{
"url": "https://git.kernel.org/stable/c/32c094a09d5829ad9b02cdf667569aefa8de0ea6"
}
],
"title": "gpio: gpio-xilinx: Fix integer overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49570",
"datePublished": "2025-02-26T02:23:13.703Z",
"dateReserved": "2025-02-26T02:21:30.410Z",
"dateUpdated": "2025-10-01T19:46:37.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49308 (GCVE-0-2022-49308)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-05-04 08:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
extcon: Modify extcon device to be created after driver data is set
Currently, someone can invoke the sysfs such as state_show()
intermittently before dev_set_drvdata() is done.
And it can be a cause of kernel Oops because of edev is Null at that time.
So modified the driver registration to after setting drviver data.
- Oops's backtrace.
Backtrace:
[<c067865c>] (state_show) from [<c05222e8>] (dev_attr_show)
[<c05222c0>] (dev_attr_show) from [<c02c66e0>] (sysfs_kf_seq_show)
[<c02c6648>] (sysfs_kf_seq_show) from [<c02c496c>] (kernfs_seq_show)
[<c02c4938>] (kernfs_seq_show) from [<c025e2a0>] (seq_read)
[<c025e11c>] (seq_read) from [<c02c50a0>] (kernfs_fop_read)
[<c02c5064>] (kernfs_fop_read) from [<c0231cac>] (__vfs_read)
[<c0231c5c>] (__vfs_read) from [<c0231ee0>] (vfs_read)
[<c0231e34>] (vfs_read) from [<c0232464>] (ksys_read)
[<c02323f0>] (ksys_read) from [<c02324fc>] (sys_read)
[<c02324e4>] (sys_read) from [<c00091d0>] (__sys_trace_return)
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/extcon/extcon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6e721f3ad0535b24f19a62420f4da95212cf069c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cb81ea998c461868d1168411a867d8ffee12f23f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d472c78cc82999d07bd09193a6718016ce9cd386",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "abf3b222614f49f98e606fccdd269161c0d70204",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "368e68ad6da4317fc4170e8d92b51c13d1bfe7a7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "35ff1ac55d301efb3f467cf5426faaeb3452994b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "033ec4e7e59ae5e1ef1e8c10bc6552926044ed1c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5dcc2afe716d69f5112ce035cb14f007461ff189",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/extcon/extcon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nextcon: Modify extcon device to be created after driver data is set\n\nCurrently, someone can invoke the sysfs such as state_show()\nintermittently before dev_set_drvdata() is done.\nAnd it can be a cause of kernel Oops because of edev is Null at that time.\nSo modified the driver registration to after setting drviver data.\n\n- Oops\u0027s backtrace.\n\nBacktrace:\n[\u003cc067865c\u003e] (state_show) from [\u003cc05222e8\u003e] (dev_attr_show)\n[\u003cc05222c0\u003e] (dev_attr_show) from [\u003cc02c66e0\u003e] (sysfs_kf_seq_show)\n[\u003cc02c6648\u003e] (sysfs_kf_seq_show) from [\u003cc02c496c\u003e] (kernfs_seq_show)\n[\u003cc02c4938\u003e] (kernfs_seq_show) from [\u003cc025e2a0\u003e] (seq_read)\n[\u003cc025e11c\u003e] (seq_read) from [\u003cc02c50a0\u003e] (kernfs_fop_read)\n[\u003cc02c5064\u003e] (kernfs_fop_read) from [\u003cc0231cac\u003e] (__vfs_read)\n[\u003cc0231c5c\u003e] (__vfs_read) from [\u003cc0231ee0\u003e] (vfs_read)\n[\u003cc0231e34\u003e] (vfs_read) from [\u003cc0232464\u003e] (ksys_read)\n[\u003cc02323f0\u003e] (ksys_read) from [\u003cc02324fc\u003e] (sys_read)\n[\u003cc02324e4\u003e] (sys_read) from [\u003cc00091d0\u003e] (__sys_trace_return)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:53.112Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6e721f3ad0535b24f19a62420f4da95212cf069c"
},
{
"url": "https://git.kernel.org/stable/c/cb81ea998c461868d1168411a867d8ffee12f23f"
},
{
"url": "https://git.kernel.org/stable/c/d472c78cc82999d07bd09193a6718016ce9cd386"
},
{
"url": "https://git.kernel.org/stable/c/abf3b222614f49f98e606fccdd269161c0d70204"
},
{
"url": "https://git.kernel.org/stable/c/368e68ad6da4317fc4170e8d92b51c13d1bfe7a7"
},
{
"url": "https://git.kernel.org/stable/c/35ff1ac55d301efb3f467cf5426faaeb3452994b"
},
{
"url": "https://git.kernel.org/stable/c/033ec4e7e59ae5e1ef1e8c10bc6552926044ed1c"
},
{
"url": "https://git.kernel.org/stable/c/5dcc2afe716d69f5112ce035cb14f007461ff189"
}
],
"title": "extcon: Modify extcon device to be created after driver data is set",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49308",
"datePublished": "2025-02-26T02:10:39.648Z",
"dateReserved": "2025-02-26T02:08:31.536Z",
"dateUpdated": "2025-05-04T08:34:53.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47648 (GCVE-0-2021-47648)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpu: host1x: Fix a memory leak in 'host1x_remove()'
Add a missing 'host1x_channel_list_free()' call in the remove function,
as already done in the error handling path of the probe function.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:29.512200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:07.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/host1x/dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6bb107332db28a0e9256c2d36a0902b85307612c",
"status": "affected",
"version": "8474b02531c4881a762c52ef869c52429e38633f",
"versionType": "git"
},
{
"lessThan": "c06577a80485511b894cb688e881ef0bc2d1d296",
"status": "affected",
"version": "8474b02531c4881a762c52ef869c52429e38633f",
"versionType": "git"
},
{
"lessThan": "5124a344983e1b9670dae7add0e4d00d589aabcd",
"status": "affected",
"version": "8474b02531c4881a762c52ef869c52429e38633f",
"versionType": "git"
},
{
"lessThan": "fe1ce680560d4f0049ffa0c687de17567421c1ec",
"status": "affected",
"version": "8474b02531c4881a762c52ef869c52429e38633f",
"versionType": "git"
},
{
"lessThan": "025c6643a81564f066d8381b9e2f4603e0f8438f",
"status": "affected",
"version": "8474b02531c4881a762c52ef869c52429e38633f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/host1x/dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpu: host1x: Fix a memory leak in \u0027host1x_remove()\u0027\n\nAdd a missing \u0027host1x_channel_list_free()\u0027 call in the remove function,\nas already done in the error handling path of the probe function."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:29.450Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6bb107332db28a0e9256c2d36a0902b85307612c"
},
{
"url": "https://git.kernel.org/stable/c/c06577a80485511b894cb688e881ef0bc2d1d296"
},
{
"url": "https://git.kernel.org/stable/c/5124a344983e1b9670dae7add0e4d00d589aabcd"
},
{
"url": "https://git.kernel.org/stable/c/fe1ce680560d4f0049ffa0c687de17567421c1ec"
},
{
"url": "https://git.kernel.org/stable/c/025c6643a81564f066d8381b9e2f4603e0f8438f"
}
],
"title": "gpu: host1x: Fix a memory leak in \u0027host1x_remove()\u0027",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47648",
"datePublished": "2025-02-26T01:54:16.100Z",
"dateReserved": "2025-02-26T01:48:21.520Z",
"dateUpdated": "2025-10-01T19:57:07.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49427 (GCVE-0-2022-49427)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/mediatek: Remove clk_disable in mtk_iommu_remove
After the commit b34ea31fe013 ("iommu/mediatek: Always enable the clk on
resume"), the iommu clock is controlled by the runtime callback.
thus remove the clk control in the mtk_iommu_remove.
Otherwise, it will warning like:
echo 14018000.iommu > /sys/bus/platform/drivers/mtk-iommu/unbind
[ 51.413044] ------------[ cut here ]------------
[ 51.413648] vpp0_smi_iommu already disabled
[ 51.414233] WARNING: CPU: 2 PID: 157 at */v5.15-rc1/kernel/mediatek/
drivers/clk/clk.c:952 clk_core_disable+0xb0/0xb8
[ 51.417174] Hardware name: MT8195V/C(ENG) (DT)
[ 51.418635] pc : clk_core_disable+0xb0/0xb8
[ 51.419177] lr : clk_core_disable+0xb0/0xb8
...
[ 51.429375] Call trace:
[ 51.429694] clk_core_disable+0xb0/0xb8
[ 51.430193] clk_core_disable_lock+0x24/0x40
[ 51.430745] clk_disable+0x20/0x30
[ 51.431189] mtk_iommu_remove+0x58/0x118
[ 51.431705] platform_remove+0x28/0x60
[ 51.432197] device_release_driver_internal+0x110/0x1f0
[ 51.432873] device_driver_detach+0x18/0x28
[ 51.433418] unbind_store+0xd4/0x108
[ 51.433886] drv_attr_store+0x24/0x38
[ 51.434363] sysfs_kf_write+0x40/0x58
[ 51.434843] kernfs_fop_write_iter+0x164/0x1e0
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/mtk_iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "053465ab20dcd324a43a1811ee98e5721e6a3e65",
"status": "affected",
"version": "b34ea31fe013569d42b7e8681ef3f717f77c5b72",
"versionType": "git"
},
{
"lessThan": "9b3bd97acb4f8954b8a43a5d63ed9050d463b4e1",
"status": "affected",
"version": "b34ea31fe013569d42b7e8681ef3f717f77c5b72",
"versionType": "git"
},
{
"lessThan": "6eaa046c696c83542c56765cdde564d9818ff1fb",
"status": "affected",
"version": "b34ea31fe013569d42b7e8681ef3f717f77c5b72",
"versionType": "git"
},
{
"lessThan": "98df772bdd1c4ce717a26289efea15cbbe4b64ed",
"status": "affected",
"version": "b34ea31fe013569d42b7e8681ef3f717f77c5b72",
"versionType": "git"
},
{
"status": "affected",
"version": "5cad9e2caa9613fdcd246bd4ebf0ffbec1cba2ca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/mtk_iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Remove clk_disable in mtk_iommu_remove\n\nAfter the commit b34ea31fe013 (\"iommu/mediatek: Always enable the clk on\nresume\"), the iommu clock is controlled by the runtime callback.\nthus remove the clk control in the mtk_iommu_remove.\n\nOtherwise, it will warning like:\n\necho 14018000.iommu \u003e /sys/bus/platform/drivers/mtk-iommu/unbind\n\n[ 51.413044] ------------[ cut here ]------------\n[ 51.413648] vpp0_smi_iommu already disabled\n[ 51.414233] WARNING: CPU: 2 PID: 157 at */v5.15-rc1/kernel/mediatek/\n drivers/clk/clk.c:952 clk_core_disable+0xb0/0xb8\n[ 51.417174] Hardware name: MT8195V/C(ENG) (DT)\n[ 51.418635] pc : clk_core_disable+0xb0/0xb8\n[ 51.419177] lr : clk_core_disable+0xb0/0xb8\n...\n[ 51.429375] Call trace:\n[ 51.429694] clk_core_disable+0xb0/0xb8\n[ 51.430193] clk_core_disable_lock+0x24/0x40\n[ 51.430745] clk_disable+0x20/0x30\n[ 51.431189] mtk_iommu_remove+0x58/0x118\n[ 51.431705] platform_remove+0x28/0x60\n[ 51.432197] device_release_driver_internal+0x110/0x1f0\n[ 51.432873] device_driver_detach+0x18/0x28\n[ 51.433418] unbind_store+0xd4/0x108\n[ 51.433886] drv_attr_store+0x24/0x38\n[ 51.434363] sysfs_kf_write+0x40/0x58\n[ 51.434843] kernfs_fop_write_iter+0x164/0x1e0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:41.612Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/053465ab20dcd324a43a1811ee98e5721e6a3e65"
},
{
"url": "https://git.kernel.org/stable/c/9b3bd97acb4f8954b8a43a5d63ed9050d463b4e1"
},
{
"url": "https://git.kernel.org/stable/c/6eaa046c696c83542c56765cdde564d9818ff1fb"
},
{
"url": "https://git.kernel.org/stable/c/98df772bdd1c4ce717a26289efea15cbbe4b64ed"
}
],
"title": "iommu/mediatek: Remove clk_disable in mtk_iommu_remove",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49427",
"datePublished": "2025-02-26T02:12:47.692Z",
"dateReserved": "2025-02-26T02:08:31.569Z",
"dateUpdated": "2025-05-04T12:44:41.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1048 (GCVE-0-2022-1048)
Vulnerability from cvelistv5
Published
2022-04-29 15:34
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai%40suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3"
},
{
"name": "DSA-5127",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5127"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220629-0001/"
},
{
"name": "DSA-5173",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel 5.17-rc9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the Linux kernel\u2019s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T10:06:10",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai%40suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3"
},
{
"name": "DSA-5127",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5127"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220629-0001/"
},
{
"name": "DSA-5173",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-1048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel 5.17-rc9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free flaw was found in the Linux kernel\u2019s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706"
},
{
"name": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai@suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3",
"refsource": "MISC",
"url": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai@suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3"
},
{
"name": "DSA-5127",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5127"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220629-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220629-0001/"
},
{
"name": "DSA-5173",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-1048",
"datePublished": "2022-04-29T15:34:44",
"dateReserved": "2022-03-22T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49327 (GCVE-0-2022-49327)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bcache: avoid journal no-space deadlock by reserving 1 journal bucket
The journal no-space deadlock was reported time to time. Such deadlock
can happen in the following situation.
When all journal buckets are fully filled by active jset with heavy
write I/O load, the cache set registration (after a reboot) will load
all active jsets and inserting them into the btree again (which is
called journal replay). If a journaled bkey is inserted into a btree
node and results btree node split, new journal request might be
triggered. For example, the btree grows one more level after the node
split, then the root node record in cache device super block will be
upgrade by bch_journal_meta() from bch_btree_set_root(). But there is no
space in journal buckets, the journal replay has to wait for new journal
bucket to be reclaimed after at least one journal bucket replayed. This
is one example that how the journal no-space deadlock happens.
The solution to avoid the deadlock is to reserve 1 journal bucket in
run time, and only permit the reserved journal bucket to be used during
cache set registration procedure for things like journal replay. Then
the journal space will never be fully filled, there is no chance for
journal no-space deadlock to happen anymore.
This patch adds a new member "bool do_reserve" in struct journal, it is
inititalized to 0 (false) when struct journal is allocated, and set to
1 (true) by bch_journal_space_reserve() when all initialization done in
run_cache_set(). In the run time when journal_reclaim() tries to
allocate a new journal bucket, free_journal_buckets() is called to check
whether there are enough free journal buckets to use. If there is only
1 free journal bucket and journal->do_reserve is 1 (true), the last
bucket is reserved and free_journal_buckets() will return 0 to indicate
no free journal bucket. Then journal_reclaim() will give up, and try
next time to see whetheer there is free journal bucket to allocate. By
this method, there is always 1 jouranl bucket reserved in run time.
During the cache set registration, journal->do_reserve is 0 (false), so
the reserved journal bucket can be used to avoid the no-space deadlock.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:43:27.047873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:55.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/bcache/journal.c",
"drivers/md/bcache/journal.h",
"drivers/md/bcache/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "59afd4f287900c8187e968a4153ed35e6b48efce",
"status": "affected",
"version": "cafe563591446cf80bfbc2fe3bc72a2e36cf1060",
"versionType": "git"
},
{
"lessThan": "5607652823ac65e2c6885e73bd46d5a4f9a20363",
"status": "affected",
"version": "cafe563591446cf80bfbc2fe3bc72a2e36cf1060",
"versionType": "git"
},
{
"lessThan": "6332ea3e35efa12dc08f0cbf5faea5e6e8eb0497",
"status": "affected",
"version": "cafe563591446cf80bfbc2fe3bc72a2e36cf1060",
"versionType": "git"
},
{
"lessThan": "1dda32aed6f62c163f38ff947ef5b3360e329159",
"status": "affected",
"version": "cafe563591446cf80bfbc2fe3bc72a2e36cf1060",
"versionType": "git"
},
{
"lessThan": "32feee36c30ea06e38ccb8ae6e5c44c6eec790a6",
"status": "affected",
"version": "cafe563591446cf80bfbc2fe3bc72a2e36cf1060",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/bcache/journal.c",
"drivers/md/bcache/journal.h",
"drivers/md/bcache/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: avoid journal no-space deadlock by reserving 1 journal bucket\n\nThe journal no-space deadlock was reported time to time. Such deadlock\ncan happen in the following situation.\n\nWhen all journal buckets are fully filled by active jset with heavy\nwrite I/O load, the cache set registration (after a reboot) will load\nall active jsets and inserting them into the btree again (which is\ncalled journal replay). If a journaled bkey is inserted into a btree\nnode and results btree node split, new journal request might be\ntriggered. For example, the btree grows one more level after the node\nsplit, then the root node record in cache device super block will be\nupgrade by bch_journal_meta() from bch_btree_set_root(). But there is no\nspace in journal buckets, the journal replay has to wait for new journal\nbucket to be reclaimed after at least one journal bucket replayed. This\nis one example that how the journal no-space deadlock happens.\n\nThe solution to avoid the deadlock is to reserve 1 journal bucket in\nrun time, and only permit the reserved journal bucket to be used during\ncache set registration procedure for things like journal replay. Then\nthe journal space will never be fully filled, there is no chance for\njournal no-space deadlock to happen anymore.\n\nThis patch adds a new member \"bool do_reserve\" in struct journal, it is\ninititalized to 0 (false) when struct journal is allocated, and set to\n1 (true) by bch_journal_space_reserve() when all initialization done in\nrun_cache_set(). In the run time when journal_reclaim() tries to\nallocate a new journal bucket, free_journal_buckets() is called to check\nwhether there are enough free journal buckets to use. If there is only\n1 free journal bucket and journal-\u003edo_reserve is 1 (true), the last\nbucket is reserved and free_journal_buckets() will return 0 to indicate\nno free journal bucket. Then journal_reclaim() will give up, and try\nnext time to see whetheer there is free journal bucket to allocate. By\nthis method, there is always 1 jouranl bucket reserved in run time.\n\nDuring the cache set registration, journal-\u003edo_reserve is 0 (false), so\nthe reserved journal bucket can be used to avoid the no-space deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:19:14.709Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/59afd4f287900c8187e968a4153ed35e6b48efce"
},
{
"url": "https://git.kernel.org/stable/c/5607652823ac65e2c6885e73bd46d5a4f9a20363"
},
{
"url": "https://git.kernel.org/stable/c/6332ea3e35efa12dc08f0cbf5faea5e6e8eb0497"
},
{
"url": "https://git.kernel.org/stable/c/1dda32aed6f62c163f38ff947ef5b3360e329159"
},
{
"url": "https://git.kernel.org/stable/c/32feee36c30ea06e38ccb8ae6e5c44c6eec790a6"
}
],
"title": "bcache: avoid journal no-space deadlock by reserving 1 journal bucket",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49327",
"datePublished": "2025-02-26T02:10:49.092Z",
"dateReserved": "2025-02-26T02:08:31.538Z",
"dateUpdated": "2025-10-01T19:46:55.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49232 (GCVE-0-2022-49232)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
In amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode()
is assigned to mode and is passed to drm_mode_probed_add() directly after
that. drm_mode_probed_add() passes &mode->head to list_add_tail(), and
there is a dereference of it in list_add_tail() without recoveries, which
could lead to NULL pointer dereference on failure of
amdgpu_dm_create_common_mode().
Fix this by adding a NULL check of mode.
This bug was found by a static analyzer.
Builds with 'make allyesconfig' show no new warnings,
and our static analyzer no longer warns about this code.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e7b07ceef2a650e5ed8ca37997689e086c680daf Version: e7b07ceef2a650e5ed8ca37997689e086c680daf Version: e7b07ceef2a650e5ed8ca37997689e086c680daf Version: e7b07ceef2a650e5ed8ca37997689e086c680daf Version: e7b07ceef2a650e5ed8ca37997689e086c680daf Version: e7b07ceef2a650e5ed8ca37997689e086c680daf Version: e7b07ceef2a650e5ed8ca37997689e086c680daf |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:46:07.786921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:03.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2c729dec8c1e3e2892fde5ce8181553860914e74",
"status": "affected",
"version": "e7b07ceef2a650e5ed8ca37997689e086c680daf",
"versionType": "git"
},
{
"lessThan": "57f4ad5e286fe4599c8fc63cf89f85f9eec7f9c9",
"status": "affected",
"version": "e7b07ceef2a650e5ed8ca37997689e086c680daf",
"versionType": "git"
},
{
"lessThan": "19a7eba284790cfbba2945deb2363cf03ce41648",
"status": "affected",
"version": "e7b07ceef2a650e5ed8ca37997689e086c680daf",
"versionType": "git"
},
{
"lessThan": "bdc7429708a0772d90c208975694f7c2133b1202",
"status": "affected",
"version": "e7b07ceef2a650e5ed8ca37997689e086c680daf",
"versionType": "git"
},
{
"lessThan": "f4eaa999fec78dec2a9c2d797438e05cbffb125b",
"status": "affected",
"version": "e7b07ceef2a650e5ed8ca37997689e086c680daf",
"versionType": "git"
},
{
"lessThan": "639b3b9def0a6a3f316a195d705d14113236e89c",
"status": "affected",
"version": "e7b07ceef2a650e5ed8ca37997689e086c680daf",
"versionType": "git"
},
{
"lessThan": "588a70177df3b1777484267584ef38ab2ca899a2",
"status": "affected",
"version": "e7b07ceef2a650e5ed8ca37997689e086c680daf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()\n\nIn amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode()\nis assigned to mode and is passed to drm_mode_probed_add() directly after\nthat. drm_mode_probed_add() passes \u0026mode-\u003ehead to list_add_tail(), and\nthere is a dereference of it in list_add_tail() without recoveries, which\ncould lead to NULL pointer dereference on failure of\namdgpu_dm_create_common_mode().\n\nFix this by adding a NULL check of mode.\n\nThis bug was found by a static analyzer.\n\nBuilds with \u0027make allyesconfig\u0027 show no new warnings,\nand our static analyzer no longer warns about this code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:58.588Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2c729dec8c1e3e2892fde5ce8181553860914e74"
},
{
"url": "https://git.kernel.org/stable/c/57f4ad5e286fe4599c8fc63cf89f85f9eec7f9c9"
},
{
"url": "https://git.kernel.org/stable/c/19a7eba284790cfbba2945deb2363cf03ce41648"
},
{
"url": "https://git.kernel.org/stable/c/bdc7429708a0772d90c208975694f7c2133b1202"
},
{
"url": "https://git.kernel.org/stable/c/f4eaa999fec78dec2a9c2d797438e05cbffb125b"
},
{
"url": "https://git.kernel.org/stable/c/639b3b9def0a6a3f316a195d705d14113236e89c"
},
{
"url": "https://git.kernel.org/stable/c/588a70177df3b1777484267584ef38ab2ca899a2"
}
],
"title": "drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49232",
"datePublished": "2025-02-26T01:55:58.618Z",
"dateReserved": "2025-02-26T01:49:39.293Z",
"dateUpdated": "2025-10-01T19:47:03.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49434 (GCVE-0-2022-49434)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
The sysfs sriov_numvfs_store() path acquires the device lock before the
config space access lock:
sriov_numvfs_store
device_lock # A (1) acquire device lock
sriov_configure
vfio_pci_sriov_configure # (for example)
vfio_pci_core_sriov_configure
pci_disable_sriov
sriov_disable
pci_cfg_access_lock
pci_wait_cfg # B (4) wait for dev->block_cfg_access == 0
Previously, pci_dev_lock() acquired the config space access lock before the
device lock:
pci_dev_lock
pci_cfg_access_lock
dev->block_cfg_access = 1 # B (2) set dev->block_cfg_access = 1
device_lock # A (3) wait for device lock
Any path that uses pci_dev_lock(), e.g., pci_reset_function(), may
deadlock with sriov_numvfs_store() if the operations occur in the sequence
(1) (2) (3) (4).
Avoid the deadlock by reversing the order in pci_dev_lock() so it acquires
the device lock before the config space access lock, the same as the
sriov_numvfs_store() path.
[bhelgaas: combined and adapted commit log from Jay Zhou's independent
subsequent posting:
https://lore.kernel.org/r/20220404062539.1710-1-jianjay.zhou@huawei.com]
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pci/pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "da9792920ab525b8a932aa9aeee34529ad7b83f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c3c6dc1853b8bf3c718f96fd8480a6eb09ba4831",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "aed6d4d519210c28817948f34c53b6e058e0456c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c9a81f9ed6ae3554621d6a50220b1bc74b67d81e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eff3587b9c01439b738298475e555c028ac9f55e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2cdd5284035322795b0964f899eefba254cfe483",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ea047f51172aa68841adef7f52d375002438b8f0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "59ea6b3ae51df7cd6bfd84c9c0030609b9315622",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a91ee0e9fca9d7501286cfbced9b30a33e52740a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pci/pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()\n\nThe sysfs sriov_numvfs_store() path acquires the device lock before the\nconfig space access lock:\n\n sriov_numvfs_store\n device_lock # A (1) acquire device lock\n sriov_configure\n vfio_pci_sriov_configure # (for example)\n vfio_pci_core_sriov_configure\n pci_disable_sriov\n sriov_disable\n pci_cfg_access_lock\n pci_wait_cfg # B (4) wait for dev-\u003eblock_cfg_access == 0\n\nPreviously, pci_dev_lock() acquired the config space access lock before the\ndevice lock:\n\n pci_dev_lock\n pci_cfg_access_lock\n dev-\u003eblock_cfg_access = 1 # B (2) set dev-\u003eblock_cfg_access = 1\n device_lock # A (3) wait for device lock\n\nAny path that uses pci_dev_lock(), e.g., pci_reset_function(), may\ndeadlock with sriov_numvfs_store() if the operations occur in the sequence\n(1) (2) (3) (4).\n\nAvoid the deadlock by reversing the order in pci_dev_lock() so it acquires\nthe device lock before the config space access lock, the same as the\nsriov_numvfs_store() path.\n\n[bhelgaas: combined and adapted commit log from Jay Zhou\u0027s independent\nsubsequent posting:\nhttps://lore.kernel.org/r/20220404062539.1710-1-jianjay.zhou@huawei.com]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:35.051Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/da9792920ab525b8a932aa9aeee34529ad7b83f7"
},
{
"url": "https://git.kernel.org/stable/c/c3c6dc1853b8bf3c718f96fd8480a6eb09ba4831"
},
{
"url": "https://git.kernel.org/stable/c/aed6d4d519210c28817948f34c53b6e058e0456c"
},
{
"url": "https://git.kernel.org/stable/c/c9a81f9ed6ae3554621d6a50220b1bc74b67d81e"
},
{
"url": "https://git.kernel.org/stable/c/eff3587b9c01439b738298475e555c028ac9f55e"
},
{
"url": "https://git.kernel.org/stable/c/2cdd5284035322795b0964f899eefba254cfe483"
},
{
"url": "https://git.kernel.org/stable/c/ea047f51172aa68841adef7f52d375002438b8f0"
},
{
"url": "https://git.kernel.org/stable/c/59ea6b3ae51df7cd6bfd84c9c0030609b9315622"
},
{
"url": "https://git.kernel.org/stable/c/a91ee0e9fca9d7501286cfbced9b30a33e52740a"
}
],
"title": "PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49434",
"datePublished": "2025-02-26T02:12:51.068Z",
"dateReserved": "2025-02-26T02:08:31.570Z",
"dateUpdated": "2025-05-04T08:37:35.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49704 (GCVE-0-2022-49704)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
9p: fix fid refcount leak in v9fs_vfs_get_link
we check for protocol version later than required, after a fid has
been obtained. Just move the version check earlier.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:32:36.007976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:45.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f0126bcaee81dabc1926012126aa74caa03a4c6e",
"status": "affected",
"version": "6636b6dcc3db2258cd0585b8078c1c225c4b6dde",
"versionType": "git"
},
{
"lessThan": "e7b6d622bd812013eb39c8f4cd65b7ee8ede1e02",
"status": "affected",
"version": "6636b6dcc3db2258cd0585b8078c1c225c4b6dde",
"versionType": "git"
},
{
"lessThan": "e5690f263208c5abce7451370b7786eb25b405eb",
"status": "affected",
"version": "6636b6dcc3db2258cd0585b8078c1c225c4b6dde",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p: fix fid refcount leak in v9fs_vfs_get_link\n\nwe check for protocol version later than required, after a fid has\nbeen obtained. Just move the version check earlier."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:37.789Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f0126bcaee81dabc1926012126aa74caa03a4c6e"
},
{
"url": "https://git.kernel.org/stable/c/e7b6d622bd812013eb39c8f4cd65b7ee8ede1e02"
},
{
"url": "https://git.kernel.org/stable/c/e5690f263208c5abce7451370b7786eb25b405eb"
}
],
"title": "9p: fix fid refcount leak in v9fs_vfs_get_link",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49704",
"datePublished": "2025-02-26T02:24:23.384Z",
"dateReserved": "2025-02-26T02:21:30.443Z",
"dateUpdated": "2025-10-01T19:36:45.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49414 (GCVE-0-2022-49414)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix race condition between ext4_write and ext4_convert_inline_data
Hulk Robot reported a BUG_ON:
==================================================================
EXT4-fs error (device loop3): ext4_mb_generate_buddy:805: group 0,
block bitmap and bg descriptor inconsistent: 25 vs 31513 free clusters
kernel BUG at fs/ext4/ext4_jbd2.c:53!
invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 PID: 25371 Comm: syz-executor.3 Not tainted 5.10.0+ #1
RIP: 0010:ext4_put_nojournal fs/ext4/ext4_jbd2.c:53 [inline]
RIP: 0010:__ext4_journal_stop+0x10e/0x110 fs/ext4/ext4_jbd2.c:116
[...]
Call Trace:
ext4_write_inline_data_end+0x59a/0x730 fs/ext4/inline.c:795
generic_perform_write+0x279/0x3c0 mm/filemap.c:3344
ext4_buffered_write_iter+0x2e3/0x3d0 fs/ext4/file.c:270
ext4_file_write_iter+0x30a/0x11c0 fs/ext4/file.c:520
do_iter_readv_writev+0x339/0x3c0 fs/read_write.c:732
do_iter_write+0x107/0x430 fs/read_write.c:861
vfs_writev fs/read_write.c:934 [inline]
do_pwritev+0x1e5/0x380 fs/read_write.c:1031
[...]
==================================================================
Above issue may happen as follows:
cpu1 cpu2
__________________________|__________________________
do_pwritev
vfs_writev
do_iter_write
ext4_file_write_iter
ext4_buffered_write_iter
generic_perform_write
ext4_da_write_begin
vfs_fallocate
ext4_fallocate
ext4_convert_inline_data
ext4_convert_inline_data_nolock
ext4_destroy_inline_data_nolock
clear EXT4_STATE_MAY_INLINE_DATA
ext4_map_blocks
ext4_ext_map_blocks
ext4_mb_new_blocks
ext4_mb_regular_allocator
ext4_mb_good_group_nolock
ext4_mb_init_group
ext4_mb_init_cache
ext4_mb_generate_buddy --> error
ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)
ext4_restore_inline_data
set EXT4_STATE_MAY_INLINE_DATA
ext4_block_write_begin
ext4_da_write_end
ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)
ext4_write_inline_data_end
handle=NULL
ext4_journal_stop(handle)
__ext4_journal_stop
ext4_put_nojournal(handle)
ref_cnt = (unsigned long)handle
BUG_ON(ref_cnt == 0) ---> BUG_ON
The lock held by ext4_convert_inline_data is xattr_sem, but the lock
held by generic_perform_write is i_rwsem. Therefore, the two locks can
be concurrent.
To solve above issue, we add inode_lock() for ext4_convert_inline_data().
At the same time, move ext4_convert_inline_data() in front of
ext4_punch_hole(), remove similar handling from ext4_punch_hole().
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf Version: 0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf Version: 0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf Version: 0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf Version: 0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf Version: 0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:09.175529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:50.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c",
"fs/ext4/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "18881d7e517169193d9ef6c89c7f322e3e164277",
"status": "affected",
"version": "0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf",
"versionType": "git"
},
{
"lessThan": "91f90b571f1a23f5b8a9c2b68a9aa5d6981a3c3d",
"status": "affected",
"version": "0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf",
"versionType": "git"
},
{
"lessThan": "14602353b350950b551eccc6b46411aa3b12ffe2",
"status": "affected",
"version": "0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf",
"versionType": "git"
},
{
"lessThan": "725e00cb7039eae291890f1bb19bc867176745f6",
"status": "affected",
"version": "0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf",
"versionType": "git"
},
{
"lessThan": "ccc6639f831bee91aa8b41c8a1cdd020ecfb9f32",
"status": "affected",
"version": "0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf",
"versionType": "git"
},
{
"lessThan": "f87c7a4b084afc13190cbb263538e444cb2b392a",
"status": "affected",
"version": "0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c",
"fs/ext4/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix race condition between ext4_write and ext4_convert_inline_data\n\nHulk Robot reported a BUG_ON:\n ==================================================================\n EXT4-fs error (device loop3): ext4_mb_generate_buddy:805: group 0,\n block bitmap and bg descriptor inconsistent: 25 vs 31513 free clusters\n kernel BUG at fs/ext4/ext4_jbd2.c:53!\n invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 0 PID: 25371 Comm: syz-executor.3 Not tainted 5.10.0+ #1\n RIP: 0010:ext4_put_nojournal fs/ext4/ext4_jbd2.c:53 [inline]\n RIP: 0010:__ext4_journal_stop+0x10e/0x110 fs/ext4/ext4_jbd2.c:116\n [...]\n Call Trace:\n ext4_write_inline_data_end+0x59a/0x730 fs/ext4/inline.c:795\n generic_perform_write+0x279/0x3c0 mm/filemap.c:3344\n ext4_buffered_write_iter+0x2e3/0x3d0 fs/ext4/file.c:270\n ext4_file_write_iter+0x30a/0x11c0 fs/ext4/file.c:520\n do_iter_readv_writev+0x339/0x3c0 fs/read_write.c:732\n do_iter_write+0x107/0x430 fs/read_write.c:861\n vfs_writev fs/read_write.c:934 [inline]\n do_pwritev+0x1e5/0x380 fs/read_write.c:1031\n [...]\n ==================================================================\n\nAbove issue may happen as follows:\n cpu1 cpu2\n__________________________|__________________________\ndo_pwritev\n vfs_writev\n do_iter_write\n ext4_file_write_iter\n ext4_buffered_write_iter\n generic_perform_write\n ext4_da_write_begin\n vfs_fallocate\n ext4_fallocate\n ext4_convert_inline_data\n ext4_convert_inline_data_nolock\n ext4_destroy_inline_data_nolock\n clear EXT4_STATE_MAY_INLINE_DATA\n ext4_map_blocks\n ext4_ext_map_blocks\n ext4_mb_new_blocks\n ext4_mb_regular_allocator\n ext4_mb_good_group_nolock\n ext4_mb_init_group\n ext4_mb_init_cache\n ext4_mb_generate_buddy --\u003e error\n ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)\n ext4_restore_inline_data\n set EXT4_STATE_MAY_INLINE_DATA\n ext4_block_write_begin\n ext4_da_write_end\n ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)\n ext4_write_inline_data_end\n handle=NULL\n ext4_journal_stop(handle)\n __ext4_journal_stop\n ext4_put_nojournal(handle)\n ref_cnt = (unsigned long)handle\n BUG_ON(ref_cnt == 0) ---\u003e BUG_ON\n\nThe lock held by ext4_convert_inline_data is xattr_sem, but the lock\nheld by generic_perform_write is i_rwsem. Therefore, the two locks can\nbe concurrent.\n\nTo solve above issue, we add inode_lock() for ext4_convert_inline_data().\nAt the same time, move ext4_convert_inline_data() in front of\next4_punch_hole(), remove similar handling from ext4_punch_hole()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:10.389Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/18881d7e517169193d9ef6c89c7f322e3e164277"
},
{
"url": "https://git.kernel.org/stable/c/91f90b571f1a23f5b8a9c2b68a9aa5d6981a3c3d"
},
{
"url": "https://git.kernel.org/stable/c/14602353b350950b551eccc6b46411aa3b12ffe2"
},
{
"url": "https://git.kernel.org/stable/c/725e00cb7039eae291890f1bb19bc867176745f6"
},
{
"url": "https://git.kernel.org/stable/c/ccc6639f831bee91aa8b41c8a1cdd020ecfb9f32"
},
{
"url": "https://git.kernel.org/stable/c/f87c7a4b084afc13190cbb263538e444cb2b392a"
}
],
"title": "ext4: fix race condition between ext4_write and ext4_convert_inline_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49414",
"datePublished": "2025-02-26T02:12:35.083Z",
"dateReserved": "2025-02-26T02:08:31.568Z",
"dateUpdated": "2025-10-01T19:46:50.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49153 (GCVE-0-2022-49153)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wireguard: socket: free skb in send6 when ipv6 is disabled
I got a memory leak report:
unreferenced object 0xffff8881191fc040 (size 232):
comm "kworker/u17:0", pid 23193, jiffies 4295238848 (age 3464.870s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff814c3ef4>] slab_post_alloc_hook+0x84/0x3b0
[<ffffffff814c8977>] kmem_cache_alloc_node+0x167/0x340
[<ffffffff832974fb>] __alloc_skb+0x1db/0x200
[<ffffffff82612b5d>] wg_socket_send_buffer_to_peer+0x3d/0xc0
[<ffffffff8260e94a>] wg_packet_send_handshake_initiation+0xfa/0x110
[<ffffffff8260ec81>] wg_packet_handshake_send_worker+0x21/0x30
[<ffffffff8119c558>] process_one_work+0x2e8/0x770
[<ffffffff8119ca2a>] worker_thread+0x4a/0x4b0
[<ffffffff811a88e0>] kthread+0x120/0x160
[<ffffffff8100242f>] ret_from_fork+0x1f/0x30
In function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_
buffer_to_peer(), the semantics of send6() is required to free skb. But
when CONFIG_IPV6 is disable, kfree_skb() is missing. This patch adds it
to fix this bug.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:47:43.493008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:01.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireguard/socket.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "096f9d35cac0a0c95ffafc00db84786b665a4837",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "402991a9771587acc2947cf6c4d689c5397f2258",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "ebcc492f4ba14bae54b898f1016a37b4282558d1",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "0b19bcb753dbfb74710d12bb2761ec5ed706c726",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
},
{
"lessThan": "bbbf962d9460194993ee1943a793a0a0af4a7fbf",
"status": "affected",
"version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireguard/socket.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: socket: free skb in send6 when ipv6 is disabled\n\nI got a memory leak report:\n\nunreferenced object 0xffff8881191fc040 (size 232):\n comm \"kworker/u17:0\", pid 23193, jiffies 4295238848 (age 3464.870s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffff814c3ef4\u003e] slab_post_alloc_hook+0x84/0x3b0\n [\u003cffffffff814c8977\u003e] kmem_cache_alloc_node+0x167/0x340\n [\u003cffffffff832974fb\u003e] __alloc_skb+0x1db/0x200\n [\u003cffffffff82612b5d\u003e] wg_socket_send_buffer_to_peer+0x3d/0xc0\n [\u003cffffffff8260e94a\u003e] wg_packet_send_handshake_initiation+0xfa/0x110\n [\u003cffffffff8260ec81\u003e] wg_packet_handshake_send_worker+0x21/0x30\n [\u003cffffffff8119c558\u003e] process_one_work+0x2e8/0x770\n [\u003cffffffff8119ca2a\u003e] worker_thread+0x4a/0x4b0\n [\u003cffffffff811a88e0\u003e] kthread+0x120/0x160\n [\u003cffffffff8100242f\u003e] ret_from_fork+0x1f/0x30\n\nIn function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_\nbuffer_to_peer(), the semantics of send6() is required to free skb. But\nwhen CONFIG_IPV6 is disable, kfree_skb() is missing. This patch adds it\nto fix this bug."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:07.768Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/096f9d35cac0a0c95ffafc00db84786b665a4837"
},
{
"url": "https://git.kernel.org/stable/c/402991a9771587acc2947cf6c4d689c5397f2258"
},
{
"url": "https://git.kernel.org/stable/c/ebcc492f4ba14bae54b898f1016a37b4282558d1"
},
{
"url": "https://git.kernel.org/stable/c/0b19bcb753dbfb74710d12bb2761ec5ed706c726"
},
{
"url": "https://git.kernel.org/stable/c/bbbf962d9460194993ee1943a793a0a0af4a7fbf"
}
],
"title": "wireguard: socket: free skb in send6 when ipv6 is disabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49153",
"datePublished": "2025-02-26T01:55:18.745Z",
"dateReserved": "2025-02-26T01:49:39.275Z",
"dateUpdated": "2025-10-01T19:57:01.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49385 (GCVE-0-2022-49385)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
driver: base: fix UAF when driver_attach failed
When driver_attach(drv); failed, the driver_private will be freed.
But it has been added to the bus, which caused a UAF.
To fix it, we need to delete it from the bus when failed.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 190888ac01d059e38ffe77a2291d44cafa9016fb Version: 190888ac01d059e38ffe77a2291d44cafa9016fb Version: 190888ac01d059e38ffe77a2291d44cafa9016fb Version: 190888ac01d059e38ffe77a2291d44cafa9016fb Version: 190888ac01d059e38ffe77a2291d44cafa9016fb Version: 190888ac01d059e38ffe77a2291d44cafa9016fb |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:58:41.954887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:28.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5d709f58c743166fe1c6914b9de0ae8868600d9b",
"status": "affected",
"version": "190888ac01d059e38ffe77a2291d44cafa9016fb",
"versionType": "git"
},
{
"lessThan": "823f24f2e329babd0330200d0b74882516fe57f4",
"status": "affected",
"version": "190888ac01d059e38ffe77a2291d44cafa9016fb",
"versionType": "git"
},
{
"lessThan": "cdf1a683a01583bca4b618dd16223cbd6e462e21",
"status": "affected",
"version": "190888ac01d059e38ffe77a2291d44cafa9016fb",
"versionType": "git"
},
{
"lessThan": "5389101257828d1913d713d9a40acbe14f5961df",
"status": "affected",
"version": "190888ac01d059e38ffe77a2291d44cafa9016fb",
"versionType": "git"
},
{
"lessThan": "c059665c84feab46b7173d3a1bf36c2fb7f9df86",
"status": "affected",
"version": "190888ac01d059e38ffe77a2291d44cafa9016fb",
"versionType": "git"
},
{
"lessThan": "310862e574001a97ad02272bac0fd13f75f42a27",
"status": "affected",
"version": "190888ac01d059e38ffe77a2291d44cafa9016fb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: base: fix UAF when driver_attach failed\n\nWhen driver_attach(drv); failed, the driver_private will be freed.\nBut it has been added to the bus, which caused a UAF.\n\nTo fix it, we need to delete it from the bus when failed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:33.613Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d709f58c743166fe1c6914b9de0ae8868600d9b"
},
{
"url": "https://git.kernel.org/stable/c/823f24f2e329babd0330200d0b74882516fe57f4"
},
{
"url": "https://git.kernel.org/stable/c/cdf1a683a01583bca4b618dd16223cbd6e462e21"
},
{
"url": "https://git.kernel.org/stable/c/5389101257828d1913d713d9a40acbe14f5961df"
},
{
"url": "https://git.kernel.org/stable/c/c059665c84feab46b7173d3a1bf36c2fb7f9df86"
},
{
"url": "https://git.kernel.org/stable/c/310862e574001a97ad02272bac0fd13f75f42a27"
}
],
"title": "driver: base: fix UAF when driver_attach failed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49385",
"datePublished": "2025-02-26T02:11:20.725Z",
"dateReserved": "2025-02-26T02:08:31.560Z",
"dateUpdated": "2025-05-04T08:36:33.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49441 (GCVE-0-2022-49441)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: fix deadlock caused by calling printk() under tty_port->lock
pty_write() invokes kmalloc() which may invoke a normal printk() to print
failure message. This can cause a deadlock in the scenario reported by
syz-bot below:
CPU0 CPU1 CPU2
---- ---- ----
lock(console_owner);
lock(&port_lock_key);
lock(&port->lock);
lock(&port_lock_key);
lock(&port->lock);
lock(console_owner);
As commit dbdda842fe96 ("printk: Add console owner and waiter logic to
load balance console writes") said, such deadlock can be prevented by
using printk_deferred() in kmalloc() (which is invoked in the section
guarded by the port->lock). But there are too many printk() on the
kmalloc() path, and kmalloc() can be called from anywhere, so changing
printk() to printk_deferred() is too complicated and inelegant.
Therefore, this patch chooses to specify __GFP_NOWARN to kmalloc(), so
that printk() will not be called, and this deadlock problem can be
avoided.
Syzbot reported the following lockdep error:
======================================================
WARNING: possible circular locking dependency detected
5.4.143-00237-g08ccc19a-dirty #10 Not tainted
------------------------------------------------------
syz-executor.4/29420 is trying to acquire lock:
ffffffff8aedb2a0 (console_owner){....}-{0:0}, at: console_trylock_spinning kernel/printk/printk.c:1752 [inline]
ffffffff8aedb2a0 (console_owner){....}-{0:0}, at: vprintk_emit+0x2ca/0x470 kernel/printk/printk.c:2023
but task is already holding lock:
ffff8880119c9158 (&port->lock){-.-.}-{2:2}, at: pty_write+0xf4/0x1f0 drivers/tty/pty.c:120
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&port->lock){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159
tty_port_tty_get drivers/tty/tty_port.c:288 [inline] <-- lock(&port->lock);
tty_port_default_wakeup+0x1d/0xb0 drivers/tty/tty_port.c:47
serial8250_tx_chars+0x530/0xa80 drivers/tty/serial/8250/8250_port.c:1767
serial8250_handle_irq.part.0+0x31f/0x3d0 drivers/tty/serial/8250/8250_port.c:1854
serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1827 [inline] <-- lock(&port_lock_key);
serial8250_default_handle_irq+0xb2/0x220 drivers/tty/serial/8250/8250_port.c:1870
serial8250_interrupt+0xfd/0x200 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x109/0xa50 kernel/irq/handle.c:156
[...]
-> #1 (&port_lock_key){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159
serial8250_console_write+0x184/0xa40 drivers/tty/serial/8250/8250_port.c:3198
<-- lock(&port_lock_key);
call_console_drivers kernel/printk/printk.c:1819 [inline]
console_unlock+0x8cb/0xd00 kernel/printk/printk.c:2504
vprintk_emit+0x1b5/0x470 kernel/printk/printk.c:2024 <-- lock(console_owner);
vprintk_func+0x8d/0x250 kernel/printk/printk_safe.c:394
printk+0xba/0xed kernel/printk/printk.c:2084
register_console+0x8b3/0xc10 kernel/printk/printk.c:2829
univ8250_console_init+0x3a/0x46 drivers/tty/serial/8250/8250_core.c:681
console_init+0x49d/0x6d3 kernel/printk/printk.c:2915
start_kernel+0x5e9/0x879 init/main.c:713
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241
-> #0 (console_owner){....}-{0:0}:
[...]
lock_acquire+0x127/0x340 kernel/locking/lockdep.c:4734
console_trylock_spinning kernel/printk/printk.c:1773
---truncated---
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d83904cb2eb2c4d937eaf15032214b0578f25099 Version: deb1feaad03a78b545c949e54582ae57b3c56982 Version: b6da31b2c07c46f2dcad1d86caa835227a16d9ff Version: b6da31b2c07c46f2dcad1d86caa835227a16d9ff Version: b6da31b2c07c46f2dcad1d86caa835227a16d9ff Version: b6da31b2c07c46f2dcad1d86caa835227a16d9ff Version: b6da31b2c07c46f2dcad1d86caa835227a16d9ff Version: b6da31b2c07c46f2dcad1d86caa835227a16d9ff Version: b6da31b2c07c46f2dcad1d86caa835227a16d9ff Version: 6d9cd12792270773fab9e5a129daff328d61ef9e Version: 6dbfa9b5ae65063cd61dc7fa11332e00bb794d8b Version: 60c4e8db32815474bfaeabe888ebb14e698caea1 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:40:56.105263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:49.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/tty_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4af21b12a60ed2d3642284f4f85b42d7dc6ac246",
"status": "affected",
"version": "d83904cb2eb2c4d937eaf15032214b0578f25099",
"versionType": "git"
},
{
"lessThan": "4c253caf9264d2aa47ee806a87986dd8eb91a5d9",
"status": "affected",
"version": "deb1feaad03a78b545c949e54582ae57b3c56982",
"versionType": "git"
},
{
"lessThan": "04ee31678c128a6cc7bb057ea189a8624ba5a314",
"status": "affected",
"version": "b6da31b2c07c46f2dcad1d86caa835227a16d9ff",
"versionType": "git"
},
{
"lessThan": "3219ac364ac3d8d30771612a6010f1e0b7fa0a28",
"status": "affected",
"version": "b6da31b2c07c46f2dcad1d86caa835227a16d9ff",
"versionType": "git"
},
{
"lessThan": "9834b13e8b962caa28fbcf1f422dd82413da4ede",
"status": "affected",
"version": "b6da31b2c07c46f2dcad1d86caa835227a16d9ff",
"versionType": "git"
},
{
"lessThan": "18ca0d55e8639b911df8aae1b47598b13f9acded",
"status": "affected",
"version": "b6da31b2c07c46f2dcad1d86caa835227a16d9ff",
"versionType": "git"
},
{
"lessThan": "b3c974501d0c32258ae0e04e5cc3fb92383b40f6",
"status": "affected",
"version": "b6da31b2c07c46f2dcad1d86caa835227a16d9ff",
"versionType": "git"
},
{
"lessThan": "0bcf44903ef4df742dcada86ccaedd25374ffb50",
"status": "affected",
"version": "b6da31b2c07c46f2dcad1d86caa835227a16d9ff",
"versionType": "git"
},
{
"lessThan": "6b9dbedbe3499fef862c4dff5217cf91f34e43b3",
"status": "affected",
"version": "b6da31b2c07c46f2dcad1d86caa835227a16d9ff",
"versionType": "git"
},
{
"status": "affected",
"version": "6d9cd12792270773fab9e5a129daff328d61ef9e",
"versionType": "git"
},
{
"status": "affected",
"version": "6dbfa9b5ae65063cd61dc7fa11332e00bb794d8b",
"versionType": "git"
},
{
"status": "affected",
"version": "60c4e8db32815474bfaeabe888ebb14e698caea1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/tty_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "4.9.117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.14.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.17.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: fix deadlock caused by calling printk() under tty_port-\u003elock\n\npty_write() invokes kmalloc() which may invoke a normal printk() to print\nfailure message. This can cause a deadlock in the scenario reported by\nsyz-bot below:\n\n CPU0 CPU1 CPU2\n ---- ---- ----\n lock(console_owner);\n lock(\u0026port_lock_key);\n lock(\u0026port-\u003elock);\n lock(\u0026port_lock_key);\n lock(\u0026port-\u003elock);\n lock(console_owner);\n\nAs commit dbdda842fe96 (\"printk: Add console owner and waiter logic to\nload balance console writes\") said, such deadlock can be prevented by\nusing printk_deferred() in kmalloc() (which is invoked in the section\nguarded by the port-\u003elock). But there are too many printk() on the\nkmalloc() path, and kmalloc() can be called from anywhere, so changing\nprintk() to printk_deferred() is too complicated and inelegant.\n\nTherefore, this patch chooses to specify __GFP_NOWARN to kmalloc(), so\nthat printk() will not be called, and this deadlock problem can be\navoided.\n\nSyzbot reported the following lockdep error:\n\n======================================================\nWARNING: possible circular locking dependency detected\n5.4.143-00237-g08ccc19a-dirty #10 Not tainted\n------------------------------------------------------\nsyz-executor.4/29420 is trying to acquire lock:\nffffffff8aedb2a0 (console_owner){....}-{0:0}, at: console_trylock_spinning kernel/printk/printk.c:1752 [inline]\nffffffff8aedb2a0 (console_owner){....}-{0:0}, at: vprintk_emit+0x2ca/0x470 kernel/printk/printk.c:2023\n\nbut task is already holding lock:\nffff8880119c9158 (\u0026port-\u003elock){-.-.}-{2:2}, at: pty_write+0xf4/0x1f0 drivers/tty/pty.c:120\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (\u0026port-\u003elock){-.-.}-{2:2}:\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159\n tty_port_tty_get drivers/tty/tty_port.c:288 [inline] \t\t\u003c-- lock(\u0026port-\u003elock);\n tty_port_default_wakeup+0x1d/0xb0 drivers/tty/tty_port.c:47\n serial8250_tx_chars+0x530/0xa80 drivers/tty/serial/8250/8250_port.c:1767\n serial8250_handle_irq.part.0+0x31f/0x3d0 drivers/tty/serial/8250/8250_port.c:1854\n serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1827 [inline] \t\u003c-- lock(\u0026port_lock_key);\n serial8250_default_handle_irq+0xb2/0x220 drivers/tty/serial/8250/8250_port.c:1870\n serial8250_interrupt+0xfd/0x200 drivers/tty/serial/8250/8250_core.c:126\n __handle_irq_event_percpu+0x109/0xa50 kernel/irq/handle.c:156\n [...]\n\n-\u003e #1 (\u0026port_lock_key){-.-.}-{2:2}:\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159\n serial8250_console_write+0x184/0xa40 drivers/tty/serial/8250/8250_port.c:3198\n\t\t\t\t\t\t\t\t\t\t\u003c-- lock(\u0026port_lock_key);\n call_console_drivers kernel/printk/printk.c:1819 [inline]\n console_unlock+0x8cb/0xd00 kernel/printk/printk.c:2504\n vprintk_emit+0x1b5/0x470 kernel/printk/printk.c:2024\t\t\t\u003c-- lock(console_owner);\n vprintk_func+0x8d/0x250 kernel/printk/printk_safe.c:394\n printk+0xba/0xed kernel/printk/printk.c:2084\n register_console+0x8b3/0xc10 kernel/printk/printk.c:2829\n univ8250_console_init+0x3a/0x46 drivers/tty/serial/8250/8250_core.c:681\n console_init+0x49d/0x6d3 kernel/printk/printk.c:2915\n start_kernel+0x5e9/0x879 init/main.c:713\n secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241\n\n-\u003e #0 (console_owner){....}-{0:0}:\n [...]\n lock_acquire+0x127/0x340 kernel/locking/lockdep.c:4734\n console_trylock_spinning kernel/printk/printk.c:1773 \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:42.797Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4af21b12a60ed2d3642284f4f85b42d7dc6ac246"
},
{
"url": "https://git.kernel.org/stable/c/4c253caf9264d2aa47ee806a87986dd8eb91a5d9"
},
{
"url": "https://git.kernel.org/stable/c/04ee31678c128a6cc7bb057ea189a8624ba5a314"
},
{
"url": "https://git.kernel.org/stable/c/3219ac364ac3d8d30771612a6010f1e0b7fa0a28"
},
{
"url": "https://git.kernel.org/stable/c/9834b13e8b962caa28fbcf1f422dd82413da4ede"
},
{
"url": "https://git.kernel.org/stable/c/18ca0d55e8639b911df8aae1b47598b13f9acded"
},
{
"url": "https://git.kernel.org/stable/c/b3c974501d0c32258ae0e04e5cc3fb92383b40f6"
},
{
"url": "https://git.kernel.org/stable/c/0bcf44903ef4df742dcada86ccaedd25374ffb50"
},
{
"url": "https://git.kernel.org/stable/c/6b9dbedbe3499fef862c4dff5217cf91f34e43b3"
}
],
"title": "tty: fix deadlock caused by calling printk() under tty_port-\u003elock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49441",
"datePublished": "2025-02-26T02:12:54.649Z",
"dateReserved": "2025-02-26T02:08:31.570Z",
"dateUpdated": "2025-10-01T19:46:49.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49103 (GCVE-0-2022-49103)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
[You don't often get email from xiongx18@fudan.edu.cn. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.]
The reference counting issue happens in two error paths in the
function _nfs42_proc_copy_notify(). In both error paths, the function
simply returns the error code and forgets to balance the refcount of
object `ctx`, bumped by get_nfs_open_context() earlier, which may
cause refcount leaks.
Fix it by balancing refcount of the `ctx` object before the function
returns in both error paths.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:49:20.520133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:05.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/nfs42proc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9b9feec97c1fc7dd9bb69f62c4905cddf1801599",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b37f482ba9f0e6382c188e3fccf6c4b2fdc938eb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fb73bf6305f4eb8f0cf9a61ee874d55f019d6dc4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f46f632f9cfae4b2e3635fa58840a8ec584c42e3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b7f114edd54326f730a754547e7cfb197b5bc132",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/nfs42proc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()\n\n[You don\u0027t often get email from xiongx18@fudan.edu.cn. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.]\n\nThe reference counting issue happens in two error paths in the\nfunction _nfs42_proc_copy_notify(). In both error paths, the function\nsimply returns the error code and forgets to balance the refcount of\nobject `ctx`, bumped by get_nfs_open_context() earlier, which may\ncause refcount leaks.\n\nFix it by balancing refcount of the `ctx` object before the function\nreturns in both error paths."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:55.358Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9b9feec97c1fc7dd9bb69f62c4905cddf1801599"
},
{
"url": "https://git.kernel.org/stable/c/b37f482ba9f0e6382c188e3fccf6c4b2fdc938eb"
},
{
"url": "https://git.kernel.org/stable/c/fb73bf6305f4eb8f0cf9a61ee874d55f019d6dc4"
},
{
"url": "https://git.kernel.org/stable/c/f46f632f9cfae4b2e3635fa58840a8ec584c42e3"
},
{
"url": "https://git.kernel.org/stable/c/b7f114edd54326f730a754547e7cfb197b5bc132"
}
],
"title": "NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49103",
"datePublished": "2025-02-26T01:54:52.530Z",
"dateReserved": "2025-02-26T01:49:39.250Z",
"dateUpdated": "2025-10-01T19:57:05.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49281 (GCVE-0-2022-49281)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix handlecache and multiuser
In multiuser each individual user has their own tcon structure for the
share and thus their own handle for a cached directory.
When we umount such a share we much make sure to release the pinned down dentry
for each such tcon and not just the master tcon.
Otherwise we will get nasty warnings on umount that dentries are still in use:
[ 3459.590047] BUG: Dentry 00000000115c6f41{i=12000000019d95,n=/} still in use\
(2) [unmount of cifs cifs]
...
[ 3459.590492] Call Trace:
[ 3459.590500] d_walk+0x61/0x2a0
[ 3459.590518] ? shrink_lock_dentry.part.0+0xe0/0xe0
[ 3459.590526] shrink_dcache_for_umount+0x49/0x110
[ 3459.590535] generic_shutdown_super+0x1a/0x110
[ 3459.590542] kill_anon_super+0x14/0x30
[ 3459.590549] cifs_kill_sb+0xf5/0x104 [cifs]
[ 3459.590773] deactivate_locked_super+0x36/0xa0
[ 3459.590782] cleanup_mnt+0x131/0x190
[ 3459.590789] task_work_run+0x5c/0x90
[ 3459.590798] exit_to_user_mode_loop+0x151/0x160
[ 3459.590809] exit_to_user_mode_prepare+0x83/0xd0
[ 3459.590818] syscall_exit_to_user_mode+0x12/0x30
[ 3459.590828] do_syscall_64+0x48/0x90
[ 3459.590833] entry_SYSCALL_64_after_hwframe+0x44/0xae
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/cifs/cifsfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2fafbc198613823943c106d1ec9b516da692059f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ffa631c4bff59dde59b598011f570e27dfba3515",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e71f6a3a1d5c826a30384fec587ca7503ef6bde5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "47178c7722ac528ea08aa82c3ef9ffa178962d7a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/cifs/cifsfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix handlecache and multiuser\n\nIn multiuser each individual user has their own tcon structure for the\nshare and thus their own handle for a cached directory.\nWhen we umount such a share we much make sure to release the pinned down dentry\nfor each such tcon and not just the master tcon.\n\nOtherwise we will get nasty warnings on umount that dentries are still in use:\n[ 3459.590047] BUG: Dentry 00000000115c6f41{i=12000000019d95,n=/} still in use\\\n (2) [unmount of cifs cifs]\n...\n[ 3459.590492] Call Trace:\n[ 3459.590500] d_walk+0x61/0x2a0\n[ 3459.590518] ? shrink_lock_dentry.part.0+0xe0/0xe0\n[ 3459.590526] shrink_dcache_for_umount+0x49/0x110\n[ 3459.590535] generic_shutdown_super+0x1a/0x110\n[ 3459.590542] kill_anon_super+0x14/0x30\n[ 3459.590549] cifs_kill_sb+0xf5/0x104 [cifs]\n[ 3459.590773] deactivate_locked_super+0x36/0xa0\n[ 3459.590782] cleanup_mnt+0x131/0x190\n[ 3459.590789] task_work_run+0x5c/0x90\n[ 3459.590798] exit_to_user_mode_loop+0x151/0x160\n[ 3459.590809] exit_to_user_mode_prepare+0x83/0xd0\n[ 3459.590818] syscall_exit_to_user_mode+0x12/0x30\n[ 3459.590828] do_syscall_64+0x48/0x90\n[ 3459.590833] entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:05.720Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2fafbc198613823943c106d1ec9b516da692059f"
},
{
"url": "https://git.kernel.org/stable/c/ffa631c4bff59dde59b598011f570e27dfba3515"
},
{
"url": "https://git.kernel.org/stable/c/e71f6a3a1d5c826a30384fec587ca7503ef6bde5"
},
{
"url": "https://git.kernel.org/stable/c/47178c7722ac528ea08aa82c3ef9ffa178962d7a"
}
],
"title": "cifs: fix handlecache and multiuser",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49281",
"datePublished": "2025-02-26T01:56:23.201Z",
"dateReserved": "2025-02-26T01:49:39.298Z",
"dateUpdated": "2025-05-04T08:34:05.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49526 (GCVE-0-2022-49526)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
md/bitmap: don't set sb values if can't pass sanity check
If bitmap area contains invalid data, kernel will crash then mdadm
triggers "Segmentation fault".
This is cluster-md speical bug. In non-clustered env, mdadm will
handle broken metadata case. In clustered array, only kernel space
handles bitmap slot info. But even this bug only happened in clustered
env, current sanity check is wrong, the code should be changed.
How to trigger: (faulty injection)
dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sda
dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sdb
mdadm -C /dev/md0 -b clustered -e 1.2 -n 2 -l mirror /dev/sda /dev/sdb
mdadm -Ss
echo aaa > magic.txt
== below modifying slot 2 bitmap data ==
dd if=magic.txt of=/dev/sda seek=16384 bs=1 count=3 <== destroy magic
dd if=/dev/zero of=/dev/sda seek=16436 bs=1 count=4 <== ZERO chunksize
mdadm -A /dev/md0 /dev/sda /dev/sdb
== kernel crashes. mdadm outputs "Segmentation fault" ==
Reason of kernel crash:
In md_bitmap_read_sb (called by md_bitmap_create), bad bitmap magic didn't
block chunksize assignment, and zero value made DIV_ROUND_UP_SECTOR_T()
trigger "divide error".
Crash log:
kernel: md: md0 stopped.
kernel: md/raid1:md0: not clean -- starting background reconstruction
kernel: md/raid1:md0: active with 2 out of 2 mirrors
kernel: dlm: ... ...
kernel: md-cluster: Joined cluster 44810aba-38bb-e6b8-daca-bc97a0b254aa slot 1
kernel: md0: invalid bitmap file superblock: bad magic
kernel: md_bitmap_copy_from_slot can't get bitmap from slot 2
kernel: md-cluster: Could not gather bitmaps from slot 2
kernel: divide error: 0000 [#1] SMP NOPTI
kernel: CPU: 0 PID: 1603 Comm: mdadm Not tainted 5.14.6-1-default
kernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
kernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]
kernel: RSP: 0018:ffffc22ac0843ba0 EFLAGS: 00010246
kernel: ... ...
kernel: Call Trace:
kernel: ? dlm_lock_sync+0xd0/0xd0 [md_cluster 77fe..7a0]
kernel: md_bitmap_copy_from_slot+0x2c/0x290 [md_mod 24ea..d3a]
kernel: load_bitmaps+0xec/0x210 [md_cluster 77fe..7a0]
kernel: md_bitmap_load+0x81/0x1e0 [md_mod 24ea..d3a]
kernel: do_md_run+0x30/0x100 [md_mod 24ea..d3a]
kernel: md_ioctl+0x1290/0x15a0 [md_mod 24ea....d3a]
kernel: ? mddev_unlock+0xaa/0x130 [md_mod 24ea..d3a]
kernel: ? blkdev_ioctl+0xb1/0x2b0
kernel: block_ioctl+0x3b/0x40
kernel: __x64_sys_ioctl+0x7f/0xb0
kernel: do_syscall_64+0x59/0x80
kernel: ? exit_to_user_mode_prepare+0x1ab/0x230
kernel: ? syscall_exit_to_user_mode+0x18/0x40
kernel: ? do_syscall_64+0x69/0x80
kernel: entry_SYSCALL_64_after_hwframe+0x44/0xae
kernel: RIP: 0033:0x7f4a15fa722b
kernel: ... ...
kernel: ---[ end trace 8afa7612f559c868 ]---
kernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/md-bitmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "422e8f7ba1e08c8e0e88d375bcb550bc2bbfe96d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0959aa00f9765bd8c654b1365012e41b51c733cc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e69e93120f6219b9cc4fba3b515b6ababd8548aa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "27f672af28a8e9b783ff7f0eaf7ef2fbd5a2f4ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cf9392282a2cf5a8d83dd1c5aa1a097e12f172bc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d8f1558e1daf54f53a90b4c5700ae3e3a4b13412",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e68cb83a57a458b01c9739e2ad9cb70b04d1e6d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/md-bitmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/bitmap: don\u0027t set sb values if can\u0027t pass sanity check\n\nIf bitmap area contains invalid data, kernel will crash then mdadm\ntriggers \"Segmentation fault\".\nThis is cluster-md speical bug. In non-clustered env, mdadm will\nhandle broken metadata case. In clustered array, only kernel space\nhandles bitmap slot info. But even this bug only happened in clustered\nenv, current sanity check is wrong, the code should be changed.\n\nHow to trigger: (faulty injection)\n\ndd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sda\ndd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sdb\nmdadm -C /dev/md0 -b clustered -e 1.2 -n 2 -l mirror /dev/sda /dev/sdb\nmdadm -Ss\necho aaa \u003e magic.txt\n == below modifying slot 2 bitmap data ==\ndd if=magic.txt of=/dev/sda seek=16384 bs=1 count=3 \u003c== destroy magic\ndd if=/dev/zero of=/dev/sda seek=16436 bs=1 count=4 \u003c== ZERO chunksize\nmdadm -A /dev/md0 /dev/sda /dev/sdb\n == kernel crashes. mdadm outputs \"Segmentation fault\" ==\n\nReason of kernel crash:\n\nIn md_bitmap_read_sb (called by md_bitmap_create), bad bitmap magic didn\u0027t\nblock chunksize assignment, and zero value made DIV_ROUND_UP_SECTOR_T()\ntrigger \"divide error\".\n\nCrash log:\n\nkernel: md: md0 stopped.\nkernel: md/raid1:md0: not clean -- starting background reconstruction\nkernel: md/raid1:md0: active with 2 out of 2 mirrors\nkernel: dlm: ... ...\nkernel: md-cluster: Joined cluster 44810aba-38bb-e6b8-daca-bc97a0b254aa slot 1\nkernel: md0: invalid bitmap file superblock: bad magic\nkernel: md_bitmap_copy_from_slot can\u0027t get bitmap from slot 2\nkernel: md-cluster: Could not gather bitmaps from slot 2\nkernel: divide error: 0000 [#1] SMP NOPTI\nkernel: CPU: 0 PID: 1603 Comm: mdadm Not tainted 5.14.6-1-default\nkernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nkernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]\nkernel: RSP: 0018:ffffc22ac0843ba0 EFLAGS: 00010246\nkernel: ... ...\nkernel: Call Trace:\nkernel: ? dlm_lock_sync+0xd0/0xd0 [md_cluster 77fe..7a0]\nkernel: md_bitmap_copy_from_slot+0x2c/0x290 [md_mod 24ea..d3a]\nkernel: load_bitmaps+0xec/0x210 [md_cluster 77fe..7a0]\nkernel: md_bitmap_load+0x81/0x1e0 [md_mod 24ea..d3a]\nkernel: do_md_run+0x30/0x100 [md_mod 24ea..d3a]\nkernel: md_ioctl+0x1290/0x15a0 [md_mod 24ea....d3a]\nkernel: ? mddev_unlock+0xaa/0x130 [md_mod 24ea..d3a]\nkernel: ? blkdev_ioctl+0xb1/0x2b0\nkernel: block_ioctl+0x3b/0x40\nkernel: __x64_sys_ioctl+0x7f/0xb0\nkernel: do_syscall_64+0x59/0x80\nkernel: ? exit_to_user_mode_prepare+0x1ab/0x230\nkernel: ? syscall_exit_to_user_mode+0x18/0x40\nkernel: ? do_syscall_64+0x69/0x80\nkernel: entry_SYSCALL_64_after_hwframe+0x44/0xae\nkernel: RIP: 0033:0x7f4a15fa722b\nkernel: ... ...\nkernel: ---[ end trace 8afa7612f559c868 ]---\nkernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:49.359Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/422e8f7ba1e08c8e0e88d375bcb550bc2bbfe96d"
},
{
"url": "https://git.kernel.org/stable/c/0959aa00f9765bd8c654b1365012e41b51c733cc"
},
{
"url": "https://git.kernel.org/stable/c/e69e93120f6219b9cc4fba3b515b6ababd8548aa"
},
{
"url": "https://git.kernel.org/stable/c/27f672af28a8e9b783ff7f0eaf7ef2fbd5a2f4ba"
},
{
"url": "https://git.kernel.org/stable/c/cf9392282a2cf5a8d83dd1c5aa1a097e12f172bc"
},
{
"url": "https://git.kernel.org/stable/c/d8f1558e1daf54f53a90b4c5700ae3e3a4b13412"
},
{
"url": "https://git.kernel.org/stable/c/e68cb83a57a458b01c9739e2ad9cb70b04d1e6d2"
}
],
"title": "md/bitmap: don\u0027t set sb values if can\u0027t pass sanity check",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49526",
"datePublished": "2025-02-26T02:13:49.145Z",
"dateReserved": "2025-02-26T02:08:31.588Z",
"dateUpdated": "2025-05-04T08:39:49.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49089 (GCVE-0-2022-49089)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
The documentation of the function rvt_error_qp says both r_lock and s_lock
need to be held when calling that function. It also asserts using lockdep
that both of those locks are held. However, the commit I referenced in
Fixes accidentally makes the call to rvt_error_qp in rvt_ruc_loopback no
longer covered by r_lock. This results in the lockdep assertion failing
and also possibly in a race condition.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d757c60eca9b22f4d108929a24401e0fdecda0b1 Version: d757c60eca9b22f4d108929a24401e0fdecda0b1 Version: d757c60eca9b22f4d108929a24401e0fdecda0b1 Version: d757c60eca9b22f4d108929a24401e0fdecda0b1 Version: d757c60eca9b22f4d108929a24401e0fdecda0b1 Version: d757c60eca9b22f4d108929a24401e0fdecda0b1 Version: 25636de95557a95d54ac30be94af3748345a0a90 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/sw/rdmavt/qp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8a50937227c385a477177c9ffa122b4230e40666",
"status": "affected",
"version": "d757c60eca9b22f4d108929a24401e0fdecda0b1",
"versionType": "git"
},
{
"lessThan": "43c2d7890ecabe527448a6c391fb2d9a5e6bbfe0",
"status": "affected",
"version": "d757c60eca9b22f4d108929a24401e0fdecda0b1",
"versionType": "git"
},
{
"lessThan": "92f1947c0d26060e978b3a9f21f32ce7c8c9cca3",
"status": "affected",
"version": "d757c60eca9b22f4d108929a24401e0fdecda0b1",
"versionType": "git"
},
{
"lessThan": "77ffb2495a41098f9d6a14f8aefde3188da75944",
"status": "affected",
"version": "d757c60eca9b22f4d108929a24401e0fdecda0b1",
"versionType": "git"
},
{
"lessThan": "57800cc36e55db0547461c49acf5cd84c0f502b0",
"status": "affected",
"version": "d757c60eca9b22f4d108929a24401e0fdecda0b1",
"versionType": "git"
},
{
"lessThan": "4d809f69695d4e7d1378b3a072fa9aef23123018",
"status": "affected",
"version": "d757c60eca9b22f4d108929a24401e0fdecda0b1",
"versionType": "git"
},
{
"status": "affected",
"version": "25636de95557a95d54ac30be94af3748345a0a90",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/sw/rdmavt/qp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition\n\nThe documentation of the function rvt_error_qp says both r_lock and s_lock\nneed to be held when calling that function. It also asserts using lockdep\nthat both of those locks are held. However, the commit I referenced in\nFixes accidentally makes the call to rvt_error_qp in rvt_ruc_loopback no\nlonger covered by r_lock. This results in the lockdep assertion failing\nand also possibly in a race condition."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:16.832Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8a50937227c385a477177c9ffa122b4230e40666"
},
{
"url": "https://git.kernel.org/stable/c/43c2d7890ecabe527448a6c391fb2d9a5e6bbfe0"
},
{
"url": "https://git.kernel.org/stable/c/92f1947c0d26060e978b3a9f21f32ce7c8c9cca3"
},
{
"url": "https://git.kernel.org/stable/c/77ffb2495a41098f9d6a14f8aefde3188da75944"
},
{
"url": "https://git.kernel.org/stable/c/57800cc36e55db0547461c49acf5cd84c0f502b0"
},
{
"url": "https://git.kernel.org/stable/c/4d809f69695d4e7d1378b3a072fa9aef23123018"
}
],
"title": "IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49089",
"datePublished": "2025-02-26T01:54:45.743Z",
"dateReserved": "2025-02-26T01:49:39.248Z",
"dateUpdated": "2025-05-04T12:44:16.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49174 (GCVE-0-2022-49174)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
In case of flex_bg feature (which is by default enabled), extents for
any given inode might span across blocks from two different block group.
ext4_mb_mark_bb() only reads the buffer_head of block bitmap once for the
starting block group, but it fails to read it again when the extent length
boundary overflows to another block group. Then in this below loop it
accesses memory beyond the block group bitmap buffer_head and results
into a data abort.
for (i = 0; i < clen; i++)
if (!mb_test_bit(blkoff + i, bitmap_bh->b_data) == !state)
already++;
This patch adds this functionality for checking block group boundary in
ext4_mb_mark_bb() and update the buffer_head(bitmap_bh) for every different
block group.
w/o this patch, I was easily able to hit a data access abort using Power platform.
<...>
[ 74.327662] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1141: group 11, block bitmap and bg descriptor inconsistent: 21248 vs 23294 free clusters
[ 74.533214] EXT4-fs (loop3): shut down requested (2)
[ 74.536705] Aborting journal on device loop3-8.
[ 74.702705] BUG: Unable to handle kernel data access on read at 0xc00000005e980000
[ 74.703727] Faulting instruction address: 0xc0000000007bffb8
cpu 0xd: Vector: 300 (Data Access) at [c000000015db7060]
pc: c0000000007bffb8: ext4_mb_mark_bb+0x198/0x5a0
lr: c0000000007bfeec: ext4_mb_mark_bb+0xcc/0x5a0
sp: c000000015db7300
msr: 800000000280b033
dar: c00000005e980000
dsisr: 40000000
current = 0xc000000027af6880
paca = 0xc00000003ffd5200 irqmask: 0x03 irq_happened: 0x01
pid = 5167, comm = mount
<...>
enter ? for help
[c000000015db7380] c000000000782708 ext4_ext_clear_bb+0x378/0x410
[c000000015db7400] c000000000813f14 ext4_fc_replay+0x1794/0x2000
[c000000015db7580] c000000000833f7c do_one_pass+0xe9c/0x12a0
[c000000015db7710] c000000000834504 jbd2_journal_recover+0x184/0x2d0
[c000000015db77c0] c000000000841398 jbd2_journal_load+0x188/0x4a0
[c000000015db7880] c000000000804de8 ext4_fill_super+0x2638/0x3e10
[c000000015db7a40] c0000000005f8404 get_tree_bdev+0x2b4/0x350
[c000000015db7ae0] c0000000007ef058 ext4_get_tree+0x28/0x40
[c000000015db7b00] c0000000005f6344 vfs_get_tree+0x44/0x100
[c000000015db7b70] c00000000063c408 path_mount+0xdd8/0xe70
[c000000015db7c40] c00000000063c8f0 sys_mount+0x450/0x550
[c000000015db7d50] c000000000035770 system_call_exception+0x4a0/0x4e0
[c000000015db7e10] c00000000000c74c system_call_common+0xec/0x250
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cd6d719534af993210306f8a13f9cb3e615f7c8d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6a6beb074186a0452368a023a261c7d0eaebe838",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b07eedd0222e9548ffc568ec429bb1f61d21a39c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "803fb0e8240cc16585a5c9df76add1dfaa781773",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bfdc502a4a4c058bf4cbb1df0c297761d528f54d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix ext4_mb_mark_bb() with flex_bg with fast_commit\n\nIn case of flex_bg feature (which is by default enabled), extents for\nany given inode might span across blocks from two different block group.\next4_mb_mark_bb() only reads the buffer_head of block bitmap once for the\nstarting block group, but it fails to read it again when the extent length\nboundary overflows to another block group. Then in this below loop it\naccesses memory beyond the block group bitmap buffer_head and results\ninto a data abort.\n\n\tfor (i = 0; i \u003c clen; i++)\n\t\tif (!mb_test_bit(blkoff + i, bitmap_bh-\u003eb_data) == !state)\n\t\t\talready++;\n\nThis patch adds this functionality for checking block group boundary in\next4_mb_mark_bb() and update the buffer_head(bitmap_bh) for every different\nblock group.\n\nw/o this patch, I was easily able to hit a data access abort using Power platform.\n\n\u003c...\u003e\n[ 74.327662] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1141: group 11, block bitmap and bg descriptor inconsistent: 21248 vs 23294 free clusters\n[ 74.533214] EXT4-fs (loop3): shut down requested (2)\n[ 74.536705] Aborting journal on device loop3-8.\n[ 74.702705] BUG: Unable to handle kernel data access on read at 0xc00000005e980000\n[ 74.703727] Faulting instruction address: 0xc0000000007bffb8\ncpu 0xd: Vector: 300 (Data Access) at [c000000015db7060]\n pc: c0000000007bffb8: ext4_mb_mark_bb+0x198/0x5a0\n lr: c0000000007bfeec: ext4_mb_mark_bb+0xcc/0x5a0\n sp: c000000015db7300\n msr: 800000000280b033\n dar: c00000005e980000\n dsisr: 40000000\n current = 0xc000000027af6880\n paca = 0xc00000003ffd5200 irqmask: 0x03 irq_happened: 0x01\n pid = 5167, comm = mount\n\u003c...\u003e\nenter ? for help\n[c000000015db7380] c000000000782708 ext4_ext_clear_bb+0x378/0x410\n[c000000015db7400] c000000000813f14 ext4_fc_replay+0x1794/0x2000\n[c000000015db7580] c000000000833f7c do_one_pass+0xe9c/0x12a0\n[c000000015db7710] c000000000834504 jbd2_journal_recover+0x184/0x2d0\n[c000000015db77c0] c000000000841398 jbd2_journal_load+0x188/0x4a0\n[c000000015db7880] c000000000804de8 ext4_fill_super+0x2638/0x3e10\n[c000000015db7a40] c0000000005f8404 get_tree_bdev+0x2b4/0x350\n[c000000015db7ae0] c0000000007ef058 ext4_get_tree+0x28/0x40\n[c000000015db7b00] c0000000005f6344 vfs_get_tree+0x44/0x100\n[c000000015db7b70] c00000000063c408 path_mount+0xdd8/0xe70\n[c000000015db7c40] c00000000063c8f0 sys_mount+0x450/0x550\n[c000000015db7d50] c000000000035770 system_call_exception+0x4a0/0x4e0\n[c000000015db7e10] c00000000000c74c system_call_common+0xec/0x250"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:36.036Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cd6d719534af993210306f8a13f9cb3e615f7c8d"
},
{
"url": "https://git.kernel.org/stable/c/6a6beb074186a0452368a023a261c7d0eaebe838"
},
{
"url": "https://git.kernel.org/stable/c/b07eedd0222e9548ffc568ec429bb1f61d21a39c"
},
{
"url": "https://git.kernel.org/stable/c/803fb0e8240cc16585a5c9df76add1dfaa781773"
},
{
"url": "https://git.kernel.org/stable/c/bfdc502a4a4c058bf4cbb1df0c297761d528f54d"
}
],
"title": "ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49174",
"datePublished": "2025-02-26T01:55:29.590Z",
"dateReserved": "2025-02-26T01:49:39.280Z",
"dateUpdated": "2025-05-04T08:31:36.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47651 (GCVE-0-2021-47651)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: rpmpd: Check for null return of devm_kcalloc
Because of the possible failure of the allocation, data->domains might
be NULL pointer and will cause the dereference of the NULL pointer
later.
Therefore, it might be better to check it and directly return -ENOMEM
without releasing data manually if fails, because the comment of the
devm_kmalloc() says "Memory allocated with this function is
automatically freed on driver detach.".
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bbe3a66c3f5a65fb3d702351bac2a6033944d389 Version: bbe3a66c3f5a65fb3d702351bac2a6033944d389 Version: bbe3a66c3f5a65fb3d702351bac2a6033944d389 Version: bbe3a66c3f5a65fb3d702351bac2a6033944d389 Version: bbe3a66c3f5a65fb3d702351bac2a6033944d389 Version: bbe3a66c3f5a65fb3d702351bac2a6033944d389 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:25.388114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:07.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/qcom/rpmpd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "755dbc3d73789ac9f0017c729abf5e4b153bf799",
"status": "affected",
"version": "bbe3a66c3f5a65fb3d702351bac2a6033944d389",
"versionType": "git"
},
{
"lessThan": "b5d6eba71997b6d661935d2b15094ac7f9f6132d",
"status": "affected",
"version": "bbe3a66c3f5a65fb3d702351bac2a6033944d389",
"versionType": "git"
},
{
"lessThan": "724376c30af5a57686b223dbcd6188e07d2a1de2",
"status": "affected",
"version": "bbe3a66c3f5a65fb3d702351bac2a6033944d389",
"versionType": "git"
},
{
"lessThan": "84b89fa877ad576e9ee8130f412cfd592f274508",
"status": "affected",
"version": "bbe3a66c3f5a65fb3d702351bac2a6033944d389",
"versionType": "git"
},
{
"lessThan": "31b5124d742969ea8bf7a1360596f548ca23e770",
"status": "affected",
"version": "bbe3a66c3f5a65fb3d702351bac2a6033944d389",
"versionType": "git"
},
{
"lessThan": "5a811126d38f9767a20cc271b34db7c8efc5a46c",
"status": "affected",
"version": "bbe3a66c3f5a65fb3d702351bac2a6033944d389",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/qcom/rpmpd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: rpmpd: Check for null return of devm_kcalloc\n\nBecause of the possible failure of the allocation, data-\u003edomains might\nbe NULL pointer and will cause the dereference of the NULL pointer\nlater.\nTherefore, it might be better to check it and directly return -ENOMEM\nwithout releasing data manually if fails, because the comment of the\ndevm_kmalloc() says \"Memory allocated with this function is\nautomatically freed on driver detach.\"."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:32.805Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/755dbc3d73789ac9f0017c729abf5e4b153bf799"
},
{
"url": "https://git.kernel.org/stable/c/b5d6eba71997b6d661935d2b15094ac7f9f6132d"
},
{
"url": "https://git.kernel.org/stable/c/724376c30af5a57686b223dbcd6188e07d2a1de2"
},
{
"url": "https://git.kernel.org/stable/c/84b89fa877ad576e9ee8130f412cfd592f274508"
},
{
"url": "https://git.kernel.org/stable/c/31b5124d742969ea8bf7a1360596f548ca23e770"
},
{
"url": "https://git.kernel.org/stable/c/5a811126d38f9767a20cc271b34db7c8efc5a46c"
}
],
"title": "soc: qcom: rpmpd: Check for null return of devm_kcalloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47651",
"datePublished": "2025-02-26T01:54:17.551Z",
"dateReserved": "2025-02-26T01:48:21.520Z",
"dateUpdated": "2025-10-01T19:57:07.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49201 (GCVE-0-2022-49201)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ibmvnic: fix race between xmit and reset
There is a race between reset and the transmit paths that can lead to
ibmvnic_xmit() accessing an scrq after it has been freed in the reset
path. It can result in a crash like:
Kernel attempted to read user page (0) - exploit attempt? (uid: 0)
BUG: Kernel NULL pointer dereference on read at 0x00000000
Faulting instruction address: 0xc0080000016189f8
Oops: Kernel access of bad area, sig: 11 [#1]
...
NIP [c0080000016189f8] ibmvnic_xmit+0x60/0xb60 [ibmvnic]
LR [c000000000c0046c] dev_hard_start_xmit+0x11c/0x280
Call Trace:
[c008000001618f08] ibmvnic_xmit+0x570/0xb60 [ibmvnic] (unreliable)
[c000000000c0046c] dev_hard_start_xmit+0x11c/0x280
[c000000000c9cfcc] sch_direct_xmit+0xec/0x330
[c000000000bfe640] __dev_xmit_skb+0x3a0/0x9d0
[c000000000c00ad4] __dev_queue_xmit+0x394/0x730
[c008000002db813c] __bond_start_xmit+0x254/0x450 [bonding]
[c008000002db8378] bond_start_xmit+0x40/0xc0 [bonding]
[c000000000c0046c] dev_hard_start_xmit+0x11c/0x280
[c000000000c00ca4] __dev_queue_xmit+0x564/0x730
[c000000000cf97e0] neigh_hh_output+0xd0/0x180
[c000000000cfa69c] ip_finish_output2+0x31c/0x5c0
[c000000000cfd244] __ip_queue_xmit+0x194/0x4f0
[c000000000d2a3c4] __tcp_transmit_skb+0x434/0x9b0
[c000000000d2d1e0] __tcp_retransmit_skb+0x1d0/0x6a0
[c000000000d2d984] tcp_retransmit_skb+0x34/0x130
[c000000000d310e8] tcp_retransmit_timer+0x388/0x6d0
[c000000000d315ec] tcp_write_timer_handler+0x1bc/0x330
[c000000000d317bc] tcp_write_timer+0x5c/0x200
[c000000000243270] call_timer_fn+0x50/0x1c0
[c000000000243704] __run_timers.part.0+0x324/0x460
[c000000000243894] run_timer_softirq+0x54/0xa0
[c000000000ea713c] __do_softirq+0x15c/0x3e0
[c000000000166258] __irq_exit_rcu+0x158/0x190
[c000000000166420] irq_exit+0x20/0x40
[c00000000002853c] timer_interrupt+0x14c/0x2b0
[c000000000009a00] decrementer_common_virt+0x210/0x220
--- interrupt: 900 at plpar_hcall_norets_notrace+0x18/0x2c
The immediate cause of the crash is the access of tx_scrq in the following
snippet during a reset, where the tx_scrq can be either NULL or an address
that will soon be invalid:
ibmvnic_xmit()
{
...
tx_scrq = adapter->tx_scrq[queue_num];
txq = netdev_get_tx_queue(netdev, queue_num);
ind_bufp = &tx_scrq->ind_buf;
if (test_bit(0, &adapter->resetting)) {
...
}
But beyond that, the call to ibmvnic_xmit() itself is not safe during a
reset and the reset path attempts to avoid this by stopping the queue in
ibmvnic_cleanup(). However just after the queue was stopped, an in-flight
ibmvnic_complete_tx() could have restarted the queue even as the reset is
progressing.
Since the queue was restarted we could get a call to ibmvnic_xmit() which
can then access the bad tx_scrq (or other fields).
We cannot however simply have ibmvnic_complete_tx() check the ->resetting
bit and skip starting the queue. This can race at the "back-end" of a good
reset which just restarted the queue but has not cleared the ->resetting
bit yet. If we skip restarting the queue due to ->resetting being true,
the queue would remain stopped indefinitely potentially leading to transmit
timeouts.
IOW ->resetting is too broad for this purpose. Instead use a new flag
that indicates whether or not the queues are active. Only the open/
reset paths control when the queues are active. ibmvnic_complete_tx()
and others wake up the queue only if the queue is marked active.
So we will have:
A. reset/open thread in ibmvnic_cleanup() and __ibmvnic_open()
->resetting = true
->tx_queues_active = false
disable tx queues
...
->tx_queues_active = true
start tx queues
B. Tx interrupt in ibmvnic_complete_tx():
if (->tx_queues_active)
netif_wake_subqueue();
To ensure that ->tx_queues_active and state of the queues are consistent,
we need a lock which:
- must also be taken in the interrupt path (ibmvnic_complete_tx())
- shared across the multiple
---truncated---
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:47:15.276230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:56:59.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ibm/ibmvnic.c",
"drivers/net/ethernet/ibm/ibmvnic.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1bd58abf595b6cf1ba6dd47ec887c4c009155fc9",
"status": "affected",
"version": "7ed5b31f4a6695a21f617df07646e9b15c6c1d29",
"versionType": "git"
},
{
"lessThan": "475f9cce98b63bc145b4efa66fa51175d4cb345f",
"status": "affected",
"version": "7ed5b31f4a6695a21f617df07646e9b15c6c1d29",
"versionType": "git"
},
{
"lessThan": "8507c6ade73cdbbbda5c3d31d67f52f2e1cf03fe",
"status": "affected",
"version": "7ed5b31f4a6695a21f617df07646e9b15c6c1d29",
"versionType": "git"
},
{
"lessThan": "4219196d1f662cb10a462eb9e076633a3fc31a15",
"status": "affected",
"version": "7ed5b31f4a6695a21f617df07646e9b15c6c1d29",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ibm/ibmvnic.c",
"drivers/net/ethernet/ibm/ibmvnic.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: fix race between xmit and reset\n\nThere is a race between reset and the transmit paths that can lead to\nibmvnic_xmit() accessing an scrq after it has been freed in the reset\npath. It can result in a crash like:\n\n\tKernel attempted to read user page (0) - exploit attempt? (uid: 0)\n\tBUG: Kernel NULL pointer dereference on read at 0x00000000\n\tFaulting instruction address: 0xc0080000016189f8\n\tOops: Kernel access of bad area, sig: 11 [#1]\n\t...\n\tNIP [c0080000016189f8] ibmvnic_xmit+0x60/0xb60 [ibmvnic]\n\tLR [c000000000c0046c] dev_hard_start_xmit+0x11c/0x280\n\tCall Trace:\n\t[c008000001618f08] ibmvnic_xmit+0x570/0xb60 [ibmvnic] (unreliable)\n\t[c000000000c0046c] dev_hard_start_xmit+0x11c/0x280\n\t[c000000000c9cfcc] sch_direct_xmit+0xec/0x330\n\t[c000000000bfe640] __dev_xmit_skb+0x3a0/0x9d0\n\t[c000000000c00ad4] __dev_queue_xmit+0x394/0x730\n\t[c008000002db813c] __bond_start_xmit+0x254/0x450 [bonding]\n\t[c008000002db8378] bond_start_xmit+0x40/0xc0 [bonding]\n\t[c000000000c0046c] dev_hard_start_xmit+0x11c/0x280\n\t[c000000000c00ca4] __dev_queue_xmit+0x564/0x730\n\t[c000000000cf97e0] neigh_hh_output+0xd0/0x180\n\t[c000000000cfa69c] ip_finish_output2+0x31c/0x5c0\n\t[c000000000cfd244] __ip_queue_xmit+0x194/0x4f0\n\t[c000000000d2a3c4] __tcp_transmit_skb+0x434/0x9b0\n\t[c000000000d2d1e0] __tcp_retransmit_skb+0x1d0/0x6a0\n\t[c000000000d2d984] tcp_retransmit_skb+0x34/0x130\n\t[c000000000d310e8] tcp_retransmit_timer+0x388/0x6d0\n\t[c000000000d315ec] tcp_write_timer_handler+0x1bc/0x330\n\t[c000000000d317bc] tcp_write_timer+0x5c/0x200\n\t[c000000000243270] call_timer_fn+0x50/0x1c0\n\t[c000000000243704] __run_timers.part.0+0x324/0x460\n\t[c000000000243894] run_timer_softirq+0x54/0xa0\n\t[c000000000ea713c] __do_softirq+0x15c/0x3e0\n\t[c000000000166258] __irq_exit_rcu+0x158/0x190\n\t[c000000000166420] irq_exit+0x20/0x40\n\t[c00000000002853c] timer_interrupt+0x14c/0x2b0\n\t[c000000000009a00] decrementer_common_virt+0x210/0x220\n\t--- interrupt: 900 at plpar_hcall_norets_notrace+0x18/0x2c\n\nThe immediate cause of the crash is the access of tx_scrq in the following\nsnippet during a reset, where the tx_scrq can be either NULL or an address\nthat will soon be invalid:\n\n\tibmvnic_xmit()\n\t{\n\t\t...\n\t\ttx_scrq = adapter-\u003etx_scrq[queue_num];\n\t\ttxq = netdev_get_tx_queue(netdev, queue_num);\n\t\tind_bufp = \u0026tx_scrq-\u003eind_buf;\n\n\t\tif (test_bit(0, \u0026adapter-\u003eresetting)) {\n\t\t...\n\t}\n\nBut beyond that, the call to ibmvnic_xmit() itself is not safe during a\nreset and the reset path attempts to avoid this by stopping the queue in\nibmvnic_cleanup(). However just after the queue was stopped, an in-flight\nibmvnic_complete_tx() could have restarted the queue even as the reset is\nprogressing.\n\nSince the queue was restarted we could get a call to ibmvnic_xmit() which\ncan then access the bad tx_scrq (or other fields).\n\nWe cannot however simply have ibmvnic_complete_tx() check the -\u003eresetting\nbit and skip starting the queue. This can race at the \"back-end\" of a good\nreset which just restarted the queue but has not cleared the -\u003eresetting\nbit yet. If we skip restarting the queue due to -\u003eresetting being true,\nthe queue would remain stopped indefinitely potentially leading to transmit\ntimeouts.\n\nIOW -\u003eresetting is too broad for this purpose. Instead use a new flag\nthat indicates whether or not the queues are active. Only the open/\nreset paths control when the queues are active. ibmvnic_complete_tx()\nand others wake up the queue only if the queue is marked active.\n\nSo we will have:\n\tA. reset/open thread in ibmvnic_cleanup() and __ibmvnic_open()\n\n\t\t-\u003eresetting = true\n\t\t-\u003etx_queues_active = false\n\t\tdisable tx queues\n\t\t...\n\t\t-\u003etx_queues_active = true\n\t\tstart tx queues\n\n\tB. Tx interrupt in ibmvnic_complete_tx():\n\n\t\tif (-\u003etx_queues_active)\n\t\t\tnetif_wake_subqueue();\n\nTo ensure that -\u003etx_queues_active and state of the queues are consistent,\nwe need a lock which:\n\n\t- must also be taken in the interrupt path (ibmvnic_complete_tx())\n\t- shared across the multiple\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:14.372Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1bd58abf595b6cf1ba6dd47ec887c4c009155fc9"
},
{
"url": "https://git.kernel.org/stable/c/475f9cce98b63bc145b4efa66fa51175d4cb345f"
},
{
"url": "https://git.kernel.org/stable/c/8507c6ade73cdbbbda5c3d31d67f52f2e1cf03fe"
},
{
"url": "https://git.kernel.org/stable/c/4219196d1f662cb10a462eb9e076633a3fc31a15"
}
],
"title": "ibmvnic: fix race between xmit and reset",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49201",
"datePublished": "2025-02-26T01:55:43.263Z",
"dateReserved": "2025-02-26T01:49:39.291Z",
"dateUpdated": "2025-10-01T19:56:59.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49242 (GCVE-0-2022-49242)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
This function only calls of_node_put() in the regular path.
And it will cause refcount leak in error paths.
For example, when codec_np is NULL, saif_np[0] and saif_np[1]
are not NULL, it will cause leaks.
of_node_put() will check if the node pointer is NULL, so we can
call it directly to release the refcount of regular pointers.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e968194b45c4e8077dada75c5bae5660b37628fe Version: e968194b45c4e8077dada75c5bae5660b37628fe Version: e968194b45c4e8077dada75c5bae5660b37628fe Version: e968194b45c4e8077dada75c5bae5660b37628fe Version: e968194b45c4e8077dada75c5bae5660b37628fe Version: e968194b45c4e8077dada75c5bae5660b37628fe Version: e968194b45c4e8077dada75c5bae5660b37628fe Version: e968194b45c4e8077dada75c5bae5660b37628fe Version: e968194b45c4e8077dada75c5bae5660b37628fe |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:45:41.640059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:02.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/mxs/mxs-sgtl5000.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f16ad2c0e22687f80e5981c67374023f51c204b9",
"status": "affected",
"version": "e968194b45c4e8077dada75c5bae5660b37628fe",
"versionType": "git"
},
{
"lessThan": "790d2628e3fcc819d8f5572eb5615113fb2e727a",
"status": "affected",
"version": "e968194b45c4e8077dada75c5bae5660b37628fe",
"versionType": "git"
},
{
"lessThan": "f8d38056bcd220ea6f0802a5586d1a12ebcce849",
"status": "affected",
"version": "e968194b45c4e8077dada75c5bae5660b37628fe",
"versionType": "git"
},
{
"lessThan": "67e12f1cb2f97468c12b59e21975eaa0f332e7d2",
"status": "affected",
"version": "e968194b45c4e8077dada75c5bae5660b37628fe",
"versionType": "git"
},
{
"lessThan": "86b6cf989437e694fd0a15782b5a513853a739e0",
"status": "affected",
"version": "e968194b45c4e8077dada75c5bae5660b37628fe",
"versionType": "git"
},
{
"lessThan": "44acdaf7acb60054d872bed18ce0e7db8ce900ce",
"status": "affected",
"version": "e968194b45c4e8077dada75c5bae5660b37628fe",
"versionType": "git"
},
{
"lessThan": "d2923b48d99fe663cb93d8b481c93299fcd68656",
"status": "affected",
"version": "e968194b45c4e8077dada75c5bae5660b37628fe",
"versionType": "git"
},
{
"lessThan": "8d880226c86f37624e2a5f3c6d92ac0ec3375f96",
"status": "affected",
"version": "e968194b45c4e8077dada75c5bae5660b37628fe",
"versionType": "git"
},
{
"lessThan": "6ae0a4d8fec551ec581d620f0eb1fe31f755551c",
"status": "affected",
"version": "e968194b45c4e8077dada75c5bae5660b37628fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/mxs/mxs-sgtl5000.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.5"
},
{
"lessThan": "3.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mxs: Fix error handling in mxs_sgtl5000_probe\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error paths.\nFor example, when codec_np is NULL, saif_np[0] and saif_np[1]\nare not NULL, it will cause leaks.\n\nof_node_put() will check if the node pointer is NULL, so we can\ncall it directly to release the refcount of regular pointers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:11.352Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f16ad2c0e22687f80e5981c67374023f51c204b9"
},
{
"url": "https://git.kernel.org/stable/c/790d2628e3fcc819d8f5572eb5615113fb2e727a"
},
{
"url": "https://git.kernel.org/stable/c/f8d38056bcd220ea6f0802a5586d1a12ebcce849"
},
{
"url": "https://git.kernel.org/stable/c/67e12f1cb2f97468c12b59e21975eaa0f332e7d2"
},
{
"url": "https://git.kernel.org/stable/c/86b6cf989437e694fd0a15782b5a513853a739e0"
},
{
"url": "https://git.kernel.org/stable/c/44acdaf7acb60054d872bed18ce0e7db8ce900ce"
},
{
"url": "https://git.kernel.org/stable/c/d2923b48d99fe663cb93d8b481c93299fcd68656"
},
{
"url": "https://git.kernel.org/stable/c/8d880226c86f37624e2a5f3c6d92ac0ec3375f96"
},
{
"url": "https://git.kernel.org/stable/c/6ae0a4d8fec551ec581d620f0eb1fe31f755551c"
}
],
"title": "ASoC: mxs: Fix error handling in mxs_sgtl5000_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49242",
"datePublished": "2025-02-26T01:56:03.812Z",
"dateReserved": "2025-02-26T01:49:39.294Z",
"dateUpdated": "2025-10-01T19:47:02.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49107 (GCVE-0-2022-49107)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix memory leak in ceph_readdir when note_last_dentry returns error
Reset the last_readdir at the same time, and add a comment explaining
why we don't free last_readdir when dir_emit returns false.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:49:03.486437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:04.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ceph/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f4429786129648a8f4bb1e5faa143c4478cc5c4a",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "2fe82d3254029ef9ec4e7be890125d5ef4f537de",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "e792575b902a3939ca482491ee9fb3a236f99640",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "7f740ede35132d3d5d19747cad56a511d21bb156",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "f639d9867eea647005dc824e0e24f39ffc50d4e4",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ceph/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix memory leak in ceph_readdir when note_last_dentry returns error\n\nReset the last_readdir at the same time, and add a comment explaining\nwhy we don\u0027t free last_readdir when dir_emit returns false."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:01.249Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f4429786129648a8f4bb1e5faa143c4478cc5c4a"
},
{
"url": "https://git.kernel.org/stable/c/2fe82d3254029ef9ec4e7be890125d5ef4f537de"
},
{
"url": "https://git.kernel.org/stable/c/e792575b902a3939ca482491ee9fb3a236f99640"
},
{
"url": "https://git.kernel.org/stable/c/7f740ede35132d3d5d19747cad56a511d21bb156"
},
{
"url": "https://git.kernel.org/stable/c/f639d9867eea647005dc824e0e24f39ffc50d4e4"
}
],
"title": "ceph: fix memory leak in ceph_readdir when note_last_dentry returns error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49107",
"datePublished": "2025-02-26T01:54:54.493Z",
"dateReserved": "2025-02-26T01:49:39.251Z",
"dateUpdated": "2025-10-01T19:57:04.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49185 (GCVE-0-2022-49185)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
This node pointer is returned by of_parse_phandle() with refcount
incremented in this function. Calling of_node_put() to avoid
the refcount leak.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 32e67eee670e1254ee5ab41e2f454680acb9c17c Version: 32e67eee670e1254ee5ab41e2f454680acb9c17c Version: 32e67eee670e1254ee5ab41e2f454680acb9c17c Version: 32e67eee670e1254ee5ab41e2f454680acb9c17c Version: 32e67eee670e1254ee5ab41e2f454680acb9c17c Version: 32e67eee670e1254ee5ab41e2f454680acb9c17c Version: 32e67eee670e1254ee5ab41e2f454680acb9c17c Version: 32e67eee670e1254ee5ab41e2f454680acb9c17c Version: 32e67eee670e1254ee5ab41e2f454680acb9c17c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:47:26.081614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:56:59.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/nomadik/pinctrl-nomadik.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "59250d547542f1c7765a78dc97ddfe5e6b0d2ab0",
"status": "affected",
"version": "32e67eee670e1254ee5ab41e2f454680acb9c17c",
"versionType": "git"
},
{
"lessThan": "0356d4b64a03d23daf99a2a29d7d7d91d6ec2ea8",
"status": "affected",
"version": "32e67eee670e1254ee5ab41e2f454680acb9c17c",
"versionType": "git"
},
{
"lessThan": "0067ba448f1c29ca06e5aee00d8506889ed1f9d0",
"status": "affected",
"version": "32e67eee670e1254ee5ab41e2f454680acb9c17c",
"versionType": "git"
},
{
"lessThan": "bc1e29a35147c1ba6ea2b06a16cb0028f7c852d2",
"status": "affected",
"version": "32e67eee670e1254ee5ab41e2f454680acb9c17c",
"versionType": "git"
},
{
"lessThan": "669b05ff43bd7ed684379c6e2006a6dad5127b71",
"status": "affected",
"version": "32e67eee670e1254ee5ab41e2f454680acb9c17c",
"versionType": "git"
},
{
"lessThan": "c52703355766c347f270df222a744e0c491a02f2",
"status": "affected",
"version": "32e67eee670e1254ee5ab41e2f454680acb9c17c",
"versionType": "git"
},
{
"lessThan": "9511c6018cd772668def8b034bc67269847e591a",
"status": "affected",
"version": "32e67eee670e1254ee5ab41e2f454680acb9c17c",
"versionType": "git"
},
{
"lessThan": "62580a40c9bef3d8a90629c64dda381344b35ffd",
"status": "affected",
"version": "32e67eee670e1254ee5ab41e2f454680acb9c17c",
"versionType": "git"
},
{
"lessThan": "c09ac191b1f97cfa06f394dbfd7a5db07986cefc",
"status": "affected",
"version": "32e67eee670e1254ee5ab41e2f454680acb9c17c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/nomadik/pinctrl-nomadik.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe\n\nThis node pointer is returned by of_parse_phandle() with refcount\nincremented in this function. Calling of_node_put() to avoid\nthe refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:49.635Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/59250d547542f1c7765a78dc97ddfe5e6b0d2ab0"
},
{
"url": "https://git.kernel.org/stable/c/0356d4b64a03d23daf99a2a29d7d7d91d6ec2ea8"
},
{
"url": "https://git.kernel.org/stable/c/0067ba448f1c29ca06e5aee00d8506889ed1f9d0"
},
{
"url": "https://git.kernel.org/stable/c/bc1e29a35147c1ba6ea2b06a16cb0028f7c852d2"
},
{
"url": "https://git.kernel.org/stable/c/669b05ff43bd7ed684379c6e2006a6dad5127b71"
},
{
"url": "https://git.kernel.org/stable/c/c52703355766c347f270df222a744e0c491a02f2"
},
{
"url": "https://git.kernel.org/stable/c/9511c6018cd772668def8b034bc67269847e591a"
},
{
"url": "https://git.kernel.org/stable/c/62580a40c9bef3d8a90629c64dda381344b35ffd"
},
{
"url": "https://git.kernel.org/stable/c/c09ac191b1f97cfa06f394dbfd7a5db07986cefc"
}
],
"title": "pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49185",
"datePublished": "2025-02-26T01:55:35.068Z",
"dateReserved": "2025-02-26T01:49:39.284Z",
"dateUpdated": "2025-10-01T19:56:59.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49389 (GCVE-0-2022-49389)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: usbip: fix a refcount leak in stub_probe()
usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails
after that, usb_put_dev() needs to be called to release the reference.
Fix this by moving usb_put_dev() to sdev_free error path handling.
Find this by code review.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3ff67445750a84de67faaf52c6e1895cb09f2c56 Version: 3ff67445750a84de67faaf52c6e1895cb09f2c56 Version: 3ff67445750a84de67faaf52c6e1895cb09f2c56 Version: 3ff67445750a84de67faaf52c6e1895cb09f2c56 Version: 3ff67445750a84de67faaf52c6e1895cb09f2c56 Version: 3ff67445750a84de67faaf52c6e1895cb09f2c56 Version: 3ff67445750a84de67faaf52c6e1895cb09f2c56 Version: 3ff67445750a84de67faaf52c6e1895cb09f2c56 Version: 3ff67445750a84de67faaf52c6e1895cb09f2c56 Version: 77e7f91231bf63e3c64eb59a2aaf5754eaea2e69 Version: d0f35e23dafa0185f979d0c70463caa658062264 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:37.910870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:51.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/usbip/stub_dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6bafee2f18af5e5ac125e42960bc65496d0e56a0",
"status": "affected",
"version": "3ff67445750a84de67faaf52c6e1895cb09f2c56",
"versionType": "git"
},
{
"lessThan": "f20d2d3b3364ce6525c050a8b6b4c54c8c19674d",
"status": "affected",
"version": "3ff67445750a84de67faaf52c6e1895cb09f2c56",
"versionType": "git"
},
{
"lessThan": "247d3809e45a34d9e1a3a2bb7012e31ed8b46031",
"status": "affected",
"version": "3ff67445750a84de67faaf52c6e1895cb09f2c56",
"versionType": "git"
},
{
"lessThan": "2f0ae93ec33c8456cdfbf7876b80403a6318ebce",
"status": "affected",
"version": "3ff67445750a84de67faaf52c6e1895cb09f2c56",
"versionType": "git"
},
{
"lessThan": "bcbb795a9e78180d74c6ab21518da87e803dfdce",
"status": "affected",
"version": "3ff67445750a84de67faaf52c6e1895cb09f2c56",
"versionType": "git"
},
{
"lessThan": "51422046be504515eb5a591adf0f424b62f46804",
"status": "affected",
"version": "3ff67445750a84de67faaf52c6e1895cb09f2c56",
"versionType": "git"
},
{
"lessThan": "8afb048800919d0ab10c57983940eba956339f21",
"status": "affected",
"version": "3ff67445750a84de67faaf52c6e1895cb09f2c56",
"versionType": "git"
},
{
"lessThan": "11c65408bd0ba1d9cd1307caa38169292de9cdfb",
"status": "affected",
"version": "3ff67445750a84de67faaf52c6e1895cb09f2c56",
"versionType": "git"
},
{
"lessThan": "9ec4cbf1cc55d126759051acfe328d489c5d6e60",
"status": "affected",
"version": "3ff67445750a84de67faaf52c6e1895cb09f2c56",
"versionType": "git"
},
{
"status": "affected",
"version": "77e7f91231bf63e3c64eb59a2aaf5754eaea2e69",
"versionType": "git"
},
{
"status": "affected",
"version": "d0f35e23dafa0185f979d0c70463caa658062264",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/usbip/stub_dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: usbip: fix a refcount leak in stub_probe()\n\nusb_get_dev() is called in stub_device_alloc(). When stub_probe() fails\nafter that, usb_put_dev() needs to be called to release the reference.\n\nFix this by moving usb_put_dev() to sdev_free error path handling.\n\nFind this by code review."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:33.103Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6bafee2f18af5e5ac125e42960bc65496d0e56a0"
},
{
"url": "https://git.kernel.org/stable/c/f20d2d3b3364ce6525c050a8b6b4c54c8c19674d"
},
{
"url": "https://git.kernel.org/stable/c/247d3809e45a34d9e1a3a2bb7012e31ed8b46031"
},
{
"url": "https://git.kernel.org/stable/c/2f0ae93ec33c8456cdfbf7876b80403a6318ebce"
},
{
"url": "https://git.kernel.org/stable/c/bcbb795a9e78180d74c6ab21518da87e803dfdce"
},
{
"url": "https://git.kernel.org/stable/c/51422046be504515eb5a591adf0f424b62f46804"
},
{
"url": "https://git.kernel.org/stable/c/8afb048800919d0ab10c57983940eba956339f21"
},
{
"url": "https://git.kernel.org/stable/c/11c65408bd0ba1d9cd1307caa38169292de9cdfb"
},
{
"url": "https://git.kernel.org/stable/c/9ec4cbf1cc55d126759051acfe328d489c5d6e60"
}
],
"title": "usb: usbip: fix a refcount leak in stub_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49389",
"datePublished": "2025-02-26T02:11:22.834Z",
"dateReserved": "2025-02-26T02:08:31.561Z",
"dateUpdated": "2025-10-01T19:46:51.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49422 (GCVE-0-2022-49422)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
If a call to alloc_chrdev_region() fails, the already allocated resources
are leaking.
Add the needed error handling path to fix the leak.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/idxd/cdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6073af78156b8c3fc1198f8bcc190b7ac3ac0143",
"status": "affected",
"version": "42d279f9137ab7d5503836baec2739284b278d8f",
"versionType": "git"
},
{
"lessThan": "b3c7b5d08e9d5b2ff31c03078c00ecf11042419f",
"status": "affected",
"version": "42d279f9137ab7d5503836baec2739284b278d8f",
"versionType": "git"
},
{
"lessThan": "5e88561eceb34ae3f88451c2b8e30fe403484189",
"status": "affected",
"version": "42d279f9137ab7d5503836baec2739284b278d8f",
"versionType": "git"
},
{
"lessThan": "c308a2e711a52a47f4b45e7add2b5200169e429a",
"status": "affected",
"version": "42d279f9137ab7d5503836baec2739284b278d8f",
"versionType": "git"
},
{
"lessThan": "aab08c1aac01097815fbcf10fce7021d2396a31f",
"status": "affected",
"version": "42d279f9137ab7d5503836baec2739284b278d8f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/idxd/cdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix the error handling path in idxd_cdev_register()\n\nIf a call to alloc_chrdev_region() fails, the already allocated resources\nare leaking.\n\nAdd the needed error handling path to fix the leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:20.205Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6073af78156b8c3fc1198f8bcc190b7ac3ac0143"
},
{
"url": "https://git.kernel.org/stable/c/b3c7b5d08e9d5b2ff31c03078c00ecf11042419f"
},
{
"url": "https://git.kernel.org/stable/c/5e88561eceb34ae3f88451c2b8e30fe403484189"
},
{
"url": "https://git.kernel.org/stable/c/c308a2e711a52a47f4b45e7add2b5200169e429a"
},
{
"url": "https://git.kernel.org/stable/c/aab08c1aac01097815fbcf10fce7021d2396a31f"
}
],
"title": "dmaengine: idxd: Fix the error handling path in idxd_cdev_register()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49422",
"datePublished": "2025-02-26T02:12:45.269Z",
"dateReserved": "2025-02-26T02:08:31.568Z",
"dateUpdated": "2025-05-04T08:37:20.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49120 (GCVE-0-2022-49120)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm8001: Fix task leak in pm8001_send_abort_all()
In pm8001_send_abort_all(), make sure to free the allocated sas task
if pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/pm8001/pm8001_hwi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2051044d7901f1a9d7be95d0d32e53b88e9548f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2290dcad6f65864dec518fb2d5fb45f67d684150",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "146cae06d2682d7563732544be334e8e6d3862b8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "34c79d16ee69cb53288c202bb1ab0ba0130d9674",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f90a74892f3acf0cdec5844e90fc8686ca13e7d7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/pm8001/pm8001_hwi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix task leak in pm8001_send_abort_all()\n\nIn pm8001_send_abort_all(), make sure to free the allocated sas task\nif pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:19.293Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2051044d7901f1a9d7be95d0d32e53b88e9548f7"
},
{
"url": "https://git.kernel.org/stable/c/2290dcad6f65864dec518fb2d5fb45f67d684150"
},
{
"url": "https://git.kernel.org/stable/c/146cae06d2682d7563732544be334e8e6d3862b8"
},
{
"url": "https://git.kernel.org/stable/c/34c79d16ee69cb53288c202bb1ab0ba0130d9674"
},
{
"url": "https://git.kernel.org/stable/c/f90a74892f3acf0cdec5844e90fc8686ca13e7d7"
}
],
"title": "scsi: pm8001: Fix task leak in pm8001_send_abort_all()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49120",
"datePublished": "2025-02-26T01:55:01.159Z",
"dateReserved": "2025-02-26T01:49:39.264Z",
"dateUpdated": "2025-05-04T08:30:19.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49708 (GCVE-0-2022-49708)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 12:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix bug_on ext4_mb_use_inode_pa
Hulk Robot reported a BUG_ON:
==================================================================
kernel BUG at fs/ext4/mballoc.c:3211!
[...]
RIP: 0010:ext4_mb_mark_diskspace_used.cold+0x85/0x136f
[...]
Call Trace:
ext4_mb_new_blocks+0x9df/0x5d30
ext4_ext_map_blocks+0x1803/0x4d80
ext4_map_blocks+0x3a4/0x1a10
ext4_writepages+0x126d/0x2c30
do_writepages+0x7f/0x1b0
__filemap_fdatawrite_range+0x285/0x3b0
file_write_and_wait_range+0xb1/0x140
ext4_sync_file+0x1aa/0xca0
vfs_fsync_range+0xfb/0x260
do_fsync+0x48/0xa0
[...]
==================================================================
Above issue may happen as follows:
-------------------------------------
do_fsync
vfs_fsync_range
ext4_sync_file
file_write_and_wait_range
__filemap_fdatawrite_range
do_writepages
ext4_writepages
mpage_map_and_submit_extent
mpage_map_one_extent
ext4_map_blocks
ext4_mb_new_blocks
ext4_mb_normalize_request
>>> start + size <= ac->ac_o_ex.fe_logical
ext4_mb_regular_allocator
ext4_mb_simple_scan_group
ext4_mb_use_best_found
ext4_mb_new_preallocation
ext4_mb_new_inode_pa
ext4_mb_use_inode_pa
>>> set ac->ac_b_ex.fe_len <= 0
ext4_mb_mark_diskspace_used
>>> BUG_ON(ac->ac_b_ex.fe_len <= 0);
we can easily reproduce this problem with the following commands:
`fallocate -l100M disk`
`mkfs.ext4 -b 1024 -g 256 disk`
`mount disk /mnt`
`fsstress -d /mnt -l 0 -n 1000 -p 1`
The size must be smaller than or equal to EXT4_BLOCKS_PER_GROUP.
Therefore, "start + size <= ac->ac_o_ex.fe_logical" may occur
when the size is truncated. So start should be the start position of
the group where ac_o_ex.fe_logical is located after alignment.
In addition, when the value of fe_logical or EXT4_BLOCKS_PER_GROUP
is very large, the value calculated by start_off is more accurate.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fc6c2da174edd7a7b760b12c60d432d300e05cca Version: cd648b8a8fd5071d232242d5ee7ee3c0815776af Version: cd648b8a8fd5071d232242d5ee7ee3c0815776af Version: cd648b8a8fd5071d232242d5ee7ee3c0815776af Version: cd648b8a8fd5071d232242d5ee7ee3c0815776af Version: cd648b8a8fd5071d232242d5ee7ee3c0815776af Version: cd648b8a8fd5071d232242d5ee7ee3c0815776af Version: cd648b8a8fd5071d232242d5ee7ee3c0815776af Version: f213db429b883a2d5403de0b1ce92fb7d7ee979e Version: 98f58e05231f835dfb09359e3b5e3a886fe8f189 Version: c1664e9bcf6291c0ceb8599f57c8cf493526abe6 Version: 37cf4ab1ba60c30ca9fd0fe3b9993b24cb87886a Version: 75f37dab088eb84ff25a49e59371f01ea3f44aa7 Version: 8774c73cf6963310395823ed7077ea12943ea0f3 Version: c4fbdc0124799f1772f4d886b7f2e1a6f881d195 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6880fb2e64331b9fdc85d3f32b1d7e81ad8703f1",
"status": "affected",
"version": "fc6c2da174edd7a7b760b12c60d432d300e05cca",
"versionType": "git"
},
{
"lessThan": "a37c1359714da42517dd19d36fc3c4d17edba832",
"status": "affected",
"version": "cd648b8a8fd5071d232242d5ee7ee3c0815776af",
"versionType": "git"
},
{
"lessThan": "5707d721d1819db57dba57b1d4623034fcb32047",
"status": "affected",
"version": "cd648b8a8fd5071d232242d5ee7ee3c0815776af",
"versionType": "git"
},
{
"lessThan": "a6b31616e5afe1d3972cb0682a373e50597faf5c",
"status": "affected",
"version": "cd648b8a8fd5071d232242d5ee7ee3c0815776af",
"versionType": "git"
},
{
"lessThan": "6fdaf31ad5f3d3afab744dfd9a8b0d9142aa881f",
"status": "affected",
"version": "cd648b8a8fd5071d232242d5ee7ee3c0815776af",
"versionType": "git"
},
{
"lessThan": "90f0f9d45dff0128c0fca0d2358c4153b024afa6",
"status": "affected",
"version": "cd648b8a8fd5071d232242d5ee7ee3c0815776af",
"versionType": "git"
},
{
"lessThan": "887a3e9ad4b8309a2266bce7ae749b2bf1f7a687",
"status": "affected",
"version": "cd648b8a8fd5071d232242d5ee7ee3c0815776af",
"versionType": "git"
},
{
"lessThan": "a08f789d2ab5242c07e716baf9a835725046be89",
"status": "affected",
"version": "cd648b8a8fd5071d232242d5ee7ee3c0815776af",
"versionType": "git"
},
{
"status": "affected",
"version": "f213db429b883a2d5403de0b1ce92fb7d7ee979e",
"versionType": "git"
},
{
"status": "affected",
"version": "98f58e05231f835dfb09359e3b5e3a886fe8f189",
"versionType": "git"
},
{
"status": "affected",
"version": "c1664e9bcf6291c0ceb8599f57c8cf493526abe6",
"versionType": "git"
},
{
"status": "affected",
"version": "37cf4ab1ba60c30ca9fd0fe3b9993b24cb87886a",
"versionType": "git"
},
{
"status": "affected",
"version": "75f37dab088eb84ff25a49e59371f01ea3f44aa7",
"versionType": "git"
},
{
"status": "affected",
"version": "8774c73cf6963310395823ed7077ea12943ea0f3",
"versionType": "git"
},
{
"status": "affected",
"version": "c4fbdc0124799f1772f4d886b7f2e1a6f881d195",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.320",
"versionStartIncluding": "4.9.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.285",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.249",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug_on ext4_mb_use_inode_pa\n\nHulk Robot reported a BUG_ON:\n==================================================================\nkernel BUG at fs/ext4/mballoc.c:3211!\n[...]\nRIP: 0010:ext4_mb_mark_diskspace_used.cold+0x85/0x136f\n[...]\nCall Trace:\n ext4_mb_new_blocks+0x9df/0x5d30\n ext4_ext_map_blocks+0x1803/0x4d80\n ext4_map_blocks+0x3a4/0x1a10\n ext4_writepages+0x126d/0x2c30\n do_writepages+0x7f/0x1b0\n __filemap_fdatawrite_range+0x285/0x3b0\n file_write_and_wait_range+0xb1/0x140\n ext4_sync_file+0x1aa/0xca0\n vfs_fsync_range+0xfb/0x260\n do_fsync+0x48/0xa0\n[...]\n==================================================================\n\nAbove issue may happen as follows:\n-------------------------------------\ndo_fsync\n vfs_fsync_range\n ext4_sync_file\n file_write_and_wait_range\n __filemap_fdatawrite_range\n do_writepages\n ext4_writepages\n mpage_map_and_submit_extent\n mpage_map_one_extent\n ext4_map_blocks\n ext4_mb_new_blocks\n ext4_mb_normalize_request\n \u003e\u003e\u003e start + size \u003c= ac-\u003eac_o_ex.fe_logical\n ext4_mb_regular_allocator\n ext4_mb_simple_scan_group\n ext4_mb_use_best_found\n ext4_mb_new_preallocation\n ext4_mb_new_inode_pa\n ext4_mb_use_inode_pa\n \u003e\u003e\u003e set ac-\u003eac_b_ex.fe_len \u003c= 0\n ext4_mb_mark_diskspace_used\n \u003e\u003e\u003e BUG_ON(ac-\u003eac_b_ex.fe_len \u003c= 0);\n\nwe can easily reproduce this problem with the following commands:\n\t`fallocate -l100M disk`\n\t`mkfs.ext4 -b 1024 -g 256 disk`\n\t`mount disk /mnt`\n\t`fsstress -d /mnt -l 0 -n 1000 -p 1`\n\nThe size must be smaller than or equal to EXT4_BLOCKS_PER_GROUP.\nTherefore, \"start + size \u003c= ac-\u003eac_o_ex.fe_logical\" may occur\nwhen the size is truncated. So start should be the start position of\nthe group where ac_o_ex.fe_logical is located after alignment.\nIn addition, when the value of fe_logical or EXT4_BLOCKS_PER_GROUP\nis very large, the value calculated by start_off is more accurate."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:45:10.177Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6880fb2e64331b9fdc85d3f32b1d7e81ad8703f1"
},
{
"url": "https://git.kernel.org/stable/c/a37c1359714da42517dd19d36fc3c4d17edba832"
},
{
"url": "https://git.kernel.org/stable/c/5707d721d1819db57dba57b1d4623034fcb32047"
},
{
"url": "https://git.kernel.org/stable/c/a6b31616e5afe1d3972cb0682a373e50597faf5c"
},
{
"url": "https://git.kernel.org/stable/c/6fdaf31ad5f3d3afab744dfd9a8b0d9142aa881f"
},
{
"url": "https://git.kernel.org/stable/c/90f0f9d45dff0128c0fca0d2358c4153b024afa6"
},
{
"url": "https://git.kernel.org/stable/c/887a3e9ad4b8309a2266bce7ae749b2bf1f7a687"
},
{
"url": "https://git.kernel.org/stable/c/a08f789d2ab5242c07e716baf9a835725046be89"
}
],
"title": "ext4: fix bug_on ext4_mb_use_inode_pa",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49708",
"datePublished": "2025-02-26T02:24:26.142Z",
"dateReserved": "2025-02-26T02:21:30.444Z",
"dateUpdated": "2025-05-04T12:45:10.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49301 (GCVE-0-2022-49301)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8712: fix uninit-value in usb_read8() and friends
When r8712_usbctrl_vendorreq() returns negative, 'data' in
usb_read{8,16,32} will not be initialized.
BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline]
BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725
string_nocheck lib/vsprintf.c:643 [inline]
string+0x4ec/0x6f0 lib/vsprintf.c:725
vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806
va_format lib/vsprintf.c:1704 [inline]
pointer+0x18e6/0x1f70 lib/vsprintf.c:2443
vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810
vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158
vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256
dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604
dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615
__dev_printk+0x3be/0x440 drivers/base/core.c:4627
_dev_info+0x1ea/0x22f drivers/base/core.c:4673
r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401
usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
really_probe+0x6c7/0x1350 drivers/base/dd.c:621
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238
usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293
really_probe+0x6c7/0x1350 drivers/base/dd.c:621
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5363 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
port_event drivers/usb/core/hub.c:5665 [inline]
hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747
process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289
worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436
kthread+0x3c7/0x500 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
Local variable data created at:
usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33
r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29
KMSAN: uninit-value in r871xu_drv_init
https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:44.311879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:59.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8712/usb_ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "58762f1c63c75cbe1dc393eed3c9cf8e38310ca1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "33ef21d55418ab6a62a63fd550b2dbe297433372",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "95b0f54f8a898072a2810c05fab34d971f23a612",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d7ed3c85da0b230bcdf5329acfe012ed093f3daa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "de075af8c404f7d59ed34df230aedd9f645fb846",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d1b57669732d09da7e13ef86d058dab0cd57f6e0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8712/usb_ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix uninit-value in usb_read8() and friends\n\nWhen r8712_usbctrl_vendorreq() returns negative, \u0027data\u0027 in\nusb_read{8,16,32} will not be initialized.\n\nBUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline]\nBUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725\n string_nocheck lib/vsprintf.c:643 [inline]\n string+0x4ec/0x6f0 lib/vsprintf.c:725\n vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806\n va_format lib/vsprintf.c:1704 [inline]\n pointer+0x18e6/0x1f70 lib/vsprintf.c:2443\n vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810\n vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158\n vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256\n dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604\n dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615\n __dev_printk+0x3be/0x440 drivers/base/core.c:4627\n _dev_info+0x1ea/0x22f drivers/base/core.c:4673\n r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401\n usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396\n really_probe+0x6c7/0x1350 drivers/base/dd.c:621\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238\n usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293\n really_probe+0x6c7/0x1350 drivers/base/dd.c:621\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566\n hub_port_connect drivers/usb/core/hub.c:5363 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]\n port_event drivers/usb/core/hub.c:5665 [inline]\n hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747\n process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289\n worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436\n kthread+0x3c7/0x500 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30\n\nLocal variable data created at:\n usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33\n r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29\n\nKMSAN: uninit-value in r871xu_drv_init\nhttps://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:39.416Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/58762f1c63c75cbe1dc393eed3c9cf8e38310ca1"
},
{
"url": "https://git.kernel.org/stable/c/33ef21d55418ab6a62a63fd550b2dbe297433372"
},
{
"url": "https://git.kernel.org/stable/c/95b0f54f8a898072a2810c05fab34d971f23a612"
},
{
"url": "https://git.kernel.org/stable/c/d7ed3c85da0b230bcdf5329acfe012ed093f3daa"
},
{
"url": "https://git.kernel.org/stable/c/de075af8c404f7d59ed34df230aedd9f645fb846"
},
{
"url": "https://git.kernel.org/stable/c/d1b57669732d09da7e13ef86d058dab0cd57f6e0"
}
],
"title": "staging: rtl8712: fix uninit-value in usb_read8() and friends",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49301",
"datePublished": "2025-02-26T02:10:36.072Z",
"dateReserved": "2025-02-26T02:08:31.535Z",
"dateUpdated": "2025-10-01T19:46:59.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49584 (GCVE-0-2022-49584)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
It is possible to disable VFs while the PF driver is processing requests
from the VF driver. This can result in a panic.
BUG: unable to handle kernel paging request at 000000000000106c
PGD 0 P4D 0
Oops: 0000 [#1] SMP NOPTI
CPU: 8 PID: 0 Comm: swapper/8 Kdump: loaded Tainted: G I --------- -
Hardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020
RIP: 0010:ixgbe_msg_task+0x4c8/0x1690 [ixgbe]
Code: 00 00 48 8d 04 40 48 c1 e0 05 89 7c 24 24 89 fd 48 89 44 24 10 83 ff
01 0f 84 b8 04 00 00 4c 8b 64 24 10 4d 03 a5 48 22 00 00 <41> 80 7c 24 4c
00 0f 84 8a 03 00 00 0f b7 c7 83 f8 08 0f 84 8f 0a
RSP: 0018:ffffb337869f8df8 EFLAGS: 00010002
RAX: 0000000000001020 RBX: 0000000000000000 RCX: 000000000000002b
RDX: 0000000000000002 RSI: 0000000000000008 RDI: 0000000000000006
RBP: 0000000000000006 R08: 0000000000000002 R09: 0000000000029780
R10: 00006957d8f42832 R11: 0000000000000000 R12: 0000000000001020
R13: ffff8a00e8978ac0 R14: 000000000000002b R15: ffff8a00e8979c80
FS: 0000000000000000(0000) GS:ffff8a07dfd00000(0000) knlGS:00000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000106c CR3: 0000000063e10004 CR4: 00000000007726e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<IRQ>
? ttwu_do_wakeup+0x19/0x140
? try_to_wake_up+0x1cd/0x550
? ixgbevf_update_xcast_mode+0x71/0xc0 [ixgbevf]
ixgbe_msix_other+0x17e/0x310 [ixgbe]
__handle_irq_event_percpu+0x40/0x180
handle_irq_event_percpu+0x30/0x80
handle_irq_event+0x36/0x53
handle_edge_irq+0x82/0x190
handle_irq+0x1c/0x30
do_IRQ+0x49/0xd0
common_interrupt+0xf/0xf
This can be eventually be reproduced with the following script:
while :
do
echo 63 > /sys/class/net/<devname>/device/sriov_numvfs
sleep 1
echo 0 > /sys/class/net/<devname>/device/sriov_numvfs
sleep 1
done
Add lock when disabling SR-IOV to prevent process VF mailbox communication.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ixgbe/ixgbe.h",
"drivers/net/ethernet/intel/ixgbe/ixgbe_main.c",
"drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "031af9e617a6f51075d97e56fc9e712c7dde2508",
"status": "affected",
"version": "d773d1310625be3b040b436178ad59a0af8888f1",
"versionType": "git"
},
{
"lessThan": "b82de63f8f817b5735480293dda8e92ba8170c52",
"status": "affected",
"version": "d773d1310625be3b040b436178ad59a0af8888f1",
"versionType": "git"
},
{
"lessThan": "16f929a5e76fd047fd8697e1e568bdd7d771955c",
"status": "affected",
"version": "d773d1310625be3b040b436178ad59a0af8888f1",
"versionType": "git"
},
{
"lessThan": "9d925d2dc82cec2bcbd8625457645d8a548ab22e",
"status": "affected",
"version": "d773d1310625be3b040b436178ad59a0af8888f1",
"versionType": "git"
},
{
"lessThan": "1e53834ce541d4fe271cdcca7703e50be0a44f8a",
"status": "affected",
"version": "d773d1310625be3b040b436178ad59a0af8888f1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ixgbe/ixgbe.h",
"drivers/net/ethernet/intel/ixgbe/ixgbe_main.c",
"drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.208",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.208",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.134",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Add locking to prevent panic when setting sriov_numvfs to zero\n\nIt is possible to disable VFs while the PF driver is processing requests\nfrom the VF driver. This can result in a panic.\n\nBUG: unable to handle kernel paging request at 000000000000106c\nPGD 0 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 8 PID: 0 Comm: swapper/8 Kdump: loaded Tainted: G I --------- -\nHardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020\nRIP: 0010:ixgbe_msg_task+0x4c8/0x1690 [ixgbe]\nCode: 00 00 48 8d 04 40 48 c1 e0 05 89 7c 24 24 89 fd 48 89 44 24 10 83 ff\n01 0f 84 b8 04 00 00 4c 8b 64 24 10 4d 03 a5 48 22 00 00 \u003c41\u003e 80 7c 24 4c\n00 0f 84 8a 03 00 00 0f b7 c7 83 f8 08 0f 84 8f 0a\nRSP: 0018:ffffb337869f8df8 EFLAGS: 00010002\nRAX: 0000000000001020 RBX: 0000000000000000 RCX: 000000000000002b\nRDX: 0000000000000002 RSI: 0000000000000008 RDI: 0000000000000006\nRBP: 0000000000000006 R08: 0000000000000002 R09: 0000000000029780\nR10: 00006957d8f42832 R11: 0000000000000000 R12: 0000000000001020\nR13: ffff8a00e8978ac0 R14: 000000000000002b R15: ffff8a00e8979c80\nFS: 0000000000000000(0000) GS:ffff8a07dfd00000(0000) knlGS:00000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000000106c CR3: 0000000063e10004 CR4: 00000000007726e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? ttwu_do_wakeup+0x19/0x140\n ? try_to_wake_up+0x1cd/0x550\n ? ixgbevf_update_xcast_mode+0x71/0xc0 [ixgbevf]\n ixgbe_msix_other+0x17e/0x310 [ixgbe]\n __handle_irq_event_percpu+0x40/0x180\n handle_irq_event_percpu+0x30/0x80\n handle_irq_event+0x36/0x53\n handle_edge_irq+0x82/0x190\n handle_irq+0x1c/0x30\n do_IRQ+0x49/0xd0\n common_interrupt+0xf/0xf\n\nThis can be eventually be reproduced with the following script:\n\nwhile :\ndo\n echo 63 \u003e /sys/class/net/\u003cdevname\u003e/device/sriov_numvfs\n sleep 1\n echo 0 \u003e /sys/class/net/\u003cdevname\u003e/device/sriov_numvfs\n sleep 1\ndone\n\nAdd lock when disabling SR-IOV to prevent process VF mailbox communication."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:10.383Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/031af9e617a6f51075d97e56fc9e712c7dde2508"
},
{
"url": "https://git.kernel.org/stable/c/b82de63f8f817b5735480293dda8e92ba8170c52"
},
{
"url": "https://git.kernel.org/stable/c/16f929a5e76fd047fd8697e1e568bdd7d771955c"
},
{
"url": "https://git.kernel.org/stable/c/9d925d2dc82cec2bcbd8625457645d8a548ab22e"
},
{
"url": "https://git.kernel.org/stable/c/1e53834ce541d4fe271cdcca7703e50be0a44f8a"
}
],
"title": "ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49584",
"datePublished": "2025-02-26T02:23:20.600Z",
"dateReserved": "2025-02-26T02:21:30.412Z",
"dateUpdated": "2025-05-04T08:41:10.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49687 (GCVE-0-2022-49687)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
virtio_net: fix xdp_rxq_info bug after suspend/resume
The following sequence currently causes a driver bug warning
when using virtio_net:
# ip link set eth0 up
# echo mem > /sys/power/state (or e.g. # rtcwake -s 10 -m mem)
<resume>
# ip link set eth0 down
Missing register, driver bug
WARNING: CPU: 0 PID: 375 at net/core/xdp.c:138 xdp_rxq_info_unreg+0x58/0x60
Call trace:
xdp_rxq_info_unreg+0x58/0x60
virtnet_close+0x58/0xac
__dev_close_many+0xac/0x140
__dev_change_flags+0xd8/0x210
dev_change_flags+0x24/0x64
do_setlink+0x230/0xdd0
...
This happens because virtnet_freeze() frees the receive_queue
completely (including struct xdp_rxq_info) but does not call
xdp_rxq_info_unreg(). Similarly, virtnet_restore() sets up the
receive_queue again but does not call xdp_rxq_info_reg().
Actually, parts of virtnet_freeze_down() and virtnet_restore_up()
are almost identical to virtnet_close() and virtnet_open(): only
the calls to xdp_rxq_info_(un)reg() are missing. This means that
we can fix this easily and avoid such problems in the future by
just calling virtnet_close()/open() from the freeze/restore handlers.
Aside from adding the missing xdp_rxq_info calls the only difference
is that the refill work is only cancelled if netif_running(). However,
this should not make any functional difference since the refill work
should only be active if the network interface is actually up.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 754b8a21a96d5f11712245aef907149606b323ae Version: 754b8a21a96d5f11712245aef907149606b323ae Version: 754b8a21a96d5f11712245aef907149606b323ae Version: 754b8a21a96d5f11712245aef907149606b323ae Version: 754b8a21a96d5f11712245aef907149606b323ae Version: 754b8a21a96d5f11712245aef907149606b323ae |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/virtio_net.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9222672fa6370f0ec3d899662cb8680e9282fc4c",
"status": "affected",
"version": "754b8a21a96d5f11712245aef907149606b323ae",
"versionType": "git"
},
{
"lessThan": "8c7a32b7c15555beddc5810c3334d9cefff061bf",
"status": "affected",
"version": "754b8a21a96d5f11712245aef907149606b323ae",
"versionType": "git"
},
{
"lessThan": "340fbdc8011f2dc678f622c5ce1cbb5ab8305de7",
"status": "affected",
"version": "754b8a21a96d5f11712245aef907149606b323ae",
"versionType": "git"
},
{
"lessThan": "8d7fe9ad6fddc2af8bde4b921b4f8fab231ed38c",
"status": "affected",
"version": "754b8a21a96d5f11712245aef907149606b323ae",
"versionType": "git"
},
{
"lessThan": "57ee40f1b198b59d43c216fbc4672f9300d3c8b0",
"status": "affected",
"version": "754b8a21a96d5f11712245aef907149606b323ae",
"versionType": "git"
},
{
"lessThan": "8af52fe9fd3bf5e7478da99193c0632276e1dfce",
"status": "affected",
"version": "754b8a21a96d5f11712245aef907149606b323ae",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/virtio_net.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.250",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.250",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.202",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: fix xdp_rxq_info bug after suspend/resume\n\nThe following sequence currently causes a driver bug warning\nwhen using virtio_net:\n\n # ip link set eth0 up\n # echo mem \u003e /sys/power/state (or e.g. # rtcwake -s 10 -m mem)\n \u003cresume\u003e\n # ip link set eth0 down\n\n Missing register, driver bug\n WARNING: CPU: 0 PID: 375 at net/core/xdp.c:138 xdp_rxq_info_unreg+0x58/0x60\n Call trace:\n xdp_rxq_info_unreg+0x58/0x60\n virtnet_close+0x58/0xac\n __dev_close_many+0xac/0x140\n __dev_change_flags+0xd8/0x210\n dev_change_flags+0x24/0x64\n do_setlink+0x230/0xdd0\n ...\n\nThis happens because virtnet_freeze() frees the receive_queue\ncompletely (including struct xdp_rxq_info) but does not call\nxdp_rxq_info_unreg(). Similarly, virtnet_restore() sets up the\nreceive_queue again but does not call xdp_rxq_info_reg().\n\nActually, parts of virtnet_freeze_down() and virtnet_restore_up()\nare almost identical to virtnet_close() and virtnet_open(): only\nthe calls to xdp_rxq_info_(un)reg() are missing. This means that\nwe can fix this easily and avoid such problems in the future by\njust calling virtnet_close()/open() from the freeze/restore handlers.\n\nAside from adding the missing xdp_rxq_info calls the only difference\nis that the refill work is only cancelled if netif_running(). However,\nthis should not make any functional difference since the refill work\nshould only be active if the network interface is actually up."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:19.791Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9222672fa6370f0ec3d899662cb8680e9282fc4c"
},
{
"url": "https://git.kernel.org/stable/c/8c7a32b7c15555beddc5810c3334d9cefff061bf"
},
{
"url": "https://git.kernel.org/stable/c/340fbdc8011f2dc678f622c5ce1cbb5ab8305de7"
},
{
"url": "https://git.kernel.org/stable/c/8d7fe9ad6fddc2af8bde4b921b4f8fab231ed38c"
},
{
"url": "https://git.kernel.org/stable/c/57ee40f1b198b59d43c216fbc4672f9300d3c8b0"
},
{
"url": "https://git.kernel.org/stable/c/8af52fe9fd3bf5e7478da99193c0632276e1dfce"
}
],
"title": "virtio_net: fix xdp_rxq_info bug after suspend/resume",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49687",
"datePublished": "2025-02-26T02:24:13.187Z",
"dateReserved": "2025-02-26T02:21:30.441Z",
"dateUpdated": "2025-05-04T08:43:19.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49386 (GCVE-0-2022-49386)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
am65_cpsw_init_cpts() and am65_cpsw_nuss_probe() don't release
the refcount in error case.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:45.730008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:51.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ti/am65-cpsw-nuss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f7ba2cc57f404d2d9f26fb85bd3833d35a477829",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "a4b7ef3b159805ba6be061d0cd2403d84b9b0063",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "78aca10a16f001c9f49f1cc4dadfee8d444bb173",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "2e44f21c384503562713b7d3b673c40bed20af3d",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
},
{
"lessThan": "5dd89d2fc438457811cbbec07999ce0d80051ff5",
"status": "affected",
"version": "93a76530316a3d8cc2d82c3deca48424fee92100",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ti/am65-cpsw-nuss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nam65_cpsw_init_cpts() and am65_cpsw_nuss_probe() don\u0027t release\nthe refcount in error case.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:34.775Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f7ba2cc57f404d2d9f26fb85bd3833d35a477829"
},
{
"url": "https://git.kernel.org/stable/c/a4b7ef3b159805ba6be061d0cd2403d84b9b0063"
},
{
"url": "https://git.kernel.org/stable/c/78aca10a16f001c9f49f1cc4dadfee8d444bb173"
},
{
"url": "https://git.kernel.org/stable/c/2e44f21c384503562713b7d3b673c40bed20af3d"
},
{
"url": "https://git.kernel.org/stable/c/5dd89d2fc438457811cbbec07999ce0d80051ff5"
}
],
"title": "net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49386",
"datePublished": "2025-02-26T02:11:21.197Z",
"dateReserved": "2025-02-26T02:08:31.560Z",
"dateUpdated": "2025-10-01T19:46:51.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49606 (GCVE-0-2022-49606)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Fix sleep from invalid context BUG
Taking the qos_mutex to process RoCEv2 QP's on netdev events causes a
kernel splat.
Fix this by removing the handling for RoCEv2 in
irdma_cm_teardown_connections that uses the mutex. This handling is only
needed for iWARP to avoid having connections established while the link is
down or having connections remain functional after the IP address is
removed.
BUG: sleeping function called from invalid context at kernel/locking/mutex.
Call Trace:
kernel: dump_stack+0x66/0x90
kernel: ___might_sleep.cold.92+0x8d/0x9a
kernel: mutex_lock+0x1c/0x40
kernel: irdma_cm_teardown_connections+0x28e/0x4d0 [irdma]
kernel: ? check_preempt_curr+0x7a/0x90
kernel: ? select_idle_sibling+0x22/0x3c0
kernel: ? select_task_rq_fair+0x94c/0xc90
kernel: ? irdma_exec_cqp_cmd+0xc27/0x17c0 [irdma]
kernel: ? __wake_up_common+0x7a/0x190
kernel: irdma_if_notify+0x3cc/0x450 [irdma]
kernel: ? sched_clock_cpu+0xc/0xb0
kernel: irdma_inet6addr_event+0xc6/0x150 [irdma]
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/irdma/cm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a4c5115140ed1833197bad9a6b80265840ff427f",
"status": "affected",
"version": "146b9756f14c04894226fb97e2f102f217139c27",
"versionType": "git"
},
{
"lessThan": "2cae7e519032e4b4672cb9204d5586a441924364",
"status": "affected",
"version": "146b9756f14c04894226fb97e2f102f217139c27",
"versionType": "git"
},
{
"lessThan": "cc0315564d6eec91c716d314b743321be24c70b3",
"status": "affected",
"version": "146b9756f14c04894226fb97e2f102f217139c27",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/irdma/cm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix sleep from invalid context BUG\n\nTaking the qos_mutex to process RoCEv2 QP\u0027s on netdev events causes a\nkernel splat.\n\nFix this by removing the handling for RoCEv2 in\nirdma_cm_teardown_connections that uses the mutex. This handling is only\nneeded for iWARP to avoid having connections established while the link is\ndown or having connections remain functional after the IP address is\nremoved.\n\n BUG: sleeping function called from invalid context at kernel/locking/mutex.\n Call Trace:\n kernel: dump_stack+0x66/0x90\n kernel: ___might_sleep.cold.92+0x8d/0x9a\n kernel: mutex_lock+0x1c/0x40\n kernel: irdma_cm_teardown_connections+0x28e/0x4d0 [irdma]\n kernel: ? check_preempt_curr+0x7a/0x90\n kernel: ? select_idle_sibling+0x22/0x3c0\n kernel: ? select_task_rq_fair+0x94c/0xc90\n kernel: ? irdma_exec_cqp_cmd+0xc27/0x17c0 [irdma]\n kernel: ? __wake_up_common+0x7a/0x190\n kernel: irdma_if_notify+0x3cc/0x450 [irdma]\n kernel: ? sched_clock_cpu+0xc/0xb0\n kernel: irdma_inet6addr_event+0xc6/0x150 [irdma]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:39.560Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a4c5115140ed1833197bad9a6b80265840ff427f"
},
{
"url": "https://git.kernel.org/stable/c/2cae7e519032e4b4672cb9204d5586a441924364"
},
{
"url": "https://git.kernel.org/stable/c/cc0315564d6eec91c716d314b743321be24c70b3"
}
],
"title": "RDMA/irdma: Fix sleep from invalid context BUG",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49606",
"datePublished": "2025-02-26T02:23:31.346Z",
"dateReserved": "2025-02-26T02:21:30.417Z",
"dateUpdated": "2025-05-04T08:41:39.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49440 (GCVE-0-2022-49440)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/rtas: Keep MSR[RI] set when calling RTAS
RTAS runs in real mode (MSR[DR] and MSR[IR] unset) and in 32-bit big
endian mode (MSR[SF,LE] unset).
The change in MSR is done in enter_rtas() in a relatively complex way,
since the MSR value could be hardcoded.
Furthermore, a panic has been reported when hitting the watchdog interrupt
while running in RTAS, this leads to the following stack trace:
watchdog: CPU 24 Hard LOCKUP
watchdog: CPU 24 TB:997512652051031, last heartbeat TB:997504470175378 (15980ms ago)
...
Supported: No, Unreleased kernel
CPU: 24 PID: 87504 Comm: drmgr Kdump: loaded Tainted: G E X 5.14.21-150400.71.1.bz196362_2-default #1 SLE15-SP4 (unreleased) 0d821077ef4faa8dfaf370efb5fdca1fa35f4e2c
NIP: 000000001fb41050 LR: 000000001fb4104c CTR: 0000000000000000
REGS: c00000000fc33d60 TRAP: 0100 Tainted: G E X (5.14.21-150400.71.1.bz196362_2-default)
MSR: 8000000002981000 <SF,VEC,VSX,ME> CR: 48800002 XER: 20040020
CFAR: 000000000000011c IRQMASK: 1
GPR00: 0000000000000003 ffffffffffffffff 0000000000000001 00000000000050dc
GPR04: 000000001ffb6100 0000000000000020 0000000000000001 000000001fb09010
GPR08: 0000000020000000 0000000000000000 0000000000000000 0000000000000000
GPR12: 80040000072a40a8 c00000000ff8b680 0000000000000007 0000000000000034
GPR16: 000000001fbf6e94 000000001fbf6d84 000000001fbd1db0 000000001fb3f008
GPR20: 000000001fb41018 ffffffffffffffff 000000000000017f fffffffffffff68f
GPR24: 000000001fb18fe8 000000001fb3e000 000000001fb1adc0 000000001fb1cf40
GPR28: 000000001fb26000 000000001fb460f0 000000001fb17f18 000000001fb17000
NIP [000000001fb41050] 0x1fb41050
LR [000000001fb4104c] 0x1fb4104c
Call Trace:
Instruction dump:
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
Oops: Unrecoverable System Reset, sig: 6 [#1]
LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
...
Supported: No, Unreleased kernel
CPU: 24 PID: 87504 Comm: drmgr Kdump: loaded Tainted: G E X 5.14.21-150400.71.1.bz196362_2-default #1 SLE15-SP4 (unreleased) 0d821077ef4faa8dfaf370efb5fdca1fa35f4e2c
NIP: 000000001fb41050 LR: 000000001fb4104c CTR: 0000000000000000
REGS: c00000000fc33d60 TRAP: 0100 Tainted: G E X (5.14.21-150400.71.1.bz196362_2-default)
MSR: 8000000002981000 <SF,VEC,VSX,ME> CR: 48800002 XER: 20040020
CFAR: 000000000000011c IRQMASK: 1
GPR00: 0000000000000003 ffffffffffffffff 0000000000000001 00000000000050dc
GPR04: 000000001ffb6100 0000000000000020 0000000000000001 000000001fb09010
GPR08: 0000000020000000 0000000000000000 0000000000000000 0000000000000000
GPR12: 80040000072a40a8 c00000000ff8b680 0000000000000007 0000000000000034
GPR16: 000000001fbf6e94 000000001fbf6d84 000000001fbd1db0 000000001fb3f008
GPR20: 000000001fb41018 ffffffffffffffff 000000000000017f fffffffffffff68f
GPR24: 000000001fb18fe8 000000001fb3e000 000000001fb1adc0 000000001fb1cf40
GPR28: 000000001fb26000 000000001fb460f0 000000001fb17f18 000000001fb17000
NIP [000000001fb41050] 0x1fb41050
LR [000000001fb4104c] 0x1fb4104c
Call Trace:
Instruction dump:
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
---[ end trace 3ddec07f638c34a2 ]---
This happens because MSR[RI] is unset when entering RTAS but there is no
valid reason to not set it here.
RTAS is expected to be called with MSR[RI] as specified in PAPR+ section
"7.2.1 Machine State":
R1–7.2.1–9. If called with MSR[RI] equal to 1, then RTAS must protect
its own critical regions from recursion by setting the MSR[RI] bit to
0 when in the critical regions.
Fixing this by reviewing the way MSR is compute before calling RTAS. Now a
hardcoded value meaning real
---truncated---
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/kernel/entry_64.S",
"arch/powerpc/kernel/rtas.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5ca40fcf0da0ce2b5bc44e7d8b036535955f2e3d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f4367448f6817c8a0e94dc9736ed84fa8eee4a3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c9c41f0273826a13ac93124e66a4ff45df281ba0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b6b1c3ce06ca438eb24e0f45bf0e63ecad0369f5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/kernel/entry_64.S",
"arch/powerpc/kernel/rtas.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Keep MSR[RI] set when calling RTAS\n\nRTAS runs in real mode (MSR[DR] and MSR[IR] unset) and in 32-bit big\nendian mode (MSR[SF,LE] unset).\n\nThe change in MSR is done in enter_rtas() in a relatively complex way,\nsince the MSR value could be hardcoded.\n\nFurthermore, a panic has been reported when hitting the watchdog interrupt\nwhile running in RTAS, this leads to the following stack trace:\n\n watchdog: CPU 24 Hard LOCKUP\n watchdog: CPU 24 TB:997512652051031, last heartbeat TB:997504470175378 (15980ms ago)\n ...\n Supported: No, Unreleased kernel\n CPU: 24 PID: 87504 Comm: drmgr Kdump: loaded Tainted: G E X 5.14.21-150400.71.1.bz196362_2-default #1 SLE15-SP4 (unreleased) 0d821077ef4faa8dfaf370efb5fdca1fa35f4e2c\n NIP: 000000001fb41050 LR: 000000001fb4104c CTR: 0000000000000000\n REGS: c00000000fc33d60 TRAP: 0100 Tainted: G E X (5.14.21-150400.71.1.bz196362_2-default)\n MSR: 8000000002981000 \u003cSF,VEC,VSX,ME\u003e CR: 48800002 XER: 20040020\n CFAR: 000000000000011c IRQMASK: 1\n GPR00: 0000000000000003 ffffffffffffffff 0000000000000001 00000000000050dc\n GPR04: 000000001ffb6100 0000000000000020 0000000000000001 000000001fb09010\n GPR08: 0000000020000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 80040000072a40a8 c00000000ff8b680 0000000000000007 0000000000000034\n GPR16: 000000001fbf6e94 000000001fbf6d84 000000001fbd1db0 000000001fb3f008\n GPR20: 000000001fb41018 ffffffffffffffff 000000000000017f fffffffffffff68f\n GPR24: 000000001fb18fe8 000000001fb3e000 000000001fb1adc0 000000001fb1cf40\n GPR28: 000000001fb26000 000000001fb460f0 000000001fb17f18 000000001fb17000\n NIP [000000001fb41050] 0x1fb41050\n LR [000000001fb4104c] 0x1fb4104c\n Call Trace:\n Instruction dump:\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n Oops: Unrecoverable System Reset, sig: 6 [#1]\n LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\n ...\n Supported: No, Unreleased kernel\n CPU: 24 PID: 87504 Comm: drmgr Kdump: loaded Tainted: G E X 5.14.21-150400.71.1.bz196362_2-default #1 SLE15-SP4 (unreleased) 0d821077ef4faa8dfaf370efb5fdca1fa35f4e2c\n NIP: 000000001fb41050 LR: 000000001fb4104c CTR: 0000000000000000\n REGS: c00000000fc33d60 TRAP: 0100 Tainted: G E X (5.14.21-150400.71.1.bz196362_2-default)\n MSR: 8000000002981000 \u003cSF,VEC,VSX,ME\u003e CR: 48800002 XER: 20040020\n CFAR: 000000000000011c IRQMASK: 1\n GPR00: 0000000000000003 ffffffffffffffff 0000000000000001 00000000000050dc\n GPR04: 000000001ffb6100 0000000000000020 0000000000000001 000000001fb09010\n GPR08: 0000000020000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 80040000072a40a8 c00000000ff8b680 0000000000000007 0000000000000034\n GPR16: 000000001fbf6e94 000000001fbf6d84 000000001fbd1db0 000000001fb3f008\n GPR20: 000000001fb41018 ffffffffffffffff 000000000000017f fffffffffffff68f\n GPR24: 000000001fb18fe8 000000001fb3e000 000000001fb1adc0 000000001fb1cf40\n GPR28: 000000001fb26000 000000001fb460f0 000000001fb17f18 000000001fb17000\n NIP [000000001fb41050] 0x1fb41050\n LR [000000001fb4104c] 0x1fb4104c\n Call Trace:\n Instruction dump:\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n ---[ end trace 3ddec07f638c34a2 ]---\n\nThis happens because MSR[RI] is unset when entering RTAS but there is no\nvalid reason to not set it here.\n\nRTAS is expected to be called with MSR[RI] as specified in PAPR+ section\n\"7.2.1 Machine State\":\n\n R1\u20137.2.1\u20139. If called with MSR[RI] equal to 1, then RTAS must protect\n its own critical regions from recursion by setting the MSR[RI] bit to\n 0 when in the critical regions.\n\nFixing this by reviewing the way MSR is compute before calling RTAS. Now a\nhardcoded value meaning real \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:42.677Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5ca40fcf0da0ce2b5bc44e7d8b036535955f2e3d"
},
{
"url": "https://git.kernel.org/stable/c/5f4367448f6817c8a0e94dc9736ed84fa8eee4a3"
},
{
"url": "https://git.kernel.org/stable/c/c9c41f0273826a13ac93124e66a4ff45df281ba0"
},
{
"url": "https://git.kernel.org/stable/c/b6b1c3ce06ca438eb24e0f45bf0e63ecad0369f5"
}
],
"title": "powerpc/rtas: Keep MSR[RI] set when calling RTAS",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49440",
"datePublished": "2025-02-26T02:12:53.988Z",
"dateReserved": "2025-02-26T02:08:31.570Z",
"dateUpdated": "2025-05-04T08:37:42.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49579 (GCVE-0-2022-49579)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv4: Fix data-races around sysctl_fib_multipath_hash_policy.
While reading sysctl_fib_multipath_hash_policy, it can be changed
concurrently. Thus, we need to add READ_ONCE() to its readers.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:36:20.971537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:54.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c",
"net/ipv4/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "21fb844bc1dc1461f5038d655aa1a14f39e13049",
"status": "affected",
"version": "bf4e0a3db97eb882368fd82980b3b1fa0b5b9778",
"versionType": "git"
},
{
"lessThan": "918ee6592ab9a2ff5316d06cfd4aaef60ccabec6",
"status": "affected",
"version": "bf4e0a3db97eb882368fd82980b3b1fa0b5b9778",
"versionType": "git"
},
{
"lessThan": "7998c12a08c97cc26660532c9f90a34bd7d8da5a",
"status": "affected",
"version": "bf4e0a3db97eb882368fd82980b3b1fa0b5b9778",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c",
"net/ipv4/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Fix data-races around sysctl_fib_multipath_hash_policy.\n\nWhile reading sysctl_fib_multipath_hash_policy, it can be changed\nconcurrently. Thus, we need to add READ_ONCE() to its readers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:03.948Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21fb844bc1dc1461f5038d655aa1a14f39e13049"
},
{
"url": "https://git.kernel.org/stable/c/918ee6592ab9a2ff5316d06cfd4aaef60ccabec6"
},
{
"url": "https://git.kernel.org/stable/c/7998c12a08c97cc26660532c9f90a34bd7d8da5a"
}
],
"title": "ipv4: Fix data-races around sysctl_fib_multipath_hash_policy.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49579",
"datePublished": "2025-02-26T02:23:18.163Z",
"dateReserved": "2025-02-26T02:21:30.411Z",
"dateUpdated": "2025-10-01T19:36:54.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49495 (GCVE-0-2022-49495)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
It will cause null-ptr-deref if platform_get_resource_byname() returns NULL,
we need check the return value.
Patchwork: https://patchwork.freedesktop.org/patch/482992/
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: c6a57a50ad562a2e6fc6ac3218b710caea73a58b Version: c6a57a50ad562a2e6fc6ac3218b710caea73a58b Version: c6a57a50ad562a2e6fc6ac3218b710caea73a58b Version: c6a57a50ad562a2e6fc6ac3218b710caea73a58b Version: c6a57a50ad562a2e6fc6ac3218b710caea73a58b Version: c6a57a50ad562a2e6fc6ac3218b710caea73a58b Version: c6a57a50ad562a2e6fc6ac3218b710caea73a58b Version: c6a57a50ad562a2e6fc6ac3218b710caea73a58b Version: c6a57a50ad562a2e6fc6ac3218b710caea73a58b |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:38:49.404258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:43.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/hdmi/hdmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9cb1ee33efccb8b107ee04b7b3441820de3fd2da",
"status": "affected",
"version": "c6a57a50ad562a2e6fc6ac3218b710caea73a58b",
"versionType": "git"
},
{
"lessThan": "c1bfacf0daf25a5fc7d667399d6ff2dffda84cd8",
"status": "affected",
"version": "c6a57a50ad562a2e6fc6ac3218b710caea73a58b",
"versionType": "git"
},
{
"lessThan": "0978fcce91b90b561b8c82e7c492ba9fc8440eef",
"status": "affected",
"version": "c6a57a50ad562a2e6fc6ac3218b710caea73a58b",
"versionType": "git"
},
{
"lessThan": "2b3ed7547b1a052209da6c4ab886ffe0eed88c42",
"status": "affected",
"version": "c6a57a50ad562a2e6fc6ac3218b710caea73a58b",
"versionType": "git"
},
{
"lessThan": "d9cb951d11a4ace4de5c50b1178ad211de17079e",
"status": "affected",
"version": "c6a57a50ad562a2e6fc6ac3218b710caea73a58b",
"versionType": "git"
},
{
"lessThan": "4cd66a8016b872a153bf892fe4258cbc0dacf5b1",
"status": "affected",
"version": "c6a57a50ad562a2e6fc6ac3218b710caea73a58b",
"versionType": "git"
},
{
"lessThan": "6369dda4a2209142ab819f01d3d2076d81e3ebdd",
"status": "affected",
"version": "c6a57a50ad562a2e6fc6ac3218b710caea73a58b",
"versionType": "git"
},
{
"lessThan": "9f5495a5c51c1d11c6ffc13aa2befffec0c2651a",
"status": "affected",
"version": "c6a57a50ad562a2e6fc6ac3218b710caea73a58b",
"versionType": "git"
},
{
"lessThan": "a36e506711548df923ceb7ec9f6001375be799a5",
"status": "affected",
"version": "c6a57a50ad562a2e6fc6ac3218b710caea73a58b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/hdmi/hdmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/hdmi: check return value after calling platform_get_resource_byname()\n\nIt will cause null-ptr-deref if platform_get_resource_byname() returns NULL,\nwe need check the return value.\n\nPatchwork: https://patchwork.freedesktop.org/patch/482992/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:09.132Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9cb1ee33efccb8b107ee04b7b3441820de3fd2da"
},
{
"url": "https://git.kernel.org/stable/c/c1bfacf0daf25a5fc7d667399d6ff2dffda84cd8"
},
{
"url": "https://git.kernel.org/stable/c/0978fcce91b90b561b8c82e7c492ba9fc8440eef"
},
{
"url": "https://git.kernel.org/stable/c/2b3ed7547b1a052209da6c4ab886ffe0eed88c42"
},
{
"url": "https://git.kernel.org/stable/c/d9cb951d11a4ace4de5c50b1178ad211de17079e"
},
{
"url": "https://git.kernel.org/stable/c/4cd66a8016b872a153bf892fe4258cbc0dacf5b1"
},
{
"url": "https://git.kernel.org/stable/c/6369dda4a2209142ab819f01d3d2076d81e3ebdd"
},
{
"url": "https://git.kernel.org/stable/c/9f5495a5c51c1d11c6ffc13aa2befffec0c2651a"
},
{
"url": "https://git.kernel.org/stable/c/a36e506711548df923ceb7ec9f6001375be799a5"
}
],
"title": "drm/msm/hdmi: check return value after calling platform_get_resource_byname()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49495",
"datePublished": "2025-02-26T02:13:30.846Z",
"dateReserved": "2025-02-26T02:08:31.586Z",
"dateUpdated": "2025-10-01T19:46:43.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49623 (GCVE-0-2022-49623)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/xive/spapr: correct bitmap allocation size
kasan detects access beyond the end of the xibm->bitmap allocation:
BUG: KASAN: slab-out-of-bounds in _find_first_zero_bit+0x40/0x140
Read of size 8 at addr c00000001d1d0118 by task swapper/0/1
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc2-00001-g90df023b36dd #28
Call Trace:
[c00000001d98f770] [c0000000012baab8] dump_stack_lvl+0xac/0x108 (unreliable)
[c00000001d98f7b0] [c00000000068faac] print_report+0x37c/0x710
[c00000001d98f880] [c0000000006902c0] kasan_report+0x110/0x354
[c00000001d98f950] [c000000000692324] __asan_load8+0xa4/0xe0
[c00000001d98f970] [c0000000011c6ed0] _find_first_zero_bit+0x40/0x140
[c00000001d98f9b0] [c0000000000dbfbc] xive_spapr_get_ipi+0xcc/0x260
[c00000001d98fa70] [c0000000000d6d28] xive_setup_cpu_ipi+0x1e8/0x450
[c00000001d98fb30] [c000000004032a20] pSeries_smp_probe+0x5c/0x118
[c00000001d98fb60] [c000000004018b44] smp_prepare_cpus+0x944/0x9ac
[c00000001d98fc90] [c000000004009f9c] kernel_init_freeable+0x2d4/0x640
[c00000001d98fd90] [c0000000000131e8] kernel_init+0x28/0x1d0
[c00000001d98fe10] [c00000000000cd54] ret_from_kernel_thread+0x5c/0x64
Allocated by task 0:
kasan_save_stack+0x34/0x70
__kasan_kmalloc+0xb4/0xf0
__kmalloc+0x268/0x540
xive_spapr_init+0x4d0/0x77c
pseries_init_irq+0x40/0x27c
init_IRQ+0x44/0x84
start_kernel+0x2a4/0x538
start_here_common+0x1c/0x20
The buggy address belongs to the object at c00000001d1d0118
which belongs to the cache kmalloc-8 of size 8
The buggy address is located 0 bytes inside of
8-byte region [c00000001d1d0118, c00000001d1d0120)
The buggy address belongs to the physical page:
page:c00c000000074740 refcount:1 mapcount:0 mapping:0000000000000000 index:0xc00000001d1d0558 pfn:0x1d1d
flags: 0x7ffff000000200(slab|node=0|zone=0|lastcpupid=0x7ffff)
raw: 007ffff000000200 c00000001d0003c8 c00000001d0003c8 c00000001d010480
raw: c00000001d1d0558 0000000001e1000a 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
c00000001d1d0000: fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
c00000001d1d0080: fc fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
>c00000001d1d0100: fc fc fc 02 fc fc fc fc fc fc fc fc fc fc fc fc
^
c00000001d1d0180: fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc fc
c00000001d1d0200: fc fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc
This happens because the allocation uses the wrong unit (bits) when it
should pass (BITS_TO_LONGS(count) * sizeof(long)) or equivalent. With small
numbers of bits, the allocated object can be smaller than sizeof(long),
which results in invalid accesses.
Use bitmap_zalloc() to allocate and initialize the irq bitmap, paired with
bitmap_free() for consistency.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:34:34.646128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:50.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/sysdev/xive/spapr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "10f2cd373e65bcd3be8f3cdc71c330c25763dfd8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "99d1c36bddd93919072b5a51a89297bbb5ad6a6f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "19fc5bb93c6bbdce8292b4d7eed04e2fa118d2fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/sysdev/xive/spapr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xive/spapr: correct bitmap allocation size\n\nkasan detects access beyond the end of the xibm-\u003ebitmap allocation:\n\nBUG: KASAN: slab-out-of-bounds in _find_first_zero_bit+0x40/0x140\nRead of size 8 at addr c00000001d1d0118 by task swapper/0/1\n\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc2-00001-g90df023b36dd #28\nCall Trace:\n[c00000001d98f770] [c0000000012baab8] dump_stack_lvl+0xac/0x108 (unreliable)\n[c00000001d98f7b0] [c00000000068faac] print_report+0x37c/0x710\n[c00000001d98f880] [c0000000006902c0] kasan_report+0x110/0x354\n[c00000001d98f950] [c000000000692324] __asan_load8+0xa4/0xe0\n[c00000001d98f970] [c0000000011c6ed0] _find_first_zero_bit+0x40/0x140\n[c00000001d98f9b0] [c0000000000dbfbc] xive_spapr_get_ipi+0xcc/0x260\n[c00000001d98fa70] [c0000000000d6d28] xive_setup_cpu_ipi+0x1e8/0x450\n[c00000001d98fb30] [c000000004032a20] pSeries_smp_probe+0x5c/0x118\n[c00000001d98fb60] [c000000004018b44] smp_prepare_cpus+0x944/0x9ac\n[c00000001d98fc90] [c000000004009f9c] kernel_init_freeable+0x2d4/0x640\n[c00000001d98fd90] [c0000000000131e8] kernel_init+0x28/0x1d0\n[c00000001d98fe10] [c00000000000cd54] ret_from_kernel_thread+0x5c/0x64\n\nAllocated by task 0:\n kasan_save_stack+0x34/0x70\n __kasan_kmalloc+0xb4/0xf0\n __kmalloc+0x268/0x540\n xive_spapr_init+0x4d0/0x77c\n pseries_init_irq+0x40/0x27c\n init_IRQ+0x44/0x84\n start_kernel+0x2a4/0x538\n start_here_common+0x1c/0x20\n\nThe buggy address belongs to the object at c00000001d1d0118\n which belongs to the cache kmalloc-8 of size 8\nThe buggy address is located 0 bytes inside of\n 8-byte region [c00000001d1d0118, c00000001d1d0120)\n\nThe buggy address belongs to the physical page:\npage:c00c000000074740 refcount:1 mapcount:0 mapping:0000000000000000 index:0xc00000001d1d0558 pfn:0x1d1d\nflags: 0x7ffff000000200(slab|node=0|zone=0|lastcpupid=0x7ffff)\nraw: 007ffff000000200 c00000001d0003c8 c00000001d0003c8 c00000001d010480\nraw: c00000001d1d0558 0000000001e1000a 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n c00000001d1d0000: fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n c00000001d1d0080: fc fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc\n\u003ec00000001d1d0100: fc fc fc 02 fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n c00000001d1d0180: fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc fc\n c00000001d1d0200: fc fc fc fc fc 04 fc fc fc fc fc fc fc fc fc fc\n\nThis happens because the allocation uses the wrong unit (bits) when it\nshould pass (BITS_TO_LONGS(count) * sizeof(long)) or equivalent. With small\nnumbers of bits, the allocated object can be smaller than sizeof(long),\nwhich results in invalid accesses.\n\nUse bitmap_zalloc() to allocate and initialize the irq bitmap, paired with\nbitmap_free() for consistency."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:00.979Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/10f2cd373e65bcd3be8f3cdc71c330c25763dfd8"
},
{
"url": "https://git.kernel.org/stable/c/99d1c36bddd93919072b5a51a89297bbb5ad6a6f"
},
{
"url": "https://git.kernel.org/stable/c/19fc5bb93c6bbdce8292b4d7eed04e2fa118d2fe"
}
],
"title": "powerpc/xive/spapr: correct bitmap allocation size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49623",
"datePublished": "2025-02-26T02:23:39.834Z",
"dateReserved": "2025-02-26T02:21:30.420Z",
"dateUpdated": "2025-10-01T19:36:50.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49488 (GCVE-0-2022-49488)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
There is a possibility for mdp5_get_global_state to return
-EDEADLK when acquiring the modeset lock, but currently global_state in
mdp5_mixer_release doesn't check for if an error is returned.
To avoid a NULL dereference error, let's have mdp5_mixer_release
check if an error is returned and propagate that error.
Patchwork: https://patchwork.freedesktop.org/patch/485181/
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7907a0d77cb461f58045763c205a5830be72e97c Version: 7907a0d77cb461f58045763c205a5830be72e97c Version: 7907a0d77cb461f58045763c205a5830be72e97c Version: 7907a0d77cb461f58045763c205a5830be72e97c Version: 7907a0d77cb461f58045763c205a5830be72e97c Version: 7907a0d77cb461f58045763c205a5830be72e97c Version: 7907a0d77cb461f58045763c205a5830be72e97c |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c",
"drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c",
"drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1a5d1474026ea4f1a6f931075ca2adb884af39cf",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
},
{
"lessThan": "22d8424913b1348c6324916745fadaeea5273f0e",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
},
{
"lessThan": "883f1d52a57bf51e1d7a80c432345e2c6222477e",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
},
{
"lessThan": "09bdeedc1fc53e64b8282e1de67752c69e43bdba",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
},
{
"lessThan": "47e393061049aff6818d1b9fdca7351411a23fc2",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
},
{
"lessThan": "46e5ce63924a96af452c4fc5ee0bb3b241e1b9f4",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
},
{
"lessThan": "ca75f6f7c6f89365e40f10f641b15981b1f07c31",
"status": "affected",
"version": "7907a0d77cb461f58045763c205a5830be72e97c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c",
"drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c",
"drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected\n\nThere is a possibility for mdp5_get_global_state to return\n-EDEADLK when acquiring the modeset lock, but currently global_state in\nmdp5_mixer_release doesn\u0027t check for if an error is returned.\n\nTo avoid a NULL dereference error, let\u0027s have mdp5_mixer_release\ncheck if an error is returned and propagate that error.\n\nPatchwork: https://patchwork.freedesktop.org/patch/485181/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:58.996Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a5d1474026ea4f1a6f931075ca2adb884af39cf"
},
{
"url": "https://git.kernel.org/stable/c/22d8424913b1348c6324916745fadaeea5273f0e"
},
{
"url": "https://git.kernel.org/stable/c/883f1d52a57bf51e1d7a80c432345e2c6222477e"
},
{
"url": "https://git.kernel.org/stable/c/09bdeedc1fc53e64b8282e1de67752c69e43bdba"
},
{
"url": "https://git.kernel.org/stable/c/47e393061049aff6818d1b9fdca7351411a23fc2"
},
{
"url": "https://git.kernel.org/stable/c/46e5ce63924a96af452c4fc5ee0bb3b241e1b9f4"
},
{
"url": "https://git.kernel.org/stable/c/ca75f6f7c6f89365e40f10f641b15981b1f07c31"
}
],
"title": "drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49488",
"datePublished": "2025-02-26T02:13:26.116Z",
"dateReserved": "2025-02-26T02:08:31.583Z",
"dateUpdated": "2025-05-04T08:38:58.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49626 (GCVE-0-2022-49626)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sfc: fix use after free when disabling sriov
Use after free is detected by kfence when disabling sriov. What was read
after being freed was vf->pci_dev: it was freed from pci_disable_sriov
and later read in efx_ef10_sriov_free_vf_vports, called from
efx_ef10_sriov_free_vf_vswitching.
Set the pointer to NULL at release time to not trying to read it later.
Reproducer and dmesg log (note that kfence doesn't detect it every time):
$ echo 1 > /sys/class/net/enp65s0f0np0/device/sriov_numvfs
$ echo 0 > /sys/class/net/enp65s0f0np0/device/sriov_numvfs
BUG: KFENCE: use-after-free read in efx_ef10_sriov_free_vf_vswitching+0x82/0x170 [sfc]
Use-after-free read at 0x00000000ff3c1ba5 (in kfence-#224):
efx_ef10_sriov_free_vf_vswitching+0x82/0x170 [sfc]
efx_ef10_pci_sriov_disable+0x38/0x70 [sfc]
efx_pci_sriov_configure+0x24/0x40 [sfc]
sriov_numvfs_store+0xfe/0x140
kernfs_fop_write_iter+0x11c/0x1b0
new_sync_write+0x11f/0x1b0
vfs_write+0x1eb/0x280
ksys_write+0x5f/0xe0
do_syscall_64+0x5c/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
kfence-#224: 0x00000000edb8ef95-0x00000000671f5ce1, size=2792, cache=kmalloc-4k
allocated by task 6771 on cpu 10 at 3137.860196s:
pci_alloc_dev+0x21/0x60
pci_iov_add_virtfn+0x2a2/0x320
sriov_enable+0x212/0x3e0
efx_ef10_sriov_configure+0x67/0x80 [sfc]
efx_pci_sriov_configure+0x24/0x40 [sfc]
sriov_numvfs_store+0xba/0x140
kernfs_fop_write_iter+0x11c/0x1b0
new_sync_write+0x11f/0x1b0
vfs_write+0x1eb/0x280
ksys_write+0x5f/0xe0
do_syscall_64+0x5c/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
freed by task 6771 on cpu 12 at 3170.991309s:
device_release+0x34/0x90
kobject_cleanup+0x3a/0x130
pci_iov_remove_virtfn+0xd9/0x120
sriov_disable+0x30/0xe0
efx_ef10_pci_sriov_disable+0x57/0x70 [sfc]
efx_pci_sriov_configure+0x24/0x40 [sfc]
sriov_numvfs_store+0xfe/0x140
kernfs_fop_write_iter+0x11c/0x1b0
new_sync_write+0x11f/0x1b0
vfs_write+0x1eb/0x280
ksys_write+0x5f/0xe0
do_syscall_64+0x5c/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 3c5eb87605e85146a78de589b5070a37862425db Version: 3c5eb87605e85146a78de589b5070a37862425db Version: 3c5eb87605e85146a78de589b5070a37862425db Version: 3c5eb87605e85146a78de589b5070a37862425db Version: 3c5eb87605e85146a78de589b5070a37862425db Version: 3c5eb87605e85146a78de589b5070a37862425db Version: 3c5eb87605e85146a78de589b5070a37862425db Version: 3c5eb87605e85146a78de589b5070a37862425db |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:15:26.254621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:31.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/sfc/ef10_sriov.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3199e34912d84cdfb8a93a984c5ae5c73fb13e84",
"status": "affected",
"version": "3c5eb87605e85146a78de589b5070a37862425db",
"versionType": "git"
},
{
"lessThan": "c9e75bb22a26e391f189f5a5133dd63dcb57fdaa",
"status": "affected",
"version": "3c5eb87605e85146a78de589b5070a37862425db",
"versionType": "git"
},
{
"lessThan": "9c854ae512b89229aeee93849e9bd4c115b37909",
"status": "affected",
"version": "3c5eb87605e85146a78de589b5070a37862425db",
"versionType": "git"
},
{
"lessThan": "bcad880865bfb421885364b1f0c7351280fe2b97",
"status": "affected",
"version": "3c5eb87605e85146a78de589b5070a37862425db",
"versionType": "git"
},
{
"lessThan": "c2240500817b3b4b996cdf2a461a3a5679f49b94",
"status": "affected",
"version": "3c5eb87605e85146a78de589b5070a37862425db",
"versionType": "git"
},
{
"lessThan": "58d93e9d160c0de6d867c7eb4c2206671a351eb1",
"status": "affected",
"version": "3c5eb87605e85146a78de589b5070a37862425db",
"versionType": "git"
},
{
"lessThan": "e435c4aeeaa073091f7f3b7735af2ef5c97d63f2",
"status": "affected",
"version": "3c5eb87605e85146a78de589b5070a37862425db",
"versionType": "git"
},
{
"lessThan": "ebe41da5d47ac0fff877e57bd14c54dccf168827",
"status": "affected",
"version": "3c5eb87605e85146a78de589b5070a37862425db",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/sfc/ef10_sriov.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.289",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.324",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.289",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.253",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix use after free when disabling sriov\n\nUse after free is detected by kfence when disabling sriov. What was read\nafter being freed was vf-\u003epci_dev: it was freed from pci_disable_sriov\nand later read in efx_ef10_sriov_free_vf_vports, called from\nefx_ef10_sriov_free_vf_vswitching.\n\nSet the pointer to NULL at release time to not trying to read it later.\n\nReproducer and dmesg log (note that kfence doesn\u0027t detect it every time):\n$ echo 1 \u003e /sys/class/net/enp65s0f0np0/device/sriov_numvfs\n$ echo 0 \u003e /sys/class/net/enp65s0f0np0/device/sriov_numvfs\n\n BUG: KFENCE: use-after-free read in efx_ef10_sriov_free_vf_vswitching+0x82/0x170 [sfc]\n\n Use-after-free read at 0x00000000ff3c1ba5 (in kfence-#224):\n efx_ef10_sriov_free_vf_vswitching+0x82/0x170 [sfc]\n efx_ef10_pci_sriov_disable+0x38/0x70 [sfc]\n efx_pci_sriov_configure+0x24/0x40 [sfc]\n sriov_numvfs_store+0xfe/0x140\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n kfence-#224: 0x00000000edb8ef95-0x00000000671f5ce1, size=2792, cache=kmalloc-4k\n\n allocated by task 6771 on cpu 10 at 3137.860196s:\n pci_alloc_dev+0x21/0x60\n pci_iov_add_virtfn+0x2a2/0x320\n sriov_enable+0x212/0x3e0\n efx_ef10_sriov_configure+0x67/0x80 [sfc]\n efx_pci_sriov_configure+0x24/0x40 [sfc]\n sriov_numvfs_store+0xba/0x140\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n freed by task 6771 on cpu 12 at 3170.991309s:\n device_release+0x34/0x90\n kobject_cleanup+0x3a/0x130\n pci_iov_remove_virtfn+0xd9/0x120\n sriov_disable+0x30/0xe0\n efx_ef10_pci_sriov_disable+0x57/0x70 [sfc]\n efx_pci_sriov_configure+0x24/0x40 [sfc]\n sriov_numvfs_store+0xfe/0x140\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:05.577Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3199e34912d84cdfb8a93a984c5ae5c73fb13e84"
},
{
"url": "https://git.kernel.org/stable/c/c9e75bb22a26e391f189f5a5133dd63dcb57fdaa"
},
{
"url": "https://git.kernel.org/stable/c/9c854ae512b89229aeee93849e9bd4c115b37909"
},
{
"url": "https://git.kernel.org/stable/c/bcad880865bfb421885364b1f0c7351280fe2b97"
},
{
"url": "https://git.kernel.org/stable/c/c2240500817b3b4b996cdf2a461a3a5679f49b94"
},
{
"url": "https://git.kernel.org/stable/c/58d93e9d160c0de6d867c7eb4c2206671a351eb1"
},
{
"url": "https://git.kernel.org/stable/c/e435c4aeeaa073091f7f3b7735af2ef5c97d63f2"
},
{
"url": "https://git.kernel.org/stable/c/ebe41da5d47ac0fff877e57bd14c54dccf168827"
}
],
"title": "sfc: fix use after free when disabling sriov",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49626",
"datePublished": "2025-02-26T02:23:41.274Z",
"dateReserved": "2025-02-26T02:21:30.421Z",
"dateUpdated": "2025-05-04T08:42:05.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49394 (GCVE-0-2022-49394)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-iolatency: Fix inflight count imbalances and IO hangs on offline
iolatency needs to track the number of inflight IOs per cgroup. As this
tracking can be expensive, it is disabled when no cgroup has iolatency
configured for the device. To ensure that the inflight counters stay
balanced, iolatency_set_limit() freezes the request_queue while manipulating
the enabled counter, which ensures that no IO is in flight and thus all
counters are zero.
Unfortunately, iolatency_set_limit() isn't the only place where the enabled
counter is manipulated. iolatency_pd_offline() can also dec the counter and
trigger disabling. As this disabling happens without freezing the q, this
can easily happen while some IOs are in flight and thus leak the counts.
This can be easily demonstrated by turning on iolatency on an one empty
cgroup while IOs are in flight in other cgroups and then removing the
cgroup. Note that iolatency shouldn't have been enabled elsewhere in the
system to ensure that removing the cgroup disables iolatency for the whole
device.
The following keeps flipping on and off iolatency on sda:
echo +io > /sys/fs/cgroup/cgroup.subtree_control
while true; do
mkdir -p /sys/fs/cgroup/test
echo '8:0 target=100000' > /sys/fs/cgroup/test/io.latency
sleep 1
rmdir /sys/fs/cgroup/test
sleep 1
done
and there's concurrent fio generating direct rand reads:
fio --name test --filename=/dev/sda --direct=1 --rw=randread \
--runtime=600 --time_based --iodepth=256 --numjobs=4 --bs=4k
while monitoring with the following drgn script:
while True:
for css in css_for_each_descendant_pre(prog['blkcg_root'].css.address_of_()):
for pos in hlist_for_each(container_of(css, 'struct blkcg', 'css').blkg_list):
blkg = container_of(pos, 'struct blkcg_gq', 'blkcg_node')
pd = blkg.pd[prog['blkcg_policy_iolatency'].plid]
if pd.value_() == 0:
continue
iolat = container_of(pd, 'struct iolatency_grp', 'pd')
inflight = iolat.rq_wait.inflight.counter.value_()
if inflight:
print(f'inflight={inflight} {disk_name(blkg.q.disk).decode("utf-8")} '
f'{cgroup_path(css.cgroup).decode("utf-8")}')
time.sleep(1)
The monitoring output looks like the following:
inflight=1 sda /user.slice
inflight=1 sda /user.slice
...
inflight=14 sda /user.slice
inflight=13 sda /user.slice
inflight=17 sda /user.slice
inflight=15 sda /user.slice
inflight=18 sda /user.slice
inflight=17 sda /user.slice
inflight=20 sda /user.slice
inflight=19 sda /user.slice <- fio stopped, inflight stuck at 19
inflight=19 sda /user.slice
inflight=19 sda /user.slice
If a cgroup with stuck inflight ends up getting throttled, the throttled IOs
will never get issued as there's no completion event to wake it up leading
to an indefinite hang.
This patch fixes the bug by unifying enable handling into a work item which
is automatically kicked off from iolatency_set_min_lat_nsec() which is
called from both iolatency_set_limit() and iolatency_pd_offline() paths.
Punting to a work item is necessary as iolatency_pd_offline() is called
under spinlocks while freezing a request_queue requires a sleepable context.
This also simplifies the code reducing LOC sans the comments and avoids the
unnecessary freezes which were happening whenever a cgroup's latency target
is newly set or cleared.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6d482bc5697763eb1214f207286daa201b32d20a Version: 8c772a9bfc7c07c76f4a58b58910452fbb20843b Version: 8c772a9bfc7c07c76f4a58b58910452fbb20843b Version: 8c772a9bfc7c07c76f4a58b58910452fbb20843b Version: 8c772a9bfc7c07c76f4a58b58910452fbb20843b Version: 8c772a9bfc7c07c76f4a58b58910452fbb20843b Version: 8c772a9bfc7c07c76f4a58b58910452fbb20843b Version: beed6109acd4efc2f1717c31bddcd0ad7ebbf253 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-iolatency.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "515d077ee3085ae343b6bea7fd031f9906645f38",
"status": "affected",
"version": "6d482bc5697763eb1214f207286daa201b32d20a",
"versionType": "git"
},
{
"lessThan": "d19fa8f252000d141f9199ca32959c50314e1f05",
"status": "affected",
"version": "8c772a9bfc7c07c76f4a58b58910452fbb20843b",
"versionType": "git"
},
{
"lessThan": "77692c02e1517c54f2fd0535f41aa4286ac9f140",
"status": "affected",
"version": "8c772a9bfc7c07c76f4a58b58910452fbb20843b",
"versionType": "git"
},
{
"lessThan": "a30acbb5dfb7bcc813ad6a18ca31011ac44e5547",
"status": "affected",
"version": "8c772a9bfc7c07c76f4a58b58910452fbb20843b",
"versionType": "git"
},
{
"lessThan": "968f7a239c590454ffba79c126fbe0e963a0ba78",
"status": "affected",
"version": "8c772a9bfc7c07c76f4a58b58910452fbb20843b",
"versionType": "git"
},
{
"lessThan": "5b0ff3ebbef791341695b718f8d2870869cf1d01",
"status": "affected",
"version": "8c772a9bfc7c07c76f4a58b58910452fbb20843b",
"versionType": "git"
},
{
"lessThan": "8a177a36da6c54c98b8685d4f914cb3637d53c0d",
"status": "affected",
"version": "8c772a9bfc7c07c76f4a58b58910452fbb20843b",
"versionType": "git"
},
{
"status": "affected",
"version": "beed6109acd4efc2f1717c31bddcd0ad7ebbf253",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-iolatency.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.19.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iolatency: Fix inflight count imbalances and IO hangs on offline\n\niolatency needs to track the number of inflight IOs per cgroup. As this\ntracking can be expensive, it is disabled when no cgroup has iolatency\nconfigured for the device. To ensure that the inflight counters stay\nbalanced, iolatency_set_limit() freezes the request_queue while manipulating\nthe enabled counter, which ensures that no IO is in flight and thus all\ncounters are zero.\n\nUnfortunately, iolatency_set_limit() isn\u0027t the only place where the enabled\ncounter is manipulated. iolatency_pd_offline() can also dec the counter and\ntrigger disabling. As this disabling happens without freezing the q, this\ncan easily happen while some IOs are in flight and thus leak the counts.\n\nThis can be easily demonstrated by turning on iolatency on an one empty\ncgroup while IOs are in flight in other cgroups and then removing the\ncgroup. Note that iolatency shouldn\u0027t have been enabled elsewhere in the\nsystem to ensure that removing the cgroup disables iolatency for the whole\ndevice.\n\nThe following keeps flipping on and off iolatency on sda:\n\n echo +io \u003e /sys/fs/cgroup/cgroup.subtree_control\n while true; do\n mkdir -p /sys/fs/cgroup/test\n echo \u00278:0 target=100000\u0027 \u003e /sys/fs/cgroup/test/io.latency\n sleep 1\n rmdir /sys/fs/cgroup/test\n sleep 1\n done\n\nand there\u0027s concurrent fio generating direct rand reads:\n\n fio --name test --filename=/dev/sda --direct=1 --rw=randread \\\n --runtime=600 --time_based --iodepth=256 --numjobs=4 --bs=4k\n\nwhile monitoring with the following drgn script:\n\n while True:\n for css in css_for_each_descendant_pre(prog[\u0027blkcg_root\u0027].css.address_of_()):\n for pos in hlist_for_each(container_of(css, \u0027struct blkcg\u0027, \u0027css\u0027).blkg_list):\n blkg = container_of(pos, \u0027struct blkcg_gq\u0027, \u0027blkcg_node\u0027)\n pd = blkg.pd[prog[\u0027blkcg_policy_iolatency\u0027].plid]\n if pd.value_() == 0:\n continue\n iolat = container_of(pd, \u0027struct iolatency_grp\u0027, \u0027pd\u0027)\n inflight = iolat.rq_wait.inflight.counter.value_()\n if inflight:\n print(f\u0027inflight={inflight} {disk_name(blkg.q.disk).decode(\"utf-8\")} \u0027\n f\u0027{cgroup_path(css.cgroup).decode(\"utf-8\")}\u0027)\n time.sleep(1)\n\nThe monitoring output looks like the following:\n\n inflight=1 sda /user.slice\n inflight=1 sda /user.slice\n ...\n inflight=14 sda /user.slice\n inflight=13 sda /user.slice\n inflight=17 sda /user.slice\n inflight=15 sda /user.slice\n inflight=18 sda /user.slice\n inflight=17 sda /user.slice\n inflight=20 sda /user.slice\n inflight=19 sda /user.slice \u003c- fio stopped, inflight stuck at 19\n inflight=19 sda /user.slice\n inflight=19 sda /user.slice\n\nIf a cgroup with stuck inflight ends up getting throttled, the throttled IOs\nwill never get issued as there\u0027s no completion event to wake it up leading\nto an indefinite hang.\n\nThis patch fixes the bug by unifying enable handling into a work item which\nis automatically kicked off from iolatency_set_min_lat_nsec() which is\ncalled from both iolatency_set_limit() and iolatency_pd_offline() paths.\nPunting to a work item is necessary as iolatency_pd_offline() is called\nunder spinlocks while freezing a request_queue requires a sleepable context.\n\nThis also simplifies the code reducing LOC sans the comments and avoids the\nunnecessary freezes which were happening whenever a cgroup\u0027s latency target\nis newly set or cleared."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:35.305Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/515d077ee3085ae343b6bea7fd031f9906645f38"
},
{
"url": "https://git.kernel.org/stable/c/d19fa8f252000d141f9199ca32959c50314e1f05"
},
{
"url": "https://git.kernel.org/stable/c/77692c02e1517c54f2fd0535f41aa4286ac9f140"
},
{
"url": "https://git.kernel.org/stable/c/a30acbb5dfb7bcc813ad6a18ca31011ac44e5547"
},
{
"url": "https://git.kernel.org/stable/c/968f7a239c590454ffba79c126fbe0e963a0ba78"
},
{
"url": "https://git.kernel.org/stable/c/5b0ff3ebbef791341695b718f8d2870869cf1d01"
},
{
"url": "https://git.kernel.org/stable/c/8a177a36da6c54c98b8685d4f914cb3637d53c0d"
}
],
"title": "blk-iolatency: Fix inflight count imbalances and IO hangs on offline",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49394",
"datePublished": "2025-02-26T02:11:25.197Z",
"dateReserved": "2025-02-26T02:08:31.562Z",
"dateUpdated": "2025-05-04T12:44:35.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1184 (GCVE-0-2022-1184)
Vulnerability from cvelistv5
Published
2022-08-29 00:00
Modified
2024-08-02 23:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - - Use After Free
Summary
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070205"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-1184"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2022-1184"
},
{
"name": "DSA-5257",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5257"
},
{
"name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Not-known"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel\u2019s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 - Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-01T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070205"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-1184"
},
{
"url": "https://ubuntu.com/security/CVE-2022-1184"
},
{
"name": "DSA-5257",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5257"
},
{
"name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-1184",
"datePublished": "2022-08-29T00:00:00",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49472 (GCVE-0-2022-49472)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: phy: micrel: Allow probing without .driver_data
Currently, if the .probe element is present in the phy_driver structure
and the .driver_data is not, a NULL pointer dereference happens.
Allow passing .probe without .driver_data by inserting NULL checks
for priv->type.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:46.280244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:46.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/micrel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7dcb404662839a4ed1a9703658fee979eb894ca4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "91e720b32cba25fa58eaa4c88fe957009cffe9f3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1e5fbfc2a6f384e3195446c14bbd3bc298eb88c2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "abb5594ae2ba7b82cce85917cc6337ec5d774837",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "660dfa033ccc9afb032015b6dc76e846bba42cfb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "143878e18001c5a61fcc7ae5c5240323753bb641",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bd219273b4e004a3f853da72e111fc8f81357501",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f2ef6f7539c68c6bd6c32323d8845ee102b7c450",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/micrel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: micrel: Allow probing without .driver_data\n\nCurrently, if the .probe element is present in the phy_driver structure\nand the .driver_data is not, a NULL pointer dereference happens.\n\nAllow passing .probe without .driver_data by inserting NULL checks\nfor priv-\u003etype."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:27.688Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7dcb404662839a4ed1a9703658fee979eb894ca4"
},
{
"url": "https://git.kernel.org/stable/c/91e720b32cba25fa58eaa4c88fe957009cffe9f3"
},
{
"url": "https://git.kernel.org/stable/c/1e5fbfc2a6f384e3195446c14bbd3bc298eb88c2"
},
{
"url": "https://git.kernel.org/stable/c/abb5594ae2ba7b82cce85917cc6337ec5d774837"
},
{
"url": "https://git.kernel.org/stable/c/660dfa033ccc9afb032015b6dc76e846bba42cfb"
},
{
"url": "https://git.kernel.org/stable/c/143878e18001c5a61fcc7ae5c5240323753bb641"
},
{
"url": "https://git.kernel.org/stable/c/bd219273b4e004a3f853da72e111fc8f81357501"
},
{
"url": "https://git.kernel.org/stable/c/f2ef6f7539c68c6bd6c32323d8845ee102b7c450"
}
],
"title": "net: phy: micrel: Allow probing without .driver_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49472",
"datePublished": "2025-02-26T02:13:15.337Z",
"dateReserved": "2025-02-26T02:08:31.579Z",
"dateUpdated": "2025-10-01T19:46:46.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49617 (GCVE-0-2022-49617)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: sof_sdw: handle errors on card registration
If the card registration fails, typically because of deferred probes,
the device properties added for headset codecs are not removed, which
leads to kernel oopses in driver bind/unbind tests.
We already clean-up the device properties when the card is removed,
this code can be moved as a helper and called upon card registration
errors.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/intel/boards/sof_sdw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f2556ce6b35ae0fc72000a4daa21ded12665e2f2",
"status": "affected",
"version": "52db12d193d45728e738df6119702cba08fd46a2",
"versionType": "git"
},
{
"lessThan": "09bca0ffc95c50369f1345d80ecfaca51864126f",
"status": "affected",
"version": "52db12d193d45728e738df6119702cba08fd46a2",
"versionType": "git"
},
{
"lessThan": "fe154c4ff376bc31041c6441958a08243df09c99",
"status": "affected",
"version": "52db12d193d45728e738df6119702cba08fd46a2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/intel/boards/sof_sdw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: sof_sdw: handle errors on card registration\n\nIf the card registration fails, typically because of deferred probes,\nthe device properties added for headset codecs are not removed, which\nleads to kernel oopses in driver bind/unbind tests.\n\nWe already clean-up the device properties when the card is removed,\nthis code can be moved as a helper and called upon card registration\nerrors."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:52.791Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f2556ce6b35ae0fc72000a4daa21ded12665e2f2"
},
{
"url": "https://git.kernel.org/stable/c/09bca0ffc95c50369f1345d80ecfaca51864126f"
},
{
"url": "https://git.kernel.org/stable/c/fe154c4ff376bc31041c6441958a08243df09c99"
}
],
"title": "ASoC: Intel: sof_sdw: handle errors on card registration",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49617",
"datePublished": "2025-02-26T02:23:36.654Z",
"dateReserved": "2025-02-26T02:21:30.419Z",
"dateUpdated": "2025-05-04T08:41:52.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49275 (GCVE-0-2022-49275)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: m_can: m_can_tx_handler(): fix use after free of skb
can_put_echo_skb() will clone skb then free the skb. Move the
can_put_echo_skb() for the m_can version 3.0.x directly before the
start of the xmit in hardware, similar to the 3.1.x branch.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 80646733f11c2e9de3b6339f7e635047e6087280 Version: 80646733f11c2e9de3b6339f7e635047e6087280 Version: 80646733f11c2e9de3b6339f7e635047e6087280 Version: 80646733f11c2e9de3b6339f7e635047e6087280 Version: 80646733f11c2e9de3b6339f7e635047e6087280 Version: 80646733f11c2e9de3b6339f7e635047e6087280 Version: 80646733f11c2e9de3b6339f7e635047e6087280 Version: 80646733f11c2e9de3b6339f7e635047e6087280 Version: 80646733f11c2e9de3b6339f7e635047e6087280 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T18:03:19.289491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T18:07:17.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/can/m_can/m_can.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d93ed9aff64968f4cdad690712eb4f48ae537bde",
"status": "affected",
"version": "80646733f11c2e9de3b6339f7e635047e6087280",
"versionType": "git"
},
{
"lessThan": "d3892a747ab16b1eb6593a19d29f62c3b3f020ac",
"status": "affected",
"version": "80646733f11c2e9de3b6339f7e635047e6087280",
"versionType": "git"
},
{
"lessThan": "7728d937ec403a1ceff9483023252d2cb8777f81",
"status": "affected",
"version": "80646733f11c2e9de3b6339f7e635047e6087280",
"versionType": "git"
},
{
"lessThan": "08d90846e438ac22dc56fc49ec0b0d195831c5ed",
"status": "affected",
"version": "80646733f11c2e9de3b6339f7e635047e6087280",
"versionType": "git"
},
{
"lessThan": "869016a2938ac44f7b2fb7fc22c89edad99eb9b3",
"status": "affected",
"version": "80646733f11c2e9de3b6339f7e635047e6087280",
"versionType": "git"
},
{
"lessThan": "f43e64076ff1b1dcb893fb77ad1204105f710a29",
"status": "affected",
"version": "80646733f11c2e9de3b6339f7e635047e6087280",
"versionType": "git"
},
{
"lessThan": "4db7d6f481990dd179a9ee7126dc7aa31ea4fff3",
"status": "affected",
"version": "80646733f11c2e9de3b6339f7e635047e6087280",
"versionType": "git"
},
{
"lessThan": "31417073493f302d26ab66b3abc098d43227b835",
"status": "affected",
"version": "80646733f11c2e9de3b6339f7e635047e6087280",
"versionType": "git"
},
{
"lessThan": "2e8e79c416aae1de224c0f1860f2e3350fa171f8",
"status": "affected",
"version": "80646733f11c2e9de3b6339f7e635047e6087280",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/can/m_can/m_can.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.289",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.324",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.289",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.253",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: m_can: m_can_tx_handler(): fix use after free of skb\n\ncan_put_echo_skb() will clone skb then free the skb. Move the\ncan_put_echo_skb() for the m_can version 3.0.x directly before the\nstart of the xmit in hardware, similar to the 3.1.x branch."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:58.443Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d93ed9aff64968f4cdad690712eb4f48ae537bde"
},
{
"url": "https://git.kernel.org/stable/c/d3892a747ab16b1eb6593a19d29f62c3b3f020ac"
},
{
"url": "https://git.kernel.org/stable/c/7728d937ec403a1ceff9483023252d2cb8777f81"
},
{
"url": "https://git.kernel.org/stable/c/08d90846e438ac22dc56fc49ec0b0d195831c5ed"
},
{
"url": "https://git.kernel.org/stable/c/869016a2938ac44f7b2fb7fc22c89edad99eb9b3"
},
{
"url": "https://git.kernel.org/stable/c/f43e64076ff1b1dcb893fb77ad1204105f710a29"
},
{
"url": "https://git.kernel.org/stable/c/4db7d6f481990dd179a9ee7126dc7aa31ea4fff3"
},
{
"url": "https://git.kernel.org/stable/c/31417073493f302d26ab66b3abc098d43227b835"
},
{
"url": "https://git.kernel.org/stable/c/2e8e79c416aae1de224c0f1860f2e3350fa171f8"
}
],
"title": "can: m_can: m_can_tx_handler(): fix use after free of skb",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49275",
"datePublished": "2025-02-26T01:56:20.066Z",
"dateReserved": "2025-02-26T01:49:39.298Z",
"dateUpdated": "2025-05-04T08:33:58.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49430 (GCVE-0-2022-49430)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Input: gpio-keys - cancel delayed work only in case of GPIO
gpio_keys module can either accept gpios or interrupts. The module
initializes delayed work in case of gpios only and is only used if
debounce timer is not used, so make sure cancel_delayed_work_sync()
is called only when its gpio-backed and debounce_use_hrtimer is false.
This fixes the issue seen below when the gpio_keys module is unloaded and
an interrupt pin is used instead of GPIO:
[ 360.297569] ------------[ cut here ]------------
[ 360.302303] WARNING: CPU: 0 PID: 237 at kernel/workqueue.c:3066 __flush_work+0x414/0x470
[ 360.310531] Modules linked in: gpio_keys(-)
[ 360.314797] CPU: 0 PID: 237 Comm: rmmod Not tainted 5.18.0-rc5-arm64-renesas-00116-g73636105874d-dirty #166
[ 360.324662] Hardware name: Renesas SMARC EVK based on r9a07g054l2 (DT)
[ 360.331270] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 360.338318] pc : __flush_work+0x414/0x470
[ 360.342385] lr : __cancel_work_timer+0x140/0x1b0
[ 360.347065] sp : ffff80000a7fba00
[ 360.350423] x29: ffff80000a7fba00 x28: ffff000012b9c5c0 x27: 0000000000000000
[ 360.357664] x26: ffff80000a7fbb80 x25: ffff80000954d0a8 x24: 0000000000000001
[ 360.364904] x23: ffff800009757000 x22: 0000000000000000 x21: ffff80000919b000
[ 360.372143] x20: ffff00000f5974e0 x19: ffff00000f5974e0 x18: ffff8000097fcf48
[ 360.379382] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000053f40
[ 360.386622] x14: ffff800009850e88 x13: 0000000000000002 x12: 000000000000a60c
[ 360.393861] x11: 000000000000a610 x10: 0000000000000000 x9 : 0000000000000008
[ 360.401100] x8 : 0101010101010101 x7 : 00000000a473c394 x6 : 0080808080808080
[ 360.408339] x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff80000919b458
[ 360.415578] x2 : ffff8000097577f0 x1 : 0000000000000001 x0 : 0000000000000000
[ 360.422818] Call trace:
[ 360.425299] __flush_work+0x414/0x470
[ 360.429012] __cancel_work_timer+0x140/0x1b0
[ 360.433340] cancel_delayed_work_sync+0x10/0x18
[ 360.437931] gpio_keys_quiesce_key+0x28/0x58 [gpio_keys]
[ 360.443327] devm_action_release+0x10/0x18
[ 360.447481] release_nodes+0x8c/0x1a0
[ 360.451194] devres_release_all+0x90/0x100
[ 360.455346] device_unbind_cleanup+0x14/0x60
[ 360.459677] device_release_driver_internal+0xe8/0x168
[ 360.464883] driver_detach+0x4c/0x90
[ 360.468509] bus_remove_driver+0x54/0xb0
[ 360.472485] driver_unregister+0x2c/0x58
[ 360.476462] platform_driver_unregister+0x10/0x18
[ 360.481230] gpio_keys_exit+0x14/0x828 [gpio_keys]
[ 360.486088] __arm64_sys_delete_module+0x1e0/0x270
[ 360.490945] invoke_syscall+0x40/0xf8
[ 360.494661] el0_svc_common.constprop.3+0xf0/0x110
[ 360.499515] do_el0_svc+0x20/0x78
[ 360.502877] el0_svc+0x48/0xf8
[ 360.505977] el0t_64_sync_handler+0x88/0xb0
[ 360.510216] el0t_64_sync+0x148/0x14c
[ 360.513930] irq event stamp: 4306
[ 360.517288] hardirqs last enabled at (4305): [<ffff8000080b0300>] __cancel_work_timer+0x130/0x1b0
[ 360.526359] hardirqs last disabled at (4306): [<ffff800008d194fc>] el1_dbg+0x24/0x88
[ 360.534204] softirqs last enabled at (4278): [<ffff8000080104a0>] _stext+0x4a0/0x5e0
[ 360.542133] softirqs last disabled at (4267): [<ffff8000080932ac>] irq_exit_rcu+0x18c/0x1b0
[ 360.550591] ---[ end trace 0000000000000000 ]---
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/input/keyboard/gpio_keys.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "96c460687813915dedca9dd7d04ae0e90607fd79",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4160e09619086fc155b51ccdb3462a3f233a5f4b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8b1ae300c2953257c146b5f0757537935c0b6027",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cee409bbba0d1bd3fb73064fb480ff365f453b5d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/input/keyboard/gpio_keys.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: gpio-keys - cancel delayed work only in case of GPIO\n\ngpio_keys module can either accept gpios or interrupts. The module\ninitializes delayed work in case of gpios only and is only used if\ndebounce timer is not used, so make sure cancel_delayed_work_sync()\nis called only when its gpio-backed and debounce_use_hrtimer is false.\n\nThis fixes the issue seen below when the gpio_keys module is unloaded and\nan interrupt pin is used instead of GPIO:\n\n[ 360.297569] ------------[ cut here ]------------\n[ 360.302303] WARNING: CPU: 0 PID: 237 at kernel/workqueue.c:3066 __flush_work+0x414/0x470\n[ 360.310531] Modules linked in: gpio_keys(-)\n[ 360.314797] CPU: 0 PID: 237 Comm: rmmod Not tainted 5.18.0-rc5-arm64-renesas-00116-g73636105874d-dirty #166\n[ 360.324662] Hardware name: Renesas SMARC EVK based on r9a07g054l2 (DT)\n[ 360.331270] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 360.338318] pc : __flush_work+0x414/0x470\n[ 360.342385] lr : __cancel_work_timer+0x140/0x1b0\n[ 360.347065] sp : ffff80000a7fba00\n[ 360.350423] x29: ffff80000a7fba00 x28: ffff000012b9c5c0 x27: 0000000000000000\n[ 360.357664] x26: ffff80000a7fbb80 x25: ffff80000954d0a8 x24: 0000000000000001\n[ 360.364904] x23: ffff800009757000 x22: 0000000000000000 x21: ffff80000919b000\n[ 360.372143] x20: ffff00000f5974e0 x19: ffff00000f5974e0 x18: ffff8000097fcf48\n[ 360.379382] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000053f40\n[ 360.386622] x14: ffff800009850e88 x13: 0000000000000002 x12: 000000000000a60c\n[ 360.393861] x11: 000000000000a610 x10: 0000000000000000 x9 : 0000000000000008\n[ 360.401100] x8 : 0101010101010101 x7 : 00000000a473c394 x6 : 0080808080808080\n[ 360.408339] x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff80000919b458\n[ 360.415578] x2 : ffff8000097577f0 x1 : 0000000000000001 x0 : 0000000000000000\n[ 360.422818] Call trace:\n[ 360.425299] __flush_work+0x414/0x470\n[ 360.429012] __cancel_work_timer+0x140/0x1b0\n[ 360.433340] cancel_delayed_work_sync+0x10/0x18\n[ 360.437931] gpio_keys_quiesce_key+0x28/0x58 [gpio_keys]\n[ 360.443327] devm_action_release+0x10/0x18\n[ 360.447481] release_nodes+0x8c/0x1a0\n[ 360.451194] devres_release_all+0x90/0x100\n[ 360.455346] device_unbind_cleanup+0x14/0x60\n[ 360.459677] device_release_driver_internal+0xe8/0x168\n[ 360.464883] driver_detach+0x4c/0x90\n[ 360.468509] bus_remove_driver+0x54/0xb0\n[ 360.472485] driver_unregister+0x2c/0x58\n[ 360.476462] platform_driver_unregister+0x10/0x18\n[ 360.481230] gpio_keys_exit+0x14/0x828 [gpio_keys]\n[ 360.486088] __arm64_sys_delete_module+0x1e0/0x270\n[ 360.490945] invoke_syscall+0x40/0xf8\n[ 360.494661] el0_svc_common.constprop.3+0xf0/0x110\n[ 360.499515] do_el0_svc+0x20/0x78\n[ 360.502877] el0_svc+0x48/0xf8\n[ 360.505977] el0t_64_sync_handler+0x88/0xb0\n[ 360.510216] el0t_64_sync+0x148/0x14c\n[ 360.513930] irq event stamp: 4306\n[ 360.517288] hardirqs last enabled at (4305): [\u003cffff8000080b0300\u003e] __cancel_work_timer+0x130/0x1b0\n[ 360.526359] hardirqs last disabled at (4306): [\u003cffff800008d194fc\u003e] el1_dbg+0x24/0x88\n[ 360.534204] softirqs last enabled at (4278): [\u003cffff8000080104a0\u003e] _stext+0x4a0/0x5e0\n[ 360.542133] softirqs last disabled at (4267): [\u003cffff8000080932ac\u003e] irq_exit_rcu+0x18c/0x1b0\n[ 360.550591] ---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:30.249Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/96c460687813915dedca9dd7d04ae0e90607fd79"
},
{
"url": "https://git.kernel.org/stable/c/4160e09619086fc155b51ccdb3462a3f233a5f4b"
},
{
"url": "https://git.kernel.org/stable/c/8b1ae300c2953257c146b5f0757537935c0b6027"
},
{
"url": "https://git.kernel.org/stable/c/cee409bbba0d1bd3fb73064fb480ff365f453b5d"
}
],
"title": "Input: gpio-keys - cancel delayed work only in case of GPIO",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49430",
"datePublished": "2025-02-26T02:12:49.114Z",
"dateReserved": "2025-02-26T02:08:31.569Z",
"dateUpdated": "2025-05-04T08:37:30.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47641 (GCVE-0-2021-47641)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
video: fbdev: cirrusfb: check pixclock to avoid divide by zero
Do a sanity check on pixclock value to avoid divide by zero.
If the pixclock value is zero, the cirrusfb driver will round up
pixclock to get the derived frequency as close to maxclock as
possible.
Syzkaller reported a divide error in cirrusfb_check_pixclock.
divide error: 0000 [#1] SMP KASAN PTI
CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2
RIP: 0010:cirrusfb_check_var+0x6f1/0x1260
Call Trace:
fb_set_var+0x398/0xf90
do_fb_ioctl+0x4b8/0x6f0
fb_ioctl+0xeb/0x130
__x64_sys_ioctl+0x19d/0x220
do_syscall_64+0x3a/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:40.514584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:08.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/cirrusfb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c656d04247a2654ede5cead2ecbf83431dad5261",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1d3fb46439ad4e8f0c5739eb33d1875ac9e0f135",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "40b13e3d85744210db13457785646634e2d056bd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "53a2088a396cfa1da92690a1da289634cd73bf0d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8c7e2141fb89c620ab4e41512e262fbf25b8260d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6fe23ff94e7840097202e85c148688940b37c9b1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "45800c42ef000f417270bcfc08630e42486fca99",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e498b504f8c81b07efab9febf8503448de4dc9cf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5c6f402bdcf9e7239c6bc7087eda71ac99b31379",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/cirrusfb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: cirrusfb: check pixclock to avoid divide by zero\n\nDo a sanity check on pixclock value to avoid divide by zero.\n\nIf the pixclock value is zero, the cirrusfb driver will round up\npixclock to get the derived frequency as close to maxclock as\npossible.\n\nSyzkaller reported a divide error in cirrusfb_check_pixclock.\n\ndivide error: 0000 [#1] SMP KASAN PTI\nCPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2\nRIP: 0010:cirrusfb_check_var+0x6f1/0x1260\n\nCall Trace:\n fb_set_var+0x398/0xf90\n do_fb_ioctl+0x4b8/0x6f0\n fb_ioctl+0xeb/0x130\n __x64_sys_ioctl+0x19d/0x220\n do_syscall_64+0x3a/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:20.810Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c656d04247a2654ede5cead2ecbf83431dad5261"
},
{
"url": "https://git.kernel.org/stable/c/1d3fb46439ad4e8f0c5739eb33d1875ac9e0f135"
},
{
"url": "https://git.kernel.org/stable/c/40b13e3d85744210db13457785646634e2d056bd"
},
{
"url": "https://git.kernel.org/stable/c/53a2088a396cfa1da92690a1da289634cd73bf0d"
},
{
"url": "https://git.kernel.org/stable/c/8c7e2141fb89c620ab4e41512e262fbf25b8260d"
},
{
"url": "https://git.kernel.org/stable/c/6fe23ff94e7840097202e85c148688940b37c9b1"
},
{
"url": "https://git.kernel.org/stable/c/45800c42ef000f417270bcfc08630e42486fca99"
},
{
"url": "https://git.kernel.org/stable/c/e498b504f8c81b07efab9febf8503448de4dc9cf"
},
{
"url": "https://git.kernel.org/stable/c/5c6f402bdcf9e7239c6bc7087eda71ac99b31379"
}
],
"title": "video: fbdev: cirrusfb: check pixclock to avoid divide by zero",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47641",
"datePublished": "2025-02-26T01:54:12.680Z",
"dateReserved": "2025-02-26T01:48:21.519Z",
"dateUpdated": "2025-10-01T19:57:08.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49078 (GCVE-0-2022-49078)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-09-03 12:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
lz4: fix LZ4_decompress_safe_partial read out of bound
When partialDecoding, it is EOF if we've either filled the output buffer
or can't proceed with reading an offset for following match.
In some extreme corner cases when compressed data is suitably corrupted,
UAF will occur. As reported by KASAN [1], LZ4_decompress_safe_partial
may lead to read out of bound problem during decoding. lz4 upstream has
fixed it [2] and this issue has been disscussed here [3] before.
current decompression routine was ported from lz4 v1.8.3, bumping
lib/lz4 to v1.9.+ is certainly a huge work to be done later, so, we'd
better fix it first.
[1] https://lore.kernel.org/all/000000000000830d1205cf7f0477@google.com/
[2] https://github.com/lz4/lz4/commit/c5d6f8a8be3927c0bec91bcc58667a6cfad244ad#
[3] https://lore.kernel.org/all/CC666AE8-4CA4-4951-B6FB-A2EFDE3AC03B@fb.com/
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2209fda323e2fd2a2d0885595fd5097717f8d2aa Version: 2209fda323e2fd2a2d0885595fd5097717f8d2aa Version: 2209fda323e2fd2a2d0885595fd5097717f8d2aa Version: 2209fda323e2fd2a2d0885595fd5097717f8d2aa Version: 2209fda323e2fd2a2d0885595fd5097717f8d2aa Version: 2209fda323e2fd2a2d0885595fd5097717f8d2aa |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:59:16.973304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:29.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/lz4/lz4_decompress.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "73953dfa9d50e5c9fe98ee13fd1d3427aa12a0a3",
"status": "affected",
"version": "2209fda323e2fd2a2d0885595fd5097717f8d2aa",
"versionType": "git"
},
{
"lessThan": "6adc01a7aa37445dafe8846faa0610a86029b253",
"status": "affected",
"version": "2209fda323e2fd2a2d0885595fd5097717f8d2aa",
"versionType": "git"
},
{
"lessThan": "9fb8bc6cfc58773ce95414e11c9ccc8fc6ac4927",
"status": "affected",
"version": "2209fda323e2fd2a2d0885595fd5097717f8d2aa",
"versionType": "git"
},
{
"lessThan": "e64dbe97c05c769525cbca099ddbd22485630235",
"status": "affected",
"version": "2209fda323e2fd2a2d0885595fd5097717f8d2aa",
"versionType": "git"
},
{
"lessThan": "467d5e200ab4486b744fe1776154a43d1aa22d4b",
"status": "affected",
"version": "2209fda323e2fd2a2d0885595fd5097717f8d2aa",
"versionType": "git"
},
{
"lessThan": "eafc0a02391b7b36617b36c97c4b5d6832cf5e24",
"status": "affected",
"version": "2209fda323e2fd2a2d0885595fd5097717f8d2aa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/lz4/lz4_decompress.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlz4: fix LZ4_decompress_safe_partial read out of bound\n\nWhen partialDecoding, it is EOF if we\u0027ve either filled the output buffer\nor can\u0027t proceed with reading an offset for following match.\n\nIn some extreme corner cases when compressed data is suitably corrupted,\nUAF will occur. As reported by KASAN [1], LZ4_decompress_safe_partial\nmay lead to read out of bound problem during decoding. lz4 upstream has\nfixed it [2] and this issue has been disscussed here [3] before.\n\ncurrent decompression routine was ported from lz4 v1.8.3, bumping\nlib/lz4 to v1.9.+ is certainly a huge work to be done later, so, we\u0027d\nbetter fix it first.\n\n[1] https://lore.kernel.org/all/000000000000830d1205cf7f0477@google.com/\n[2] https://github.com/lz4/lz4/commit/c5d6f8a8be3927c0bec91bcc58667a6cfad244ad#\n[3] https://lore.kernel.org/all/CC666AE8-4CA4-4951-B6FB-A2EFDE3AC03B@fb.com/"
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T12:58:36.144Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/73953dfa9d50e5c9fe98ee13fd1d3427aa12a0a3"
},
{
"url": "https://git.kernel.org/stable/c/6adc01a7aa37445dafe8846faa0610a86029b253"
},
{
"url": "https://git.kernel.org/stable/c/9fb8bc6cfc58773ce95414e11c9ccc8fc6ac4927"
},
{
"url": "https://git.kernel.org/stable/c/e64dbe97c05c769525cbca099ddbd22485630235"
},
{
"url": "https://git.kernel.org/stable/c/467d5e200ab4486b744fe1776154a43d1aa22d4b"
},
{
"url": "https://git.kernel.org/stable/c/eafc0a02391b7b36617b36c97c4b5d6832cf5e24"
}
],
"title": "lz4: fix LZ4_decompress_safe_partial read out of bound",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49078",
"datePublished": "2025-02-26T01:54:40.207Z",
"dateReserved": "2025-02-26T01:49:39.247Z",
"dateUpdated": "2025-09-03T12:58:36.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49280 (GCVE-0-2022-49280)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFSD: prevent underflow in nfssvc_decode_writeargs()
Smatch complains:
fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs()
warn: no lower bound on 'args->len'
Change the type to unsigned to prevent this issue.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:45:22.983376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:00.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfsproc.c",
"fs/nfsd/xdr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1a33e0de60feda402d05ac8a6cf409c19ea3e0b3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "438068f4912183a59fcb6b7496a06437f7fd4e2b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9f0f048c1bfa7867d565a95fd8c28f4484ba1043",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "85259340fc9bd54e3d567b41b881ecb4d0055da1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "65e21cc042f4c1518c8c55283f53bc725b78419d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "614a61e1592051cc42d3c38f899c9f7bdaad8a1d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2764af8ce0bf03cc43ee4a11897cab96bde6caae",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "413d8fefafe531a9442bb623e3fe292a38f88d65",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "184416d4b98509fb4c3d8fc3d6dc1437896cc159",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfsproc.c",
"fs/nfsd/xdr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: prevent underflow in nfssvc_decode_writeargs()\n\nSmatch complains:\n\n\tfs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs()\n\twarn: no lower bound on \u0027args-\u003elen\u0027\n\nChange the type to unsigned to prevent this issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:04.529Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a33e0de60feda402d05ac8a6cf409c19ea3e0b3"
},
{
"url": "https://git.kernel.org/stable/c/438068f4912183a59fcb6b7496a06437f7fd4e2b"
},
{
"url": "https://git.kernel.org/stable/c/9f0f048c1bfa7867d565a95fd8c28f4484ba1043"
},
{
"url": "https://git.kernel.org/stable/c/85259340fc9bd54e3d567b41b881ecb4d0055da1"
},
{
"url": "https://git.kernel.org/stable/c/65e21cc042f4c1518c8c55283f53bc725b78419d"
},
{
"url": "https://git.kernel.org/stable/c/614a61e1592051cc42d3c38f899c9f7bdaad8a1d"
},
{
"url": "https://git.kernel.org/stable/c/2764af8ce0bf03cc43ee4a11897cab96bde6caae"
},
{
"url": "https://git.kernel.org/stable/c/413d8fefafe531a9442bb623e3fe292a38f88d65"
},
{
"url": "https://git.kernel.org/stable/c/184416d4b98509fb4c3d8fc3d6dc1437896cc159"
}
],
"title": "NFSD: prevent underflow in nfssvc_decode_writeargs()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49280",
"datePublished": "2025-02-26T01:56:22.662Z",
"dateReserved": "2025-02-26T01:49:39.298Z",
"dateUpdated": "2025-10-01T19:47:00.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49099 (GCVE-0-2022-49099)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register()
Initialize the device's dma_{mask,parms} pointers and the device's
dma_mask value before invoking device_register(). Address the
following trace with 5.17-rc7:
[ 49.646839] WARNING: CPU: 0 PID: 189 at include/linux/dma-mapping.h:543
netvsc_probe+0x37a/0x3a0 [hv_netvsc]
[ 49.646928] Call Trace:
[ 49.646930] <TASK>
[ 49.646935] vmbus_probe+0x40/0x60 [hv_vmbus]
[ 49.646942] really_probe+0x1ce/0x3b0
[ 49.646948] __driver_probe_device+0x109/0x180
[ 49.646952] driver_probe_device+0x23/0xa0
[ 49.646955] __device_attach_driver+0x76/0xe0
[ 49.646958] ? driver_allows_async_probing+0x50/0x50
[ 49.646961] bus_for_each_drv+0x84/0xd0
[ 49.646964] __device_attach+0xed/0x170
[ 49.646967] device_initial_probe+0x13/0x20
[ 49.646970] bus_probe_device+0x8f/0xa0
[ 49.646973] device_add+0x41a/0x8e0
[ 49.646975] ? hrtimer_init+0x28/0x80
[ 49.646981] device_register+0x1b/0x20
[ 49.646983] vmbus_device_register+0x5e/0xf0 [hv_vmbus]
[ 49.646991] vmbus_add_channel_work+0x12d/0x190 [hv_vmbus]
[ 49.646999] process_one_work+0x21d/0x3f0
[ 49.647002] worker_thread+0x4a/0x3b0
[ 49.647005] ? process_one_work+0x3f0/0x3f0
[ 49.647007] kthread+0xff/0x130
[ 49.647011] ? kthread_complete_and_exit+0x20/0x20
[ 49.647015] ret_from_fork+0x22/0x30
[ 49.647020] </TASK>
[ 49.647021] ---[ end trace 0000000000000000 ]---
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hv/vmbus_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2fe4b8631427618175a32f125062df91a5fe3f73",
"status": "affected",
"version": "743b237c3a7b0f5b44aa704aae8a1058877b6322",
"versionType": "git"
},
{
"lessThan": "3a5469582c241abca22500f36a9cb8e9331969cf",
"status": "affected",
"version": "743b237c3a7b0f5b44aa704aae8a1058877b6322",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hv/vmbus_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Fix initialization of device object in vmbus_device_register()\n\nInitialize the device\u0027s dma_{mask,parms} pointers and the device\u0027s\ndma_mask value before invoking device_register(). Address the\nfollowing trace with 5.17-rc7:\n\n[ 49.646839] WARNING: CPU: 0 PID: 189 at include/linux/dma-mapping.h:543\n\tnetvsc_probe+0x37a/0x3a0 [hv_netvsc]\n[ 49.646928] Call Trace:\n[ 49.646930] \u003cTASK\u003e\n[ 49.646935] vmbus_probe+0x40/0x60 [hv_vmbus]\n[ 49.646942] really_probe+0x1ce/0x3b0\n[ 49.646948] __driver_probe_device+0x109/0x180\n[ 49.646952] driver_probe_device+0x23/0xa0\n[ 49.646955] __device_attach_driver+0x76/0xe0\n[ 49.646958] ? driver_allows_async_probing+0x50/0x50\n[ 49.646961] bus_for_each_drv+0x84/0xd0\n[ 49.646964] __device_attach+0xed/0x170\n[ 49.646967] device_initial_probe+0x13/0x20\n[ 49.646970] bus_probe_device+0x8f/0xa0\n[ 49.646973] device_add+0x41a/0x8e0\n[ 49.646975] ? hrtimer_init+0x28/0x80\n[ 49.646981] device_register+0x1b/0x20\n[ 49.646983] vmbus_device_register+0x5e/0xf0 [hv_vmbus]\n[ 49.646991] vmbus_add_channel_work+0x12d/0x190 [hv_vmbus]\n[ 49.646999] process_one_work+0x21d/0x3f0\n[ 49.647002] worker_thread+0x4a/0x3b0\n[ 49.647005] ? process_one_work+0x3f0/0x3f0\n[ 49.647007] kthread+0xff/0x130\n[ 49.647011] ? kthread_complete_and_exit+0x20/0x20\n[ 49.647015] ret_from_fork+0x22/0x30\n[ 49.647020] \u003c/TASK\u003e\n[ 49.647021] ---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:51.900Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2fe4b8631427618175a32f125062df91a5fe3f73"
},
{
"url": "https://git.kernel.org/stable/c/3a5469582c241abca22500f36a9cb8e9331969cf"
}
],
"title": "Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49099",
"datePublished": "2025-02-26T01:54:50.571Z",
"dateReserved": "2025-02-26T01:49:39.250Z",
"dateUpdated": "2025-05-04T08:29:51.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49722 (GCVE-0-2022-49722)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix memory corruption in VF driver
Disable VF's RX/TX queues, when it's disabled. VF can have queues enabled,
when it requests a reset. If PF driver assumes that VF is disabled,
while VF still has queues configured, VF may unmap DMA resources.
In such scenario device still can map packets to memory, which ends up
silently corrupting it.
Previously, VF driver could experience memory corruption, which lead to
crash:
[ 5119.170157] BUG: unable to handle kernel paging request at 00001b9780003237
[ 5119.170166] PGD 0 P4D 0
[ 5119.170173] Oops: 0002 [#1] PREEMPT_RT SMP PTI
[ 5119.170181] CPU: 30 PID: 427592 Comm: kworker/u96:2 Kdump: loaded Tainted: G W I --------- - - 4.18.0-372.9.1.rt7.166.el8.x86_64 #1
[ 5119.170189] Hardware name: Dell Inc. PowerEdge R740/014X06, BIOS 2.3.10 08/15/2019
[ 5119.170193] Workqueue: iavf iavf_adminq_task [iavf]
[ 5119.170219] RIP: 0010:__page_frag_cache_drain+0x5/0x30
[ 5119.170238] Code: 0f 0f b6 77 51 85 f6 74 07 31 d2 e9 05 df ff ff e9 90 fe ff ff 48 8b 05 49 db 33 01 eb b4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 <f0> 29 77 34 74 01 c3 48 8b 07 f6 c4 80 74 0f 0f b6 77 51 85 f6 74
[ 5119.170244] RSP: 0018:ffffa43b0bdcfd78 EFLAGS: 00010282
[ 5119.170250] RAX: ffffffff896b3e40 RBX: ffff8fb282524000 RCX: 0000000000000002
[ 5119.170254] RDX: 0000000049000000 RSI: 0000000000000000 RDI: 00001b9780003203
[ 5119.170259] RBP: ffff8fb248217b00 R08: 0000000000000022 R09: 0000000000000009
[ 5119.170262] R10: 2b849d6300000000 R11: 0000000000000020 R12: 0000000000000000
[ 5119.170265] R13: 0000000000001000 R14: 0000000000000009 R15: 0000000000000000
[ 5119.170269] FS: 0000000000000000(0000) GS:ffff8fb1201c0000(0000) knlGS:0000000000000000
[ 5119.170274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5119.170279] CR2: 00001b9780003237 CR3: 00000008f3e1a003 CR4: 00000000007726e0
[ 5119.170283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 5119.170286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 5119.170290] PKRU: 55555554
[ 5119.170292] Call Trace:
[ 5119.170298] iavf_clean_rx_ring+0xad/0x110 [iavf]
[ 5119.170324] iavf_free_rx_resources+0xe/0x50 [iavf]
[ 5119.170342] iavf_free_all_rx_resources.part.51+0x30/0x40 [iavf]
[ 5119.170358] iavf_virtchnl_completion+0xd8a/0x15b0 [iavf]
[ 5119.170377] ? iavf_clean_arq_element+0x210/0x280 [iavf]
[ 5119.170397] iavf_adminq_task+0x126/0x2e0 [iavf]
[ 5119.170416] process_one_work+0x18f/0x420
[ 5119.170429] worker_thread+0x30/0x370
[ 5119.170437] ? process_one_work+0x420/0x420
[ 5119.170445] kthread+0x151/0x170
[ 5119.170452] ? set_kthread_struct+0x40/0x40
[ 5119.170460] ret_from_fork+0x35/0x40
[ 5119.170477] Modules linked in: iavf sctp ip6_udp_tunnel udp_tunnel mlx4_en mlx4_core nfp tls vhost_net vhost vhost_iotlb tap tun xt_CHECKSUM ipt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink bridge stp llc rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache sunrpc intel_rapl_msr iTCO_wdt iTCO_vendor_support dell_smbios wmi_bmof dell_wmi_descriptor dcdbas kvm_intel kvm irqbypass intel_rapl_common isst_if_common skx_edac irdma nfit libnvdimm x86_pkg_temp_thermal i40e intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ib_uverbs rapl ipmi_ssif intel_cstate intel_uncore mei_me pcspkr acpi_ipmi ib_core mei lpc_ich i2c_i801 ipmi_si ipmi_devintf wmi ipmi_msghandler acpi_power_meter xfs libcrc32c sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ice ahci drm libahci crc32c_intel libata tg3 megaraid_sas
[ 5119.170613] i2c_algo_bit dm_mirror dm_region_hash dm_log dm_mod fuse [last unloaded: iavf]
[ 5119.170627] CR2: 00001b9780003237
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_vf_lib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1bb8253b1dd44cf004e12c333acc6f25ee286cf3",
"status": "affected",
"version": "ec4f5a436bdf0e5453ad15c4f34a59b9b675ff48",
"versionType": "git"
},
{
"lessThan": "efe41860008e57fb6b69855b4b93fdf34bc42798",
"status": "affected",
"version": "ec4f5a436bdf0e5453ad15c4f34a59b9b675ff48",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_vf_lib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix memory corruption in VF driver\n\nDisable VF\u0027s RX/TX queues, when it\u0027s disabled. VF can have queues enabled,\nwhen it requests a reset. If PF driver assumes that VF is disabled,\nwhile VF still has queues configured, VF may unmap DMA resources.\nIn such scenario device still can map packets to memory, which ends up\nsilently corrupting it.\nPreviously, VF driver could experience memory corruption, which lead to\ncrash:\n[ 5119.170157] BUG: unable to handle kernel paging request at 00001b9780003237\n[ 5119.170166] PGD 0 P4D 0\n[ 5119.170173] Oops: 0002 [#1] PREEMPT_RT SMP PTI\n[ 5119.170181] CPU: 30 PID: 427592 Comm: kworker/u96:2 Kdump: loaded Tainted: G W I --------- - - 4.18.0-372.9.1.rt7.166.el8.x86_64 #1\n[ 5119.170189] Hardware name: Dell Inc. PowerEdge R740/014X06, BIOS 2.3.10 08/15/2019\n[ 5119.170193] Workqueue: iavf iavf_adminq_task [iavf]\n[ 5119.170219] RIP: 0010:__page_frag_cache_drain+0x5/0x30\n[ 5119.170238] Code: 0f 0f b6 77 51 85 f6 74 07 31 d2 e9 05 df ff ff e9 90 fe ff ff 48 8b 05 49 db 33 01 eb b4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 \u003cf0\u003e 29 77 34 74 01 c3 48 8b 07 f6 c4 80 74 0f 0f b6 77 51 85 f6 74\n[ 5119.170244] RSP: 0018:ffffa43b0bdcfd78 EFLAGS: 00010282\n[ 5119.170250] RAX: ffffffff896b3e40 RBX: ffff8fb282524000 RCX: 0000000000000002\n[ 5119.170254] RDX: 0000000049000000 RSI: 0000000000000000 RDI: 00001b9780003203\n[ 5119.170259] RBP: ffff8fb248217b00 R08: 0000000000000022 R09: 0000000000000009\n[ 5119.170262] R10: 2b849d6300000000 R11: 0000000000000020 R12: 0000000000000000\n[ 5119.170265] R13: 0000000000001000 R14: 0000000000000009 R15: 0000000000000000\n[ 5119.170269] FS: 0000000000000000(0000) GS:ffff8fb1201c0000(0000) knlGS:0000000000000000\n[ 5119.170274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 5119.170279] CR2: 00001b9780003237 CR3: 00000008f3e1a003 CR4: 00000000007726e0\n[ 5119.170283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 5119.170286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 5119.170290] PKRU: 55555554\n[ 5119.170292] Call Trace:\n[ 5119.170298] iavf_clean_rx_ring+0xad/0x110 [iavf]\n[ 5119.170324] iavf_free_rx_resources+0xe/0x50 [iavf]\n[ 5119.170342] iavf_free_all_rx_resources.part.51+0x30/0x40 [iavf]\n[ 5119.170358] iavf_virtchnl_completion+0xd8a/0x15b0 [iavf]\n[ 5119.170377] ? iavf_clean_arq_element+0x210/0x280 [iavf]\n[ 5119.170397] iavf_adminq_task+0x126/0x2e0 [iavf]\n[ 5119.170416] process_one_work+0x18f/0x420\n[ 5119.170429] worker_thread+0x30/0x370\n[ 5119.170437] ? process_one_work+0x420/0x420\n[ 5119.170445] kthread+0x151/0x170\n[ 5119.170452] ? set_kthread_struct+0x40/0x40\n[ 5119.170460] ret_from_fork+0x35/0x40\n[ 5119.170477] Modules linked in: iavf sctp ip6_udp_tunnel udp_tunnel mlx4_en mlx4_core nfp tls vhost_net vhost vhost_iotlb tap tun xt_CHECKSUM ipt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink bridge stp llc rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache sunrpc intel_rapl_msr iTCO_wdt iTCO_vendor_support dell_smbios wmi_bmof dell_wmi_descriptor dcdbas kvm_intel kvm irqbypass intel_rapl_common isst_if_common skx_edac irdma nfit libnvdimm x86_pkg_temp_thermal i40e intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ib_uverbs rapl ipmi_ssif intel_cstate intel_uncore mei_me pcspkr acpi_ipmi ib_core mei lpc_ich i2c_i801 ipmi_si ipmi_devintf wmi ipmi_msghandler acpi_power_meter xfs libcrc32c sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ice ahci drm libahci crc32c_intel libata tg3 megaraid_sas\n[ 5119.170613] i2c_algo_bit dm_mirror dm_region_hash dm_log dm_mod fuse [last unloaded: iavf]\n[ 5119.170627] CR2: 00001b9780003237"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:44:05.634Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1bb8253b1dd44cf004e12c333acc6f25ee286cf3"
},
{
"url": "https://git.kernel.org/stable/c/efe41860008e57fb6b69855b4b93fdf34bc42798"
}
],
"title": "ice: Fix memory corruption in VF driver",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49722",
"datePublished": "2025-02-26T02:24:35.357Z",
"dateReserved": "2025-02-26T02:21:30.446Z",
"dateUpdated": "2025-05-04T08:44:05.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49492 (GCVE-0-2022-49492)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
In nvme_alloc_admin_tags, the admin_q can be set to an error (typically
-ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which
is checked immediately after the call. However, when we return the error
message up the stack, to nvme_reset_work the error takes us to
nvme_remove_dead_ctrl()
nvme_dev_disable()
nvme_suspend_queue(&dev->queues[0]).
Here, we only check that the admin_q is non-NULL, rather than not
an error or NULL, and begin quiescing a queue that never existed, leading
to bad / NULL pointer dereference.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:38:56.150719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:43.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8321b17789f614414206af07e17ce4751c95dc76",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9e649471b396fa0139d53919354ce1eace9b9a24",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8da2b7bdb47e94bbc4062a3978c708926bcb022c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f76729662650cd7bc8f8194e057af381370349a7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "af98940dd33c9f9e1beb4f71c0a39260100e2a65",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "906c81dba8ee8057523859b5e1a2479e9fd34860",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7a28556082d1fbcbc599baf1c24252dfc73efefc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "54a4c1e47d1b2585e74920399455bd9abbfb2bd7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "da42761181627e9bdc37d18368b827948a583929",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags\n\nIn nvme_alloc_admin_tags, the admin_q can be set to an error (typically\n-ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which\nis checked immediately after the call. However, when we return the error\nmessage up the stack, to nvme_reset_work the error takes us to\nnvme_remove_dead_ctrl()\n nvme_dev_disable()\n nvme_suspend_queue(\u0026dev-\u003equeues[0]).\n\nHere, we only check that the admin_q is non-NULL, rather than not\nan error or NULL, and begin quiescing a queue that never existed, leading\nto bad / NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:05.167Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8321b17789f614414206af07e17ce4751c95dc76"
},
{
"url": "https://git.kernel.org/stable/c/9e649471b396fa0139d53919354ce1eace9b9a24"
},
{
"url": "https://git.kernel.org/stable/c/8da2b7bdb47e94bbc4062a3978c708926bcb022c"
},
{
"url": "https://git.kernel.org/stable/c/f76729662650cd7bc8f8194e057af381370349a7"
},
{
"url": "https://git.kernel.org/stable/c/af98940dd33c9f9e1beb4f71c0a39260100e2a65"
},
{
"url": "https://git.kernel.org/stable/c/906c81dba8ee8057523859b5e1a2479e9fd34860"
},
{
"url": "https://git.kernel.org/stable/c/7a28556082d1fbcbc599baf1c24252dfc73efefc"
},
{
"url": "https://git.kernel.org/stable/c/54a4c1e47d1b2585e74920399455bd9abbfb2bd7"
},
{
"url": "https://git.kernel.org/stable/c/da42761181627e9bdc37d18368b827948a583929"
}
],
"title": "nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49492",
"datePublished": "2025-02-26T02:13:28.820Z",
"dateReserved": "2025-02-26T02:08:31.585Z",
"dateUpdated": "2025-10-01T19:46:43.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49605 (GCVE-0-2022-49605)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
igc: Reinstate IGC_REMOVED logic and implement it properly
The initially merged version of the igc driver code (via commit
146740f9abc4, "igc: Add support for PF") contained the following
IGC_REMOVED checks in the igc_rd32/wr32() MMIO accessors:
u32 igc_rd32(struct igc_hw *hw, u32 reg)
{
u8 __iomem *hw_addr = READ_ONCE(hw->hw_addr);
u32 value = 0;
if (IGC_REMOVED(hw_addr))
return ~value;
value = readl(&hw_addr[reg]);
/* reads should not return all F's */
if (!(~value) && (!reg || !(~readl(hw_addr))))
hw->hw_addr = NULL;
return value;
}
And:
#define wr32(reg, val) \
do { \
u8 __iomem *hw_addr = READ_ONCE((hw)->hw_addr); \
if (!IGC_REMOVED(hw_addr)) \
writel((val), &hw_addr[(reg)]); \
} while (0)
E.g. igb has similar checks in its MMIO accessors, and has a similar
macro E1000_REMOVED, which is implemented as follows:
#define E1000_REMOVED(h) unlikely(!(h))
These checks serve to detect and take note of an 0xffffffff MMIO read
return from the device, which can be caused by a PCIe link flap or some
other kind of PCI bus error, and to avoid performing MMIO reads and
writes from that point onwards.
However, the IGC_REMOVED macro was not originally implemented:
#ifndef IGC_REMOVED
#define IGC_REMOVED(a) (0)
#endif /* IGC_REMOVED */
This led to the IGC_REMOVED logic to be removed entirely in a
subsequent commit (commit 3c215fb18e70, "igc: remove IGC_REMOVED
function"), with the rationale that such checks matter only for
virtualization and that igc does not support virtualization -- but a
PCIe device can become detached even without virtualization being in
use, and without proper checks, a PCIe bus error affecting an igc
adapter will lead to various NULL pointer dereferences, as the first
access after the error will set hw->hw_addr to NULL, and subsequent
accesses will blindly dereference this now-NULL pointer.
This patch reinstates the IGC_REMOVED checks in igc_rd32/wr32(), and
implements IGC_REMOVED the way it is done for igb, by checking for the
unlikely() case of hw_addr being NULL. This change prevents the oopses
seen when a PCIe link flap occurs on an igc adapter.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igc/igc_main.c",
"drivers/net/ethernet/intel/igc/igc_regs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "16cb6717f4f42487ef10583eb8bc98e7d1e33d65",
"status": "affected",
"version": "146740f9abc4976e4f0af1aa302efee1c699d2e4",
"versionType": "git"
},
{
"lessThan": "77836dbe35382aaf8108489060c5c89530c77494",
"status": "affected",
"version": "146740f9abc4976e4f0af1aa302efee1c699d2e4",
"versionType": "git"
},
{
"lessThan": "e75b73081f1ec169518773626c2ff3950476660b",
"status": "affected",
"version": "146740f9abc4976e4f0af1aa302efee1c699d2e4",
"versionType": "git"
},
{
"lessThan": "70965b6e5c03aa70cc754af1226b9f9cde0c4bf3",
"status": "affected",
"version": "146740f9abc4976e4f0af1aa302efee1c699d2e4",
"versionType": "git"
},
{
"lessThan": "7c1ddcee5311f3315096217881d2dbe47cc683f9",
"status": "affected",
"version": "146740f9abc4976e4f0af1aa302efee1c699d2e4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igc/igc_main.c",
"drivers/net/ethernet/intel/igc/igc_regs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.208",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.208",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.134",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: Reinstate IGC_REMOVED logic and implement it properly\n\nThe initially merged version of the igc driver code (via commit\n146740f9abc4, \"igc: Add support for PF\") contained the following\nIGC_REMOVED checks in the igc_rd32/wr32() MMIO accessors:\n\n\tu32 igc_rd32(struct igc_hw *hw, u32 reg)\n\t{\n\t\tu8 __iomem *hw_addr = READ_ONCE(hw-\u003ehw_addr);\n\t\tu32 value = 0;\n\n\t\tif (IGC_REMOVED(hw_addr))\n\t\t\treturn ~value;\n\n\t\tvalue = readl(\u0026hw_addr[reg]);\n\n\t\t/* reads should not return all F\u0027s */\n\t\tif (!(~value) \u0026\u0026 (!reg || !(~readl(hw_addr))))\n\t\t\thw-\u003ehw_addr = NULL;\n\n\t\treturn value;\n\t}\n\nAnd:\n\n\t#define wr32(reg, val) \\\n\tdo { \\\n\t\tu8 __iomem *hw_addr = READ_ONCE((hw)-\u003ehw_addr); \\\n\t\tif (!IGC_REMOVED(hw_addr)) \\\n\t\t\twritel((val), \u0026hw_addr[(reg)]); \\\n\t} while (0)\n\nE.g. igb has similar checks in its MMIO accessors, and has a similar\nmacro E1000_REMOVED, which is implemented as follows:\n\n\t#define E1000_REMOVED(h) unlikely(!(h))\n\nThese checks serve to detect and take note of an 0xffffffff MMIO read\nreturn from the device, which can be caused by a PCIe link flap or some\nother kind of PCI bus error, and to avoid performing MMIO reads and\nwrites from that point onwards.\n\nHowever, the IGC_REMOVED macro was not originally implemented:\n\n\t#ifndef IGC_REMOVED\n\t#define IGC_REMOVED(a) (0)\n\t#endif /* IGC_REMOVED */\n\nThis led to the IGC_REMOVED logic to be removed entirely in a\nsubsequent commit (commit 3c215fb18e70, \"igc: remove IGC_REMOVED\nfunction\"), with the rationale that such checks matter only for\nvirtualization and that igc does not support virtualization -- but a\nPCIe device can become detached even without virtualization being in\nuse, and without proper checks, a PCIe bus error affecting an igc\nadapter will lead to various NULL pointer dereferences, as the first\naccess after the error will set hw-\u003ehw_addr to NULL, and subsequent\naccesses will blindly dereference this now-NULL pointer.\n\nThis patch reinstates the IGC_REMOVED checks in igc_rd32/wr32(), and\nimplements IGC_REMOVED the way it is done for igb, by checking for the\nunlikely() case of hw_addr being NULL. This change prevents the oopses\nseen when a PCIe link flap occurs on an igc adapter."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:38.201Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/16cb6717f4f42487ef10583eb8bc98e7d1e33d65"
},
{
"url": "https://git.kernel.org/stable/c/77836dbe35382aaf8108489060c5c89530c77494"
},
{
"url": "https://git.kernel.org/stable/c/e75b73081f1ec169518773626c2ff3950476660b"
},
{
"url": "https://git.kernel.org/stable/c/70965b6e5c03aa70cc754af1226b9f9cde0c4bf3"
},
{
"url": "https://git.kernel.org/stable/c/7c1ddcee5311f3315096217881d2dbe47cc683f9"
}
],
"title": "igc: Reinstate IGC_REMOVED logic and implement it properly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49605",
"datePublished": "2025-02-26T02:23:30.873Z",
"dateReserved": "2025-02-26T02:21:30.416Z",
"dateUpdated": "2025-05-04T08:41:38.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49721 (GCVE-0-2022-49721)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
arm64: ftrace: consistently handle PLTs.
Sometimes it is necessary to use a PLT entry to call an ftrace
trampoline. This is handled by ftrace_make_call() and ftrace_make_nop(),
with each having *almost* identical logic, but this is not handled by
ftrace_modify_call() since its introduction in commit:
3b23e4991fb66f6d ("arm64: implement ftrace with regs")
Due to this, if we ever were to call ftrace_modify_call() for a callsite
which requires a PLT entry for a trampoline, then either:
a) If the old addr requires a trampoline, ftrace_modify_call() will use
an out-of-range address to generate the 'old' branch instruction.
This will result in warnings from aarch64_insn_gen_branch_imm() and
ftrace_modify_code(), and no instructions will be modified. As
ftrace_modify_call() will return an error, this will result in
subsequent internal ftrace errors.
b) If the old addr does not require a trampoline, but the new addr does,
ftrace_modify_call() will use an out-of-range address to generate the
'new' branch instruction. This will result in warnings from
aarch64_insn_gen_branch_imm(), and ftrace_modify_code() will replace
the 'old' branch with a BRK. This will result in a kernel panic when
this BRK is later executed.
Practically speaking, case (a) is vastly more likely than case (b), and
typically this will result in internal ftrace errors that don't
necessarily affect the rest of the system. This can be demonstrated with
an out-of-tree test module which triggers ftrace_modify_call(), e.g.
| # insmod test_ftrace.ko
| test_ftrace: Function test_function raw=0xffffb3749399201c, callsite=0xffffb37493992024
| branch_imm_common: offset out of range
| branch_imm_common: offset out of range
| ------------[ ftrace bug ]------------
| ftrace failed to modify
| [<ffffb37493992024>] test_function+0x8/0x38 [test_ftrace]
| actual: 1d:00:00:94
| Updating ftrace call site to call a different ftrace function
| ftrace record flags: e0000002
| (2) R
| expected tramp: ffffb374ae42ed54
| ------------[ cut here ]------------
| WARNING: CPU: 0 PID: 165 at kernel/trace/ftrace.c:2085 ftrace_bug+0x280/0x2b0
| Modules linked in: test_ftrace(+)
| CPU: 0 PID: 165 Comm: insmod Not tainted 5.19.0-rc2-00002-g4d9ead8b45ce #13
| Hardware name: linux,dummy-virt (DT)
| pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : ftrace_bug+0x280/0x2b0
| lr : ftrace_bug+0x280/0x2b0
| sp : ffff80000839ba00
| x29: ffff80000839ba00 x28: 0000000000000000 x27: ffff80000839bcf0
| x26: ffffb37493994180 x25: ffffb374b0991c28 x24: ffffb374b0d70000
| x23: 00000000ffffffea x22: ffffb374afcc33b0 x21: ffffb374b08f9cc8
| x20: ffff572b8462c000 x19: ffffb374b08f9000 x18: ffffffffffffffff
| x17: 6c6c6163202c6331 x16: ffffb374ae5ad110 x15: ffffb374b0d51ee4
| x14: 0000000000000000 x13: 3435646532346561 x12: 3437336266666666
| x11: 203a706d61727420 x10: 6465746365707865 x9 : ffffb374ae5149e8
| x8 : 336266666666203a x7 : 706d617274206465 x6 : 00000000fffff167
| x5 : ffff572bffbc4a08 x4 : 00000000fffff167 x3 : 0000000000000000
| x2 : 0000000000000000 x1 : ffff572b84461e00 x0 : 0000000000000022
| Call trace:
| ftrace_bug+0x280/0x2b0
| ftrace_replace_code+0x98/0xa0
| ftrace_modify_all_code+0xe0/0x144
| arch_ftrace_update_code+0x14/0x20
| ftrace_startup+0xf8/0x1b0
| register_ftrace_function+0x38/0x90
| test_ftrace_init+0xd0/0x1000 [test_ftrace]
| do_one_initcall+0x50/0x2b0
| do_init_module+0x50/0x1f0
| load_module+0x17c8/0x1d64
| __do_sys_finit_module+0xa8/0x100
| __arm64_sys_finit_module+0x2c/0x3c
| invoke_syscall+0x50/0x120
| el0_svc_common.constprop.0+0xdc/0x100
| do_el0_svc+0x3c/0xd0
| el0_svc+0x34/0xb0
| el0t_64_sync_handler+0xbc/0x140
| el0t_64_sync+0x18c/0x190
| ---[ end trace 0000000000000000 ]---
We can solve this by consistently determining whether to use a PLT entry
for an address.
Note that since (the earlier) commit:
f1a54ae9
---truncated---
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/kernel/ftrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bc28fde90937a920f7714ec4408269cac744f796",
"status": "affected",
"version": "3b23e4991fb66f6d152f9055ede271a726ef9f21",
"versionType": "git"
},
{
"lessThan": "db73aa9466338ec821ed2a0b01721fe4d06876b1",
"status": "affected",
"version": "3b23e4991fb66f6d152f9055ede271a726ef9f21",
"versionType": "git"
},
{
"lessThan": "dcecc96ed16f73417de5550f384e348c9d56f279",
"status": "affected",
"version": "3b23e4991fb66f6d152f9055ede271a726ef9f21",
"versionType": "git"
},
{
"lessThan": "a6253579977e4c6f7818eeb05bf2bc65678a7187",
"status": "affected",
"version": "3b23e4991fb66f6d152f9055ede271a726ef9f21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/kernel/ftrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: ftrace: consistently handle PLTs.\n\nSometimes it is necessary to use a PLT entry to call an ftrace\ntrampoline. This is handled by ftrace_make_call() and ftrace_make_nop(),\nwith each having *almost* identical logic, but this is not handled by\nftrace_modify_call() since its introduction in commit:\n\n 3b23e4991fb66f6d (\"arm64: implement ftrace with regs\")\n\nDue to this, if we ever were to call ftrace_modify_call() for a callsite\nwhich requires a PLT entry for a trampoline, then either:\n\na) If the old addr requires a trampoline, ftrace_modify_call() will use\n an out-of-range address to generate the \u0027old\u0027 branch instruction.\n This will result in warnings from aarch64_insn_gen_branch_imm() and\n ftrace_modify_code(), and no instructions will be modified. As\n ftrace_modify_call() will return an error, this will result in\n subsequent internal ftrace errors.\n\nb) If the old addr does not require a trampoline, but the new addr does,\n ftrace_modify_call() will use an out-of-range address to generate the\n \u0027new\u0027 branch instruction. This will result in warnings from\n aarch64_insn_gen_branch_imm(), and ftrace_modify_code() will replace\n the \u0027old\u0027 branch with a BRK. This will result in a kernel panic when\n this BRK is later executed.\n\nPractically speaking, case (a) is vastly more likely than case (b), and\ntypically this will result in internal ftrace errors that don\u0027t\nnecessarily affect the rest of the system. This can be demonstrated with\nan out-of-tree test module which triggers ftrace_modify_call(), e.g.\n\n| # insmod test_ftrace.ko\n| test_ftrace: Function test_function raw=0xffffb3749399201c, callsite=0xffffb37493992024\n| branch_imm_common: offset out of range\n| branch_imm_common: offset out of range\n| ------------[ ftrace bug ]------------\n| ftrace failed to modify\n| [\u003cffffb37493992024\u003e] test_function+0x8/0x38 [test_ftrace]\n| actual: 1d:00:00:94\n| Updating ftrace call site to call a different ftrace function\n| ftrace record flags: e0000002\n| (2) R\n| expected tramp: ffffb374ae42ed54\n| ------------[ cut here ]------------\n| WARNING: CPU: 0 PID: 165 at kernel/trace/ftrace.c:2085 ftrace_bug+0x280/0x2b0\n| Modules linked in: test_ftrace(+)\n| CPU: 0 PID: 165 Comm: insmod Not tainted 5.19.0-rc2-00002-g4d9ead8b45ce #13\n| Hardware name: linux,dummy-virt (DT)\n| pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : ftrace_bug+0x280/0x2b0\n| lr : ftrace_bug+0x280/0x2b0\n| sp : ffff80000839ba00\n| x29: ffff80000839ba00 x28: 0000000000000000 x27: ffff80000839bcf0\n| x26: ffffb37493994180 x25: ffffb374b0991c28 x24: ffffb374b0d70000\n| x23: 00000000ffffffea x22: ffffb374afcc33b0 x21: ffffb374b08f9cc8\n| x20: ffff572b8462c000 x19: ffffb374b08f9000 x18: ffffffffffffffff\n| x17: 6c6c6163202c6331 x16: ffffb374ae5ad110 x15: ffffb374b0d51ee4\n| x14: 0000000000000000 x13: 3435646532346561 x12: 3437336266666666\n| x11: 203a706d61727420 x10: 6465746365707865 x9 : ffffb374ae5149e8\n| x8 : 336266666666203a x7 : 706d617274206465 x6 : 00000000fffff167\n| x5 : ffff572bffbc4a08 x4 : 00000000fffff167 x3 : 0000000000000000\n| x2 : 0000000000000000 x1 : ffff572b84461e00 x0 : 0000000000000022\n| Call trace:\n| ftrace_bug+0x280/0x2b0\n| ftrace_replace_code+0x98/0xa0\n| ftrace_modify_all_code+0xe0/0x144\n| arch_ftrace_update_code+0x14/0x20\n| ftrace_startup+0xf8/0x1b0\n| register_ftrace_function+0x38/0x90\n| test_ftrace_init+0xd0/0x1000 [test_ftrace]\n| do_one_initcall+0x50/0x2b0\n| do_init_module+0x50/0x1f0\n| load_module+0x17c8/0x1d64\n| __do_sys_finit_module+0xa8/0x100\n| __arm64_sys_finit_module+0x2c/0x3c\n| invoke_syscall+0x50/0x120\n| el0_svc_common.constprop.0+0xdc/0x100\n| do_el0_svc+0x3c/0xd0\n| el0_svc+0x34/0xb0\n| el0t_64_sync_handler+0xbc/0x140\n| el0t_64_sync+0x18c/0x190\n| ---[ end trace 0000000000000000 ]---\n\nWe can solve this by consistently determining whether to use a PLT entry\nfor an address.\n\nNote that since (the earlier) commit:\n\n f1a54ae9\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:44:04.571Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bc28fde90937a920f7714ec4408269cac744f796"
},
{
"url": "https://git.kernel.org/stable/c/db73aa9466338ec821ed2a0b01721fe4d06876b1"
},
{
"url": "https://git.kernel.org/stable/c/dcecc96ed16f73417de5550f384e348c9d56f279"
},
{
"url": "https://git.kernel.org/stable/c/a6253579977e4c6f7818eeb05bf2bc65678a7187"
}
],
"title": "arm64: ftrace: consistently handle PLTs.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49721",
"datePublished": "2025-02-26T02:24:34.685Z",
"dateReserved": "2025-02-26T02:21:30.446Z",
"dateUpdated": "2025-05-04T08:44:04.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49086 (GCVE-0-2022-49086)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix leak of nested actions
While parsing user-provided actions, openvswitch module may dynamically
allocate memory and store pointers in the internal copy of the actions.
So this memory has to be freed while destroying the actions.
Currently there are only two such actions: ct() and set(). However,
there are many actions that can hold nested lists of actions and
ovs_nla_free_flow_actions() just jumps over them leaking the memory.
For example, removal of the flow with the following actions will lead
to a leak of the memory allocated by nf_ct_tmpl_alloc():
actions:clone(ct(commit),0)
Non-freed set() action may also leak the 'dst' structure for the
tunnel info including device references.
Under certain conditions with a high rate of flow rotation that may
cause significant memory leak problem (2MB per second in reporter's
case). The problem is also hard to mitigate, because the user doesn't
have direct control over the datapath flows generated by OVS.
Fix that by iterating over all the nested actions and freeing
everything that needs to be freed recursively.
New build time assertion should protect us from this problem if new
actions will be added in the future.
Unfortunately, openvswitch module doesn't use NLA_F_NESTED, so all
attributes has to be explicitly checked. sample() and clone() actions
are mixing extra attributes into the user-provided action list. That
prevents some code generalization too.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 34ae932a40369be6bd6ea97d66b6686361b4370d Version: 34ae932a40369be6bd6ea97d66b6686361b4370d Version: 34ae932a40369be6bd6ea97d66b6686361b4370d Version: 34ae932a40369be6bd6ea97d66b6686361b4370d Version: 34ae932a40369be6bd6ea97d66b6686361b4370d Version: 34ae932a40369be6bd6ea97d66b6686361b4370d Version: 34ae932a40369be6bd6ea97d66b6686361b4370d |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/openvswitch/flow_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7438dc55c0709819b813f4778aec2c48b782990b",
"status": "affected",
"version": "34ae932a40369be6bd6ea97d66b6686361b4370d",
"versionType": "git"
},
{
"lessThan": "ef6f9ce0a79aa23b10fc5f3b3cab3814a25aac40",
"status": "affected",
"version": "34ae932a40369be6bd6ea97d66b6686361b4370d",
"versionType": "git"
},
{
"lessThan": "5ae05b5eb58773cfec307ff88aff4cfd843c4cff",
"status": "affected",
"version": "34ae932a40369be6bd6ea97d66b6686361b4370d",
"versionType": "git"
},
{
"lessThan": "837b96d8103938e35e7d92cd9db96af914ca4fff",
"status": "affected",
"version": "34ae932a40369be6bd6ea97d66b6686361b4370d",
"versionType": "git"
},
{
"lessThan": "3554c214b83ec9a839ed574263a34218f372990c",
"status": "affected",
"version": "34ae932a40369be6bd6ea97d66b6686361b4370d",
"versionType": "git"
},
{
"lessThan": "53bce9d19b0a9d245b25cd050b81652ed974a509",
"status": "affected",
"version": "34ae932a40369be6bd6ea97d66b6686361b4370d",
"versionType": "git"
},
{
"lessThan": "1f30fb9166d4f15a1aa19449b9da871fe0ed4796",
"status": "affected",
"version": "34ae932a40369be6bd6ea97d66b6686361b4370d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/openvswitch/flow_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.249",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix leak of nested actions\n\nWhile parsing user-provided actions, openvswitch module may dynamically\nallocate memory and store pointers in the internal copy of the actions.\nSo this memory has to be freed while destroying the actions.\n\nCurrently there are only two such actions: ct() and set(). However,\nthere are many actions that can hold nested lists of actions and\novs_nla_free_flow_actions() just jumps over them leaking the memory.\n\nFor example, removal of the flow with the following actions will lead\nto a leak of the memory allocated by nf_ct_tmpl_alloc():\n\n actions:clone(ct(commit),0)\n\nNon-freed set() action may also leak the \u0027dst\u0027 structure for the\ntunnel info including device references.\n\nUnder certain conditions with a high rate of flow rotation that may\ncause significant memory leak problem (2MB per second in reporter\u0027s\ncase). The problem is also hard to mitigate, because the user doesn\u0027t\nhave direct control over the datapath flows generated by OVS.\n\nFix that by iterating over all the nested actions and freeing\neverything that needs to be freed recursively.\n\nNew build time assertion should protect us from this problem if new\nactions will be added in the future.\n\nUnfortunately, openvswitch module doesn\u0027t use NLA_F_NESTED, so all\nattributes has to be explicitly checked. sample() and clone() actions\nare mixing extra attributes into the user-provided action list. That\nprevents some code generalization too."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:25.798Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7438dc55c0709819b813f4778aec2c48b782990b"
},
{
"url": "https://git.kernel.org/stable/c/ef6f9ce0a79aa23b10fc5f3b3cab3814a25aac40"
},
{
"url": "https://git.kernel.org/stable/c/5ae05b5eb58773cfec307ff88aff4cfd843c4cff"
},
{
"url": "https://git.kernel.org/stable/c/837b96d8103938e35e7d92cd9db96af914ca4fff"
},
{
"url": "https://git.kernel.org/stable/c/3554c214b83ec9a839ed574263a34218f372990c"
},
{
"url": "https://git.kernel.org/stable/c/53bce9d19b0a9d245b25cd050b81652ed974a509"
},
{
"url": "https://git.kernel.org/stable/c/1f30fb9166d4f15a1aa19449b9da871fe0ed4796"
}
],
"title": "net: openvswitch: fix leak of nested actions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49086",
"datePublished": "2025-02-26T01:54:44.072Z",
"dateReserved": "2025-02-26T01:49:39.248Z",
"dateUpdated": "2025-05-04T08:29:25.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49537 (GCVE-0-2022-49537)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-29 10:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix call trace observed during I/O with CMF enabled
The following was seen with CMF enabled:
BUG: using smp_processor_id() in preemptible
code: systemd-udevd/31711
kernel: caller is lpfc_update_cmf_cmd+0x214/0x420 [lpfc]
kernel: CPU: 12 PID: 31711 Comm: systemd-udevd
kernel: Call Trace:
kernel: <TASK>
kernel: dump_stack_lvl+0x44/0x57
kernel: check_preemption_disabled+0xbf/0xe0
kernel: lpfc_update_cmf_cmd+0x214/0x420 [lpfc]
kernel: lpfc_nvme_fcp_io_submit+0x23b4/0x4df0 [lpfc]
this_cpu_ptr() calls smp_processor_id() in a preemptible context.
Fix by using per_cpu_ptr() with raw_smp_processor_id() instead.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_scsi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ae373d66c427812754db5292eb1481b181daf9ce",
"status": "affected",
"version": "02243836ad6f384284f10302e6b820b893960d1c",
"versionType": "git"
},
{
"lessThan": "cd7f899de4b1b829125d72ee6fbfd878b637b815",
"status": "affected",
"version": "02243836ad6f384284f10302e6b820b893960d1c",
"versionType": "git"
},
{
"lessThan": "517e0835cfb2007713ff16c4fb8479f08b16aec7",
"status": "affected",
"version": "02243836ad6f384284f10302e6b820b893960d1c",
"versionType": "git"
},
{
"lessThan": "d6d45f67a11136cb88a70a29ab22ea6db8ae6bd5",
"status": "affected",
"version": "02243836ad6f384284f10302e6b820b893960d1c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_scsi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix call trace observed during I/O with CMF enabled\n\nThe following was seen with CMF enabled:\n\nBUG: using smp_processor_id() in preemptible\ncode: systemd-udevd/31711\nkernel: caller is lpfc_update_cmf_cmd+0x214/0x420 [lpfc]\nkernel: CPU: 12 PID: 31711 Comm: systemd-udevd\nkernel: Call Trace:\nkernel: \u003cTASK\u003e\nkernel: dump_stack_lvl+0x44/0x57\nkernel: check_preemption_disabled+0xbf/0xe0\nkernel: lpfc_update_cmf_cmd+0x214/0x420 [lpfc]\nkernel: lpfc_nvme_fcp_io_submit+0x23b4/0x4df0 [lpfc]\n\nthis_cpu_ptr() calls smp_processor_id() in a preemptible context.\n\nFix by using per_cpu_ptr() with raw_smp_processor_id() instead."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T10:50:03.168Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ae373d66c427812754db5292eb1481b181daf9ce"
},
{
"url": "https://git.kernel.org/stable/c/cd7f899de4b1b829125d72ee6fbfd878b637b815"
},
{
"url": "https://git.kernel.org/stable/c/517e0835cfb2007713ff16c4fb8479f08b16aec7"
},
{
"url": "https://git.kernel.org/stable/c/d6d45f67a11136cb88a70a29ab22ea6db8ae6bd5"
}
],
"title": "scsi: lpfc: Fix call trace observed during I/O with CMF enabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49537",
"datePublished": "2025-02-26T02:13:54.542Z",
"dateReserved": "2025-02-26T02:08:31.589Z",
"dateUpdated": "2025-10-29T10:50:03.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49507 (GCVE-0-2022-49507)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
regulator: da9121: Fix uninit-value in da9121_assign_chip_model()
KASAN report slab-out-of-bounds in __regmap_init as follows:
BUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841
Read of size 1 at addr ffff88803678cdf1 by task xrun/9137
CPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x15a lib/dump_stack.c:88
print_report.cold+0xcd/0x69b mm/kasan/report.c:313
kasan_report+0x8e/0xc0 mm/kasan/report.c:491
__regmap_init+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841
__devm_regmap_init+0x7a/0x100 drivers/base/regmap/regmap.c:1266
__devm_regmap_init_i2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394
da9121_i2c_probe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039
i2c_device_probe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563
This happend when da9121 device is probe by da9121_i2c_id, but with
invalid dts. Thus, chip->subvariant_id is set to -EINVAL, and later
da9121_assign_chip_model() will access 'regmap' without init it.
Fix it by return -EINVAL from da9121_assign_chip_model() if
'chip->subvariant_id' is invalid.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:38:28.959306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:42.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/regulator/da9121-regulator.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "be96baa0c79588084e0d7a4fa21c574cec9a57f4",
"status": "affected",
"version": "f3fbd5566f6a8cdb7c48ab29bd1096205b7fbcaf",
"versionType": "git"
},
{
"lessThan": "7da64c7c82c9b29b628a62c88a8c2fb06990563d",
"status": "affected",
"version": "f3fbd5566f6a8cdb7c48ab29bd1096205b7fbcaf",
"versionType": "git"
},
{
"lessThan": "60f21eda69f1b5727a97d2077da766eb27fcc21f",
"status": "affected",
"version": "f3fbd5566f6a8cdb7c48ab29bd1096205b7fbcaf",
"versionType": "git"
},
{
"lessThan": "bab76514aca36bc513224525d5598da676938218",
"status": "affected",
"version": "f3fbd5566f6a8cdb7c48ab29bd1096205b7fbcaf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/regulator/da9121-regulator.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: da9121: Fix uninit-value in da9121_assign_chip_model()\n\nKASAN report slab-out-of-bounds in __regmap_init as follows:\n\nBUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841\nRead of size 1 at addr ffff88803678cdf1 by task xrun/9137\n\nCPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xe8/0x15a lib/dump_stack.c:88\n print_report.cold+0xcd/0x69b mm/kasan/report.c:313\n kasan_report+0x8e/0xc0 mm/kasan/report.c:491\n __regmap_init+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841\n __devm_regmap_init+0x7a/0x100 drivers/base/regmap/regmap.c:1266\n __devm_regmap_init_i2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394\n da9121_i2c_probe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039\n i2c_device_probe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563\n\nThis happend when da9121 device is probe by da9121_i2c_id, but with\ninvalid dts. Thus, chip-\u003esubvariant_id is set to -EINVAL, and later\nda9121_assign_chip_model() will access \u0027regmap\u0027 without init it.\n\nFix it by return -EINVAL from da9121_assign_chip_model() if\n\u0027chip-\u003esubvariant_id\u0027 is invalid."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:25.569Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/be96baa0c79588084e0d7a4fa21c574cec9a57f4"
},
{
"url": "https://git.kernel.org/stable/c/7da64c7c82c9b29b628a62c88a8c2fb06990563d"
},
{
"url": "https://git.kernel.org/stable/c/60f21eda69f1b5727a97d2077da766eb27fcc21f"
},
{
"url": "https://git.kernel.org/stable/c/bab76514aca36bc513224525d5598da676938218"
}
],
"title": "regulator: da9121: Fix uninit-value in da9121_assign_chip_model()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49507",
"datePublished": "2025-02-26T02:13:38.821Z",
"dateReserved": "2025-02-26T02:08:31.587Z",
"dateUpdated": "2025-10-01T19:46:42.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49443 (GCVE-0-2022-49443)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
list: fix a data-race around ep->rdllist
ep_poll() first calls ep_events_available() with no lock held and checks
if ep->rdllist is empty by list_empty_careful(), which reads
rdllist->prev. Thus all accesses to it need some protection to avoid
store/load-tearing.
Note INIT_LIST_HEAD_RCU() already has the annotation for both prev
and next.
Commit bf3b9f6372c4 ("epoll: Add busy poll support to epoll with socket
fds.") added the first lockless ep_events_available(), and commit
c5a282e9635e ("fs/epoll: reduce the scope of wq lock in epoll_wait()")
made some ep_events_available() calls lockless and added single call under
a lock, finally commit e59d3c64cba6 ("epoll: eliminate unnecessary lock
for zero timeout") made the last ep_events_available() lockless.
BUG: KCSAN: data-race in do_epoll_wait / do_epoll_wait
write to 0xffff88810480c7d8 of 8 bytes by task 1802 on cpu 0:
INIT_LIST_HEAD include/linux/list.h:38 [inline]
list_splice_init include/linux/list.h:492 [inline]
ep_start_scan fs/eventpoll.c:622 [inline]
ep_send_events fs/eventpoll.c:1656 [inline]
ep_poll fs/eventpoll.c:1806 [inline]
do_epoll_wait+0x4eb/0xf40 fs/eventpoll.c:2234
do_epoll_pwait fs/eventpoll.c:2268 [inline]
__do_sys_epoll_pwait fs/eventpoll.c:2281 [inline]
__se_sys_epoll_pwait+0x12b/0x240 fs/eventpoll.c:2275
__x64_sys_epoll_pwait+0x74/0x80 fs/eventpoll.c:2275
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
read to 0xffff88810480c7d8 of 8 bytes by task 1799 on cpu 1:
list_empty_careful include/linux/list.h:329 [inline]
ep_events_available fs/eventpoll.c:381 [inline]
ep_poll fs/eventpoll.c:1797 [inline]
do_epoll_wait+0x279/0xf40 fs/eventpoll.c:2234
do_epoll_pwait fs/eventpoll.c:2268 [inline]
__do_sys_epoll_pwait fs/eventpoll.c:2281 [inline]
__se_sys_epoll_pwait+0x12b/0x240 fs/eventpoll.c:2275
__x64_sys_epoll_pwait+0x74/0x80 fs/eventpoll.c:2275
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0xffff88810480c7d0 -> 0xffff888103c15098
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 1799 Comm: syz-fuzzer Tainted: G W 5.17.0-rc7-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:40:52.947192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:49.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/list.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5d5d993f16be15d124be7b8ec71b28ef7b7dc3af",
"status": "affected",
"version": "bf3b9f6372c45b0fbf24d86b8794910d20170017",
"versionType": "git"
},
{
"lessThan": "cb3e48f7a35033deb9455abe3932e63cb500b9eb",
"status": "affected",
"version": "bf3b9f6372c45b0fbf24d86b8794910d20170017",
"versionType": "git"
},
{
"lessThan": "e039c0b5985999b150594126225e1ee51df7b4c9",
"status": "affected",
"version": "bf3b9f6372c45b0fbf24d86b8794910d20170017",
"versionType": "git"
},
{
"lessThan": "d679ae94fdd5d3ab00c35078f5af5f37e068b03d",
"status": "affected",
"version": "bf3b9f6372c45b0fbf24d86b8794910d20170017",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/list.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlist: fix a data-race around ep-\u003erdllist\n\nep_poll() first calls ep_events_available() with no lock held and checks\nif ep-\u003erdllist is empty by list_empty_careful(), which reads\nrdllist-\u003eprev. Thus all accesses to it need some protection to avoid\nstore/load-tearing.\n\nNote INIT_LIST_HEAD_RCU() already has the annotation for both prev\nand next.\n\nCommit bf3b9f6372c4 (\"epoll: Add busy poll support to epoll with socket\nfds.\") added the first lockless ep_events_available(), and commit\nc5a282e9635e (\"fs/epoll: reduce the scope of wq lock in epoll_wait()\")\nmade some ep_events_available() calls lockless and added single call under\na lock, finally commit e59d3c64cba6 (\"epoll: eliminate unnecessary lock\nfor zero timeout\") made the last ep_events_available() lockless.\n\nBUG: KCSAN: data-race in do_epoll_wait / do_epoll_wait\n\nwrite to 0xffff88810480c7d8 of 8 bytes by task 1802 on cpu 0:\n INIT_LIST_HEAD include/linux/list.h:38 [inline]\n list_splice_init include/linux/list.h:492 [inline]\n ep_start_scan fs/eventpoll.c:622 [inline]\n ep_send_events fs/eventpoll.c:1656 [inline]\n ep_poll fs/eventpoll.c:1806 [inline]\n do_epoll_wait+0x4eb/0xf40 fs/eventpoll.c:2234\n do_epoll_pwait fs/eventpoll.c:2268 [inline]\n __do_sys_epoll_pwait fs/eventpoll.c:2281 [inline]\n __se_sys_epoll_pwait+0x12b/0x240 fs/eventpoll.c:2275\n __x64_sys_epoll_pwait+0x74/0x80 fs/eventpoll.c:2275\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nread to 0xffff88810480c7d8 of 8 bytes by task 1799 on cpu 1:\n list_empty_careful include/linux/list.h:329 [inline]\n ep_events_available fs/eventpoll.c:381 [inline]\n ep_poll fs/eventpoll.c:1797 [inline]\n do_epoll_wait+0x279/0xf40 fs/eventpoll.c:2234\n do_epoll_pwait fs/eventpoll.c:2268 [inline]\n __do_sys_epoll_pwait fs/eventpoll.c:2281 [inline]\n __se_sys_epoll_pwait+0x12b/0x240 fs/eventpoll.c:2275\n __x64_sys_epoll_pwait+0x74/0x80 fs/eventpoll.c:2275\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nvalue changed: 0xffff88810480c7d0 -\u003e 0xffff888103c15098\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 1799 Comm: syz-fuzzer Tainted: G W 5.17.0-rc7-syzkaller-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:51.460Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d5d993f16be15d124be7b8ec71b28ef7b7dc3af"
},
{
"url": "https://git.kernel.org/stable/c/cb3e48f7a35033deb9455abe3932e63cb500b9eb"
},
{
"url": "https://git.kernel.org/stable/c/e039c0b5985999b150594126225e1ee51df7b4c9"
},
{
"url": "https://git.kernel.org/stable/c/d679ae94fdd5d3ab00c35078f5af5f37e068b03d"
}
],
"title": "list: fix a data-race around ep-\u003erdllist",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49443",
"datePublished": "2025-02-26T02:12:55.959Z",
"dateReserved": "2025-02-26T02:08:31.571Z",
"dateUpdated": "2025-10-01T19:46:49.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49119 (GCVE-0-2022-49119)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()
In pm8001_chip_fw_flash_update_build(), if
pm8001_chip_fw_flash_update_build() fails, the struct fw_control_ex
allocated must be freed.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:48:39.389216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:03.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/pm8001/pm8001_hwi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d83574666bac4b1462e90df393fbed6c5f57d1a3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e5ecdb01952f230921aa8163d8d7f4c97c925ed8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fe5b8ea5583b5c3f6f68e06acba50387edf3b5d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a25ed5f21f94f9ae4bcc8dd747e978668890c921",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f792a3629f4c4aa4c3703d66b43ce1edcc3ec09a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/pm8001/pm8001_hwi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()\n\nIn pm8001_chip_fw_flash_update_build(), if\npm8001_chip_fw_flash_update_build() fails, the struct fw_control_ex\nallocated must be freed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:18.145Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d83574666bac4b1462e90df393fbed6c5f57d1a3"
},
{
"url": "https://git.kernel.org/stable/c/e5ecdb01952f230921aa8163d8d7f4c97c925ed8"
},
{
"url": "https://git.kernel.org/stable/c/fe5b8ea5583b5c3f6f68e06acba50387edf3b5d5"
},
{
"url": "https://git.kernel.org/stable/c/a25ed5f21f94f9ae4bcc8dd747e978668890c921"
},
{
"url": "https://git.kernel.org/stable/c/f792a3629f4c4aa4c3703d66b43ce1edcc3ec09a"
}
],
"title": "scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49119",
"datePublished": "2025-02-26T01:55:00.668Z",
"dateReserved": "2025-02-26T01:49:39.264Z",
"dateUpdated": "2025-10-01T19:57:03.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49257 (GCVE-0-2022-49257)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: Fix NULL dereference in error cleanup
In watch_queue_set_size(), the error cleanup code doesn't take account of
the fact that __free_page() can't handle a NULL pointer when trying to free
up buffer pages that did get allocated.
Fix this by only calling __free_page() on the pages actually allocated.
Without the fix, this can lead to something like the following:
BUG: KASAN: null-ptr-deref in __free_pages+0x1f/0x1b0 mm/page_alloc.c:5473
Read of size 4 at addr 0000000000000034 by task syz-executor168/3599
...
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
__kasan_report mm/kasan/report.c:446 [inline]
kasan_report.cold+0x66/0xdf mm/kasan/report.c:459
check_region_inline mm/kasan/generic.c:183 [inline]
kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189
instrument_atomic_read include/linux/instrumented.h:71 [inline]
atomic_read include/linux/atomic/atomic-instrumented.h:27 [inline]
page_ref_count include/linux/page_ref.h:67 [inline]
put_page_testzero include/linux/mm.h:717 [inline]
__free_pages+0x1f/0x1b0 mm/page_alloc.c:5473
watch_queue_set_size+0x499/0x630 kernel/watch_queue.c:275
pipe_ioctl+0xac/0x2b0 fs/pipe.c:632
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/watch_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5ae75b4ed30322b42abaa75ef1b784addfdb7dc9",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "695c47cea02b9101e2fc2e7d36d552128592b347",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "112a2f9b0a8457794095a0450598f150724ec456",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "b6f5ad3e45d19f9c4ee3e8a2aff829f28d68591d",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "a635415a064e77bcfbf43da413fd9dfe0bbed9cb",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/watch_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: Fix NULL dereference in error cleanup\n\nIn watch_queue_set_size(), the error cleanup code doesn\u0027t take account of\nthe fact that __free_page() can\u0027t handle a NULL pointer when trying to free\nup buffer pages that did get allocated.\n\nFix this by only calling __free_page() on the pages actually allocated.\n\nWithout the fix, this can lead to something like the following:\n\nBUG: KASAN: null-ptr-deref in __free_pages+0x1f/0x1b0 mm/page_alloc.c:5473\nRead of size 4 at addr 0000000000000034 by task syz-executor168/3599\n...\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n __kasan_report mm/kasan/report.c:446 [inline]\n kasan_report.cold+0x66/0xdf mm/kasan/report.c:459\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189\n instrument_atomic_read include/linux/instrumented.h:71 [inline]\n atomic_read include/linux/atomic/atomic-instrumented.h:27 [inline]\n page_ref_count include/linux/page_ref.h:67 [inline]\n put_page_testzero include/linux/mm.h:717 [inline]\n __free_pages+0x1f/0x1b0 mm/page_alloc.c:5473\n watch_queue_set_size+0x499/0x630 kernel/watch_queue.c:275\n pipe_ioctl+0xac/0x2b0 fs/pipe.c:632\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:31.060Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5ae75b4ed30322b42abaa75ef1b784addfdb7dc9"
},
{
"url": "https://git.kernel.org/stable/c/695c47cea02b9101e2fc2e7d36d552128592b347"
},
{
"url": "https://git.kernel.org/stable/c/112a2f9b0a8457794095a0450598f150724ec456"
},
{
"url": "https://git.kernel.org/stable/c/b6f5ad3e45d19f9c4ee3e8a2aff829f28d68591d"
},
{
"url": "https://git.kernel.org/stable/c/a635415a064e77bcfbf43da413fd9dfe0bbed9cb"
}
],
"title": "watch_queue: Fix NULL dereference in error cleanup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49257",
"datePublished": "2025-02-26T01:56:11.072Z",
"dateReserved": "2025-02-26T01:49:39.296Z",
"dateUpdated": "2025-05-04T08:33:31.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49104 (GCVE-0-2022-49104)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
staging: vchiq_core: handle NULL result of find_service_by_handle
In case of an invalid handle the function find_servive_by_handle
returns NULL. So take care of this and avoid a NULL pointer dereference.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:49:16.064127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:05.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "aa0b7296785312a4bfa8fac0ba8ad78698fd9fcf",
"status": "affected",
"version": "71bad7f086419dc674244b91ca35a12bfa4cb597",
"versionType": "git"
},
{
"lessThan": "42f2142a337ee372455574809fc924580a7e51b2",
"status": "affected",
"version": "71bad7f086419dc674244b91ca35a12bfa4cb597",
"versionType": "git"
},
{
"lessThan": "04202f54dd8899e10f56a89c4c1ede0043fa22af",
"status": "affected",
"version": "71bad7f086419dc674244b91ca35a12bfa4cb597",
"versionType": "git"
},
{
"lessThan": "3b424f6586a870b8d657c5e5419465bbe0e7b61f",
"status": "affected",
"version": "71bad7f086419dc674244b91ca35a12bfa4cb597",
"versionType": "git"
},
{
"lessThan": "ca225857faf237234d2fffe5d1919467dfadd822",
"status": "affected",
"version": "71bad7f086419dc674244b91ca35a12bfa4cb597",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: vchiq_core: handle NULL result of find_service_by_handle\n\nIn case of an invalid handle the function find_servive_by_handle\nreturns NULL. So take care of this and avoid a NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:56.645Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/aa0b7296785312a4bfa8fac0ba8ad78698fd9fcf"
},
{
"url": "https://git.kernel.org/stable/c/42f2142a337ee372455574809fc924580a7e51b2"
},
{
"url": "https://git.kernel.org/stable/c/04202f54dd8899e10f56a89c4c1ede0043fa22af"
},
{
"url": "https://git.kernel.org/stable/c/3b424f6586a870b8d657c5e5419465bbe0e7b61f"
},
{
"url": "https://git.kernel.org/stable/c/ca225857faf237234d2fffe5d1919467dfadd822"
}
],
"title": "staging: vchiq_core: handle NULL result of find_service_by_handle",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49104",
"datePublished": "2025-02-26T01:54:53.004Z",
"dateReserved": "2025-02-26T01:49:39.250Z",
"dateUpdated": "2025-10-01T19:57:05.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49300 (GCVE-0-2022-49300)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix race between nbd_alloc_config() and module removal
When nbd module is being removing, nbd_alloc_config() may be
called concurrently by nbd_genl_connect(), although try_module_get()
will return false, but nbd_alloc_config() doesn't handle it.
The race may lead to the leak of nbd_config and its related
resources (e.g, recv_workq) and oops in nbd_read_stat() due
to the unload of nbd module as shown below:
BUG: kernel NULL pointer dereference, address: 0000000000000040
Oops: 0000 [#1] SMP PTI
CPU: 5 PID: 13840 Comm: kworker/u17:33 Not tainted 5.14.0+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
Workqueue: knbd16-recv recv_work [nbd]
RIP: 0010:nbd_read_stat.cold+0x130/0x1a4 [nbd]
Call Trace:
recv_work+0x3b/0xb0 [nbd]
process_one_work+0x1ed/0x390
worker_thread+0x4a/0x3d0
kthread+0x12a/0x150
ret_from_fork+0x22/0x30
Fixing it by checking the return value of try_module_get()
in nbd_alloc_config(). As nbd_alloc_config() may return ERR_PTR(-ENODEV),
assign nbd->config only when nbd_alloc_config() succeeds to ensure
the value of nbd->config is binary (valid or NULL).
Also adding a debug message to check the reference counter
of nbd_config during module removal.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:48.211252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:59.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "165cf2e0019fa6cedc75b456490c41494c34abb4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2573f2375b64280be977431701ed5d33b75b9ad0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8a7da4ced236ce6637fe70f14ca18e718d4bf9e9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "122e4adaff2439f1cc18cc7e931980fa7560df5c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "71c142f910da44421213ade601bcbd23ceae19fa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2888fa41985f93ed0a6837cfbb06bcbfd7fa2314",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d09525720dd5201756f698bee1076de9aefd4602",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c55b2b983b0fa012942c3eb16384b2b722caa810",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix race between nbd_alloc_config() and module removal\n\nWhen nbd module is being removing, nbd_alloc_config() may be\ncalled concurrently by nbd_genl_connect(), although try_module_get()\nwill return false, but nbd_alloc_config() doesn\u0027t handle it.\n\nThe race may lead to the leak of nbd_config and its related\nresources (e.g, recv_workq) and oops in nbd_read_stat() due\nto the unload of nbd module as shown below:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000040\n Oops: 0000 [#1] SMP PTI\n CPU: 5 PID: 13840 Comm: kworker/u17:33 Not tainted 5.14.0+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: knbd16-recv recv_work [nbd]\n RIP: 0010:nbd_read_stat.cold+0x130/0x1a4 [nbd]\n Call Trace:\n recv_work+0x3b/0xb0 [nbd]\n process_one_work+0x1ed/0x390\n worker_thread+0x4a/0x3d0\n kthread+0x12a/0x150\n ret_from_fork+0x22/0x30\n\nFixing it by checking the return value of try_module_get()\nin nbd_alloc_config(). As nbd_alloc_config() may return ERR_PTR(-ENODEV),\nassign nbd-\u003econfig only when nbd_alloc_config() succeeds to ensure\nthe value of nbd-\u003econfig is binary (valid or NULL).\n\nAlso adding a debug message to check the reference counter\nof nbd_config during module removal."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:38.163Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/165cf2e0019fa6cedc75b456490c41494c34abb4"
},
{
"url": "https://git.kernel.org/stable/c/2573f2375b64280be977431701ed5d33b75b9ad0"
},
{
"url": "https://git.kernel.org/stable/c/8a7da4ced236ce6637fe70f14ca18e718d4bf9e9"
},
{
"url": "https://git.kernel.org/stable/c/122e4adaff2439f1cc18cc7e931980fa7560df5c"
},
{
"url": "https://git.kernel.org/stable/c/71c142f910da44421213ade601bcbd23ceae19fa"
},
{
"url": "https://git.kernel.org/stable/c/2888fa41985f93ed0a6837cfbb06bcbfd7fa2314"
},
{
"url": "https://git.kernel.org/stable/c/d09525720dd5201756f698bee1076de9aefd4602"
},
{
"url": "https://git.kernel.org/stable/c/c55b2b983b0fa012942c3eb16384b2b722caa810"
}
],
"title": "nbd: fix race between nbd_alloc_config() and module removal",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49300",
"datePublished": "2025-02-26T02:10:35.594Z",
"dateReserved": "2025-02-26T02:08:31.534Z",
"dateUpdated": "2025-10-01T19:46:59.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49546 (GCVE-0-2022-49546)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-11-03 19:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/kexec: fix memory leak of elf header buffer
This is reported by kmemleak detector:
unreferenced object 0xffffc900002a9000 (size 4096):
comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s)
hex dump (first 32 bytes):
7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............
04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..>.............
backtrace:
[<0000000016a8ef9f>] __vmalloc_node_range+0x101/0x170
[<000000002b66b6c0>] __vmalloc_node+0xb4/0x160
[<00000000ad40107d>] crash_prepare_elf64_headers+0x8e/0xcd0
[<0000000019afff23>] crash_load_segments+0x260/0x470
[<0000000019ebe95c>] bzImage64_load+0x814/0xad0
[<0000000093e16b05>] arch_kexec_kernel_image_load+0x1be/0x2a0
[<000000009ef2fc88>] kimage_file_alloc_init+0x2ec/0x5a0
[<0000000038f5a97a>] __do_sys_kexec_file_load+0x28d/0x530
[<0000000087c19992>] do_syscall_64+0x3b/0x90
[<0000000066e063a4>] entry_SYSCALL_64_after_hwframe+0x44/0xae
In crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to
store elf headers. While it's not freed back to system correctly when
kdump kernel is reloaded or unloaded. Then memory leak is caused. Fix it
by introducing x86 specific function arch_kimage_file_post_load_cleanup(),
and freeing the buffer there.
And also remove the incorrect elf header buffer freeing code. Before
calling arch specific kexec_file loading function, the image instance has
been initialized. So 'image->elf_headers' must be NULL. It doesn't make
sense to free the elf header buffer in the place.
Three different people have reported three bugs about the memory leak on
x86_64 inside Redhat.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:52.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/machine_kexec_64.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "23cf39dccf7653650701a6f39b119e9116a27f1a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8765a423a87d74ef24ea02b43b2728fe4039f248",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "115ee42a4c2f26ba2b4ace2668a3f004621f6833",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f675e3a9189d84a9324ab45b0cb19906c2bc8fcb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b3e34a47f98974d0844444c5121aaff123004e57",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/machine_kexec_64.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.236",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: fix memory leak of elf header buffer\n\nThis is reported by kmemleak detector:\n\nunreferenced object 0xffffc900002a9000 (size 4096):\n comm \"kexec\", pid 14950, jiffies 4295110793 (age 373.951s)\n hex dump (first 32 bytes):\n 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............\n 04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..\u003e.............\n backtrace:\n [\u003c0000000016a8ef9f\u003e] __vmalloc_node_range+0x101/0x170\n [\u003c000000002b66b6c0\u003e] __vmalloc_node+0xb4/0x160\n [\u003c00000000ad40107d\u003e] crash_prepare_elf64_headers+0x8e/0xcd0\n [\u003c0000000019afff23\u003e] crash_load_segments+0x260/0x470\n [\u003c0000000019ebe95c\u003e] bzImage64_load+0x814/0xad0\n [\u003c0000000093e16b05\u003e] arch_kexec_kernel_image_load+0x1be/0x2a0\n [\u003c000000009ef2fc88\u003e] kimage_file_alloc_init+0x2ec/0x5a0\n [\u003c0000000038f5a97a\u003e] __do_sys_kexec_file_load+0x28d/0x530\n [\u003c0000000087c19992\u003e] do_syscall_64+0x3b/0x90\n [\u003c0000000066e063a4\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nIn crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to\nstore elf headers. While it\u0027s not freed back to system correctly when\nkdump kernel is reloaded or unloaded. Then memory leak is caused. Fix it\nby introducing x86 specific function arch_kimage_file_post_load_cleanup(),\nand freeing the buffer there.\n\nAnd also remove the incorrect elf header buffer freeing code. Before\ncalling arch specific kexec_file loading function, the image instance has\nbeen initialized. So \u0027image-\u003eelf_headers\u0027 must be NULL. It doesn\u0027t make\nsense to free the elf header buffer in the place.\n\nThree different people have reported three bugs about the memory leak on\nx86_64 inside Redhat."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:15.810Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/23cf39dccf7653650701a6f39b119e9116a27f1a"
},
{
"url": "https://git.kernel.org/stable/c/8765a423a87d74ef24ea02b43b2728fe4039f248"
},
{
"url": "https://git.kernel.org/stable/c/115ee42a4c2f26ba2b4ace2668a3f004621f6833"
},
{
"url": "https://git.kernel.org/stable/c/f675e3a9189d84a9324ab45b0cb19906c2bc8fcb"
},
{
"url": "https://git.kernel.org/stable/c/b3e34a47f98974d0844444c5121aaff123004e57"
}
],
"title": "x86/kexec: fix memory leak of elf header buffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49546",
"datePublished": "2025-02-26T02:13:58.867Z",
"dateReserved": "2025-02-26T02:08:31.590Z",
"dateUpdated": "2025-11-03T19:27:52.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49328 (GCVE-0-2022-49328)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mt76: fix use-after-free by removing a non-RCU wcid pointer
Fixes an issue caught by KASAN about use-after-free in mt76_txq_schedule
by protecting mtxq->wcid with rcu_lock between mt76_txq_schedule and
sta_info_[alloc, free].
[18853.876689] ==================================================================
[18853.876751] BUG: KASAN: use-after-free in mt76_txq_schedule+0x204/0xaf8 [mt76]
[18853.876773] Read of size 8 at addr ffffffaf989a2138 by task mt76-tx phy0/883
[18853.876786]
[18853.876810] CPU: 5 PID: 883 Comm: mt76-tx phy0 Not tainted 5.10.100-fix-510-56778d365941-kasan #5 0b01fbbcf41a530f52043508fec2e31a4215
[18853.876840] Call trace:
[18853.876861] dump_backtrace+0x0/0x3ec
[18853.876878] show_stack+0x20/0x2c
[18853.876899] dump_stack+0x11c/0x1ac
[18853.876918] print_address_description+0x74/0x514
[18853.876934] kasan_report+0x134/0x174
[18853.876948] __asan_report_load8_noabort+0x44/0x50
[18853.876976] mt76_txq_schedule+0x204/0xaf8 [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2]
[18853.877002] mt76_txq_schedule_all+0x2c/0x48 [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2]
[18853.877030] mt7921_tx_worker+0xa0/0x1cc [mt7921_common f0875ebac9d7b4754e1010549e7db50fbd90a047]
[18853.877054] __mt76_worker_fn+0x190/0x22c [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2]
[18853.877071] kthread+0x2f8/0x3b8
[18853.877087] ret_from_fork+0x10/0x30
[18853.877098]
[18853.877112] Allocated by task 941:
[18853.877131] kasan_save_stack+0x38/0x68
[18853.877147] __kasan_kmalloc+0xd4/0xfc
[18853.877163] kasan_kmalloc+0x10/0x1c
[18853.877177] __kmalloc+0x264/0x3c4
[18853.877294] sta_info_alloc+0x460/0xf88 [mac80211]
[18853.877410] ieee80211_prep_connection+0x204/0x1ee0 [mac80211]
[18853.877523] ieee80211_mgd_auth+0x6c4/0xa4c [mac80211]
[18853.877635] ieee80211_auth+0x20/0x2c [mac80211]
[18853.877733] rdev_auth+0x7c/0x438 [cfg80211]
[18853.877826] cfg80211_mlme_auth+0x26c/0x390 [cfg80211]
[18853.877919] nl80211_authenticate+0x6d4/0x904 [cfg80211]
[18853.877938] genl_rcv_msg+0x748/0x93c
[18853.877954] netlink_rcv_skb+0x160/0x2a8
[18853.877969] genl_rcv+0x3c/0x54
[18853.877985] netlink_unicast_kernel+0x104/0x1ec
[18853.877999] netlink_unicast+0x178/0x268
[18853.878015] netlink_sendmsg+0x3cc/0x5f0
[18853.878030] sock_sendmsg+0xb4/0xd8
[18853.878043] ____sys_sendmsg+0x2f8/0x53c
[18853.878058] ___sys_sendmsg+0xe8/0x150
[18853.878071] __sys_sendmsg+0xc4/0x1f4
[18853.878087] __arm64_compat_sys_sendmsg+0x88/0x9c
[18853.878101] el0_svc_common+0x1b4/0x390
[18853.878115] do_el0_svc_compat+0x8c/0xdc
[18853.878131] el0_svc_compat+0x10/0x1c
[18853.878146] el0_sync_compat_handler+0xa8/0xcc
[18853.878161] el0_sync_compat+0x188/0x1c0
[18853.878171]
[18853.878183] Freed by task 10927:
[18853.878200] kasan_save_stack+0x38/0x68
[18853.878215] kasan_set_track+0x28/0x3c
[18853.878228] kasan_set_free_info+0x24/0x48
[18853.878244] __kasan_slab_free+0x11c/0x154
[18853.878259] kasan_slab_free+0x14/0x24
[18853.878273] slab_free_freelist_hook+0xac/0x1b0
[18853.878287] kfree+0x104/0x390
[18853.878402] sta_info_free+0x198/0x210 [mac80211]
[18853.878515] __sta_info_destroy_part2+0x230/0x2d4 [mac80211]
[18853.878628] __sta_info_flush+0x300/0x37c [mac80211]
[18853.878740] ieee80211_set_disassoc+0x2cc/0xa7c [mac80211]
[18853.878851] ieee80211_mgd_deauth+0x4a4/0x10a0 [mac80211]
[18853.878962] ieee80211_deauth+0x20/0x2c [mac80211]
[18853.879057] rdev_deauth+0x7c/0x438 [cfg80211]
[18853.879150] cfg80211_mlme_deauth+0x274/0x414 [cfg80211]
[18853.879243] cfg80211_mlme_down+0xe4/0x118 [cfg80211]
[18853.879335] cfg80211_disconnect+0x218/0x2d8 [cfg80211]
[18853.879427] __cfg80211_leave+0x17c/0x240 [cfg80211]
[18853.879519] cfg80211_leave+0x3c/0x58 [cfg80211]
[18853.879611] wiphy_suspend+0xdc/0x200 [cfg80211]
[18853.879628] dpm_run_callback+0x58/0x408
[18853.879642] __device_suspend+0x4cc/0x864
[18853.879658] async_suspend+0x34/0xf4
[18
---truncated---
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:16:47.103514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:34.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mac80211.c",
"drivers/net/wireless/mediatek/mt76/mt76.h",
"drivers/net/wireless/mediatek/mt76/mt7603/main.c",
"drivers/net/wireless/mediatek/mt76/mt7615/main.c",
"drivers/net/wireless/mediatek/mt76/mt76x02_util.c",
"drivers/net/wireless/mediatek/mt76/mt7915/main.c",
"drivers/net/wireless/mediatek/mt76/mt7921/main.c",
"drivers/net/wireless/mediatek/mt76/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4448327b41738dbfcda680eb4935ff835568f468",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "e55bcdd0bf34a8b10d45ce80ebb3164c5292a17d",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "d5f77f1dbb59feae81f88e44551e8e1d8a802d9a",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
},
{
"lessThan": "51fb1278aa57ae0fc54adaa786e1965362bed4fb",
"status": "affected",
"version": "7bc04215a66b60e198aecaee8418f6d79fa19faa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mac80211.c",
"drivers/net/wireless/mediatek/mt76/mt76.h",
"drivers/net/wireless/mediatek/mt76/mt7603/main.c",
"drivers/net/wireless/mediatek/mt76/mt7615/main.c",
"drivers/net/wireless/mediatek/mt76/mt76x02_util.c",
"drivers/net/wireless/mediatek/mt76/mt7915/main.c",
"drivers/net/wireless/mediatek/mt76/mt7921/main.c",
"drivers/net/wireless/mediatek/mt76/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix use-after-free by removing a non-RCU wcid pointer\n\nFixes an issue caught by KASAN about use-after-free in mt76_txq_schedule\nby protecting mtxq-\u003ewcid with rcu_lock between mt76_txq_schedule and\nsta_info_[alloc, free].\n\n[18853.876689] ==================================================================\n[18853.876751] BUG: KASAN: use-after-free in mt76_txq_schedule+0x204/0xaf8 [mt76]\n[18853.876773] Read of size 8 at addr ffffffaf989a2138 by task mt76-tx phy0/883\n[18853.876786]\n[18853.876810] CPU: 5 PID: 883 Comm: mt76-tx phy0 Not tainted 5.10.100-fix-510-56778d365941-kasan #5 0b01fbbcf41a530f52043508fec2e31a4215\n\n[18853.876840] Call trace:\n[18853.876861] dump_backtrace+0x0/0x3ec\n[18853.876878] show_stack+0x20/0x2c\n[18853.876899] dump_stack+0x11c/0x1ac\n[18853.876918] print_address_description+0x74/0x514\n[18853.876934] kasan_report+0x134/0x174\n[18853.876948] __asan_report_load8_noabort+0x44/0x50\n[18853.876976] mt76_txq_schedule+0x204/0xaf8 [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2]\n[18853.877002] mt76_txq_schedule_all+0x2c/0x48 [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2]\n[18853.877030] mt7921_tx_worker+0xa0/0x1cc [mt7921_common f0875ebac9d7b4754e1010549e7db50fbd90a047]\n[18853.877054] __mt76_worker_fn+0x190/0x22c [mt76 074e03e4640e97fe7405ee1fab547b81c4fa45d2]\n[18853.877071] kthread+0x2f8/0x3b8\n[18853.877087] ret_from_fork+0x10/0x30\n[18853.877098]\n[18853.877112] Allocated by task 941:\n[18853.877131] kasan_save_stack+0x38/0x68\n[18853.877147] __kasan_kmalloc+0xd4/0xfc\n[18853.877163] kasan_kmalloc+0x10/0x1c\n[18853.877177] __kmalloc+0x264/0x3c4\n[18853.877294] sta_info_alloc+0x460/0xf88 [mac80211]\n[18853.877410] ieee80211_prep_connection+0x204/0x1ee0 [mac80211]\n[18853.877523] ieee80211_mgd_auth+0x6c4/0xa4c [mac80211]\n[18853.877635] ieee80211_auth+0x20/0x2c [mac80211]\n[18853.877733] rdev_auth+0x7c/0x438 [cfg80211]\n[18853.877826] cfg80211_mlme_auth+0x26c/0x390 [cfg80211]\n[18853.877919] nl80211_authenticate+0x6d4/0x904 [cfg80211]\n[18853.877938] genl_rcv_msg+0x748/0x93c\n[18853.877954] netlink_rcv_skb+0x160/0x2a8\n[18853.877969] genl_rcv+0x3c/0x54\n[18853.877985] netlink_unicast_kernel+0x104/0x1ec\n[18853.877999] netlink_unicast+0x178/0x268\n[18853.878015] netlink_sendmsg+0x3cc/0x5f0\n[18853.878030] sock_sendmsg+0xb4/0xd8\n[18853.878043] ____sys_sendmsg+0x2f8/0x53c\n[18853.878058] ___sys_sendmsg+0xe8/0x150\n[18853.878071] __sys_sendmsg+0xc4/0x1f4\n[18853.878087] __arm64_compat_sys_sendmsg+0x88/0x9c\n[18853.878101] el0_svc_common+0x1b4/0x390\n[18853.878115] do_el0_svc_compat+0x8c/0xdc\n[18853.878131] el0_svc_compat+0x10/0x1c\n[18853.878146] el0_sync_compat_handler+0xa8/0xcc\n[18853.878161] el0_sync_compat+0x188/0x1c0\n[18853.878171]\n[18853.878183] Freed by task 10927:\n[18853.878200] kasan_save_stack+0x38/0x68\n[18853.878215] kasan_set_track+0x28/0x3c\n[18853.878228] kasan_set_free_info+0x24/0x48\n[18853.878244] __kasan_slab_free+0x11c/0x154\n[18853.878259] kasan_slab_free+0x14/0x24\n[18853.878273] slab_free_freelist_hook+0xac/0x1b0\n[18853.878287] kfree+0x104/0x390\n[18853.878402] sta_info_free+0x198/0x210 [mac80211]\n[18853.878515] __sta_info_destroy_part2+0x230/0x2d4 [mac80211]\n[18853.878628] __sta_info_flush+0x300/0x37c [mac80211]\n[18853.878740] ieee80211_set_disassoc+0x2cc/0xa7c [mac80211]\n[18853.878851] ieee80211_mgd_deauth+0x4a4/0x10a0 [mac80211]\n[18853.878962] ieee80211_deauth+0x20/0x2c [mac80211]\n[18853.879057] rdev_deauth+0x7c/0x438 [cfg80211]\n[18853.879150] cfg80211_mlme_deauth+0x274/0x414 [cfg80211]\n[18853.879243] cfg80211_mlme_down+0xe4/0x118 [cfg80211]\n[18853.879335] cfg80211_disconnect+0x218/0x2d8 [cfg80211]\n[18853.879427] __cfg80211_leave+0x17c/0x240 [cfg80211]\n[18853.879519] cfg80211_leave+0x3c/0x58 [cfg80211]\n[18853.879611] wiphy_suspend+0xdc/0x200 [cfg80211]\n[18853.879628] dpm_run_callback+0x58/0x408\n[18853.879642] __device_suspend+0x4cc/0x864\n[18853.879658] async_suspend+0x34/0xf4\n[18\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:18.005Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4448327b41738dbfcda680eb4935ff835568f468"
},
{
"url": "https://git.kernel.org/stable/c/e55bcdd0bf34a8b10d45ce80ebb3164c5292a17d"
},
{
"url": "https://git.kernel.org/stable/c/d5f77f1dbb59feae81f88e44551e8e1d8a802d9a"
},
{
"url": "https://git.kernel.org/stable/c/51fb1278aa57ae0fc54adaa786e1965362bed4fb"
}
],
"title": "mt76: fix use-after-free by removing a non-RCU wcid pointer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49328",
"datePublished": "2025-02-26T02:10:49.590Z",
"dateReserved": "2025-02-26T02:08:31.538Z",
"dateUpdated": "2025-05-04T08:35:18.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28410 (GCVE-0-2023-28410)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-03-18 19:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-119 - Improper restriction of operations within the bounds of a memory buffer
Summary
Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) i915 Graphics drivers for linux |
Version: before kernel version 6.2.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230622-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:27:26.145778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T19:11:40.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) i915 Graphics drivers for linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before kernel version 6.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-119",
"description": "Improper restriction of operations within the bounds of a memory buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-22T14:06:51.241Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230622-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28410",
"datePublished": "2023-05-10T13:16:37.359Z",
"dateReserved": "2023-03-22T03:00:05.381Z",
"dateUpdated": "2025-03-18T19:11:40.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49489 (GCVE-0-2022-49489)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
BUG: Unable to handle kernel paging request at virtual address 006b6b6b6b6b6be3
Call trace:
dpu_vbif_init_memtypes+0x40/0xb8
dpu_runtime_resume+0xcc/0x1c0
pm_generic_runtime_resume+0x30/0x44
__genpd_runtime_resume+0x68/0x7c
genpd_runtime_resume+0x134/0x258
__rpm_callback+0x98/0x138
rpm_callback+0x30/0x88
rpm_resume+0x36c/0x49c
__pm_runtime_resume+0x80/0xb0
dpu_core_irq_uninstall+0x30/0xb0
dpu_irq_uninstall+0x18/0x24
msm_drm_uninit+0xd8/0x16c
Patchwork: https://patchwork.freedesktop.org/patch/483255/
[DB: fixed Fixes tag]
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef Version: 25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef Version: 25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef Version: 25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef Version: 25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef Version: 25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef Version: 25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T21:14:26.064308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T21:21:43.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "aa4cb188988dc6f1b3f4917d4dbc452150a5d871",
"status": "affected",
"version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
"versionType": "git"
},
{
"lessThan": "ef10d0c68e8608848cd58fca2589685718426607",
"status": "affected",
"version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
"versionType": "git"
},
{
"lessThan": "134760263f6441741db0b2970e7face6b34b6d1c",
"status": "affected",
"version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
"versionType": "git"
},
{
"lessThan": "ef4bdaac7cb5416f236613ed9337ff0ea8ee329b",
"status": "affected",
"version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
"versionType": "git"
},
{
"lessThan": "97ac682b6f7d36be5d934f86c9911066540a68f1",
"status": "affected",
"version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
"versionType": "git"
},
{
"lessThan": "5b0adf5cbf3b74721e4e4c4e0cadc91b8df8bcc2",
"status": "affected",
"version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
"versionType": "git"
},
{
"lessThan": "fa5186b279ecf44b14fb435540d2065be91cb1ed",
"status": "affected",
"version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume\n\nBUG: Unable to handle kernel paging request at virtual address 006b6b6b6b6b6be3\n\nCall trace:\n dpu_vbif_init_memtypes+0x40/0xb8\n dpu_runtime_resume+0xcc/0x1c0\n pm_generic_runtime_resume+0x30/0x44\n __genpd_runtime_resume+0x68/0x7c\n genpd_runtime_resume+0x134/0x258\n __rpm_callback+0x98/0x138\n rpm_callback+0x30/0x88\n rpm_resume+0x36c/0x49c\n __pm_runtime_resume+0x80/0xb0\n dpu_core_irq_uninstall+0x30/0xb0\n dpu_irq_uninstall+0x18/0x24\n msm_drm_uninit+0xd8/0x16c\n\nPatchwork: https://patchwork.freedesktop.org/patch/483255/\n[DB: fixed Fixes tag]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:00.186Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/aa4cb188988dc6f1b3f4917d4dbc452150a5d871"
},
{
"url": "https://git.kernel.org/stable/c/ef10d0c68e8608848cd58fca2589685718426607"
},
{
"url": "https://git.kernel.org/stable/c/134760263f6441741db0b2970e7face6b34b6d1c"
},
{
"url": "https://git.kernel.org/stable/c/ef4bdaac7cb5416f236613ed9337ff0ea8ee329b"
},
{
"url": "https://git.kernel.org/stable/c/97ac682b6f7d36be5d934f86c9911066540a68f1"
},
{
"url": "https://git.kernel.org/stable/c/5b0adf5cbf3b74721e4e4c4e0cadc91b8df8bcc2"
},
{
"url": "https://git.kernel.org/stable/c/fa5186b279ecf44b14fb435540d2065be91cb1ed"
}
],
"title": "drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49489",
"datePublished": "2025-02-26T02:13:26.785Z",
"dateReserved": "2025-02-26T02:08:31.585Z",
"dateUpdated": "2025-05-04T08:39:00.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49642 (GCVE-0-2022-49642)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: dwc-qos: Disable split header for Tegra194
There is a long-standing issue with the Synopsys DWC Ethernet driver
for Tegra194 where random system crashes have been observed [0]. The
problem occurs when the split header feature is enabled in the stmmac
driver. In the bad case, a larger than expected buffer length is
received and causes the calculation of the total buffer length to
overflow. This results in a very large buffer length that causes the
kernel to crash. Why this larger buffer length is received is not clear,
however, the feedback from the NVIDIA design team is that the split
header feature is not supported for Tegra194. Therefore, disable split
header support for Tegra194 to prevent these random crashes from
occurring.
[0] https://lore.kernel.org/linux-tegra/b0b17697-f23e-8fa5-3757-604a86f3a095@nvidia.com/
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/dwmac-dwc-qos-eth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2968830c9b47ce093237483c6207c61065712386",
"status": "affected",
"version": "67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee",
"versionType": "git"
},
{
"lessThan": "9cc8edc571b871d974b3289868553f9ce544aba6",
"status": "affected",
"version": "67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee",
"versionType": "git"
},
{
"lessThan": "d5c315a787652c35045044877a249f7d5c8a4104",
"status": "affected",
"version": "67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee",
"versionType": "git"
},
{
"lessThan": "cfa4caf3e881ad6dd366c903c34f1c7f21b857ab",
"status": "affected",
"version": "67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee",
"versionType": "git"
},
{
"lessThan": "029c1c2059e9c4b38f97a06204cdecd10cfbeb8a",
"status": "affected",
"version": "67afd6d1cfdf0d0461fe3c4c922447f3e9b1c6ee",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/dwmac-dwc-qos-eth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: dwc-qos: Disable split header for Tegra194\n\nThere is a long-standing issue with the Synopsys DWC Ethernet driver\nfor Tegra194 where random system crashes have been observed [0]. The\nproblem occurs when the split header feature is enabled in the stmmac\ndriver. In the bad case, a larger than expected buffer length is\nreceived and causes the calculation of the total buffer length to\noverflow. This results in a very large buffer length that causes the\nkernel to crash. Why this larger buffer length is received is not clear,\nhowever, the feedback from the NVIDIA design team is that the split\nheader feature is not supported for Tegra194. Therefore, disable split\nheader support for Tegra194 to prevent these random crashes from\noccurring.\n\n[0] https://lore.kernel.org/linux-tegra/b0b17697-f23e-8fa5-3757-604a86f3a095@nvidia.com/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:25.328Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2968830c9b47ce093237483c6207c61065712386"
},
{
"url": "https://git.kernel.org/stable/c/9cc8edc571b871d974b3289868553f9ce544aba6"
},
{
"url": "https://git.kernel.org/stable/c/d5c315a787652c35045044877a249f7d5c8a4104"
},
{
"url": "https://git.kernel.org/stable/c/cfa4caf3e881ad6dd366c903c34f1c7f21b857ab"
},
{
"url": "https://git.kernel.org/stable/c/029c1c2059e9c4b38f97a06204cdecd10cfbeb8a"
}
],
"title": "net: stmmac: dwc-qos: Disable split header for Tegra194",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49642",
"datePublished": "2025-02-26T02:23:49.154Z",
"dateReserved": "2025-02-26T02:21:30.431Z",
"dateUpdated": "2025-05-04T08:42:25.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49725 (GCVE-0-2022-49725)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix call trace in setup_tx_descriptors
After PF reset and ethtool -t there was call trace in dmesg
sometimes leading to panic. When there was some time, around 5
seconds, between reset and test there were no errors.
Problem was that pf reset calls i40e_vsi_close in prep_for_reset
and ethtool -t calls i40e_vsi_close in diag_test. If there was not
enough time between those commands the second i40e_vsi_close starts
before previous i40e_vsi_close was done which leads to crash.
Add check to diag_test if pf is in reset and don't start offline
tests if it is true.
Add netif_info("testing failed") into unhappy path of i40e_diag_test()
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e17bc411aea8fbebc51857037f104ab09f765120 Version: e17bc411aea8fbebc51857037f104ab09f765120 Version: e17bc411aea8fbebc51857037f104ab09f765120 Version: e17bc411aea8fbebc51857037f104ab09f765120 Version: e17bc411aea8fbebc51857037f104ab09f765120 Version: e17bc411aea8fbebc51857037f104ab09f765120 Version: e17bc411aea8fbebc51857037f104ab09f765120 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/i40e/i40e_ethtool.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5ba9956ca57e361fb13ea369bb753eb33177acc7",
"status": "affected",
"version": "e17bc411aea8fbebc51857037f104ab09f765120",
"versionType": "git"
},
{
"lessThan": "15950157e2c24865b696db1c9ccc72743ae0e967",
"status": "affected",
"version": "e17bc411aea8fbebc51857037f104ab09f765120",
"versionType": "git"
},
{
"lessThan": "ff6e03fe84bc917bb0c907d02de668c2fe101712",
"status": "affected",
"version": "e17bc411aea8fbebc51857037f104ab09f765120",
"versionType": "git"
},
{
"lessThan": "814092927a215f5ca6c08249ec72a205e0b473cd",
"status": "affected",
"version": "e17bc411aea8fbebc51857037f104ab09f765120",
"versionType": "git"
},
{
"lessThan": "0a4e5a3dc5e41212870e6043895ae02455c93f63",
"status": "affected",
"version": "e17bc411aea8fbebc51857037f104ab09f765120",
"versionType": "git"
},
{
"lessThan": "322271351b0e41565171e4cce70ea41854fac115",
"status": "affected",
"version": "e17bc411aea8fbebc51857037f104ab09f765120",
"versionType": "git"
},
{
"lessThan": "fd5855e6b1358e816710afee68a1d2bc685176ca",
"status": "affected",
"version": "e17bc411aea8fbebc51857037f104ab09f765120",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/i40e/i40e_ethtool.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.285",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.249",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix call trace in setup_tx_descriptors\n\nAfter PF reset and ethtool -t there was call trace in dmesg\nsometimes leading to panic. When there was some time, around 5\nseconds, between reset and test there were no errors.\n\nProblem was that pf reset calls i40e_vsi_close in prep_for_reset\nand ethtool -t calls i40e_vsi_close in diag_test. If there was not\nenough time between those commands the second i40e_vsi_close starts\nbefore previous i40e_vsi_close was done which leads to crash.\n\nAdd check to diag_test if pf is in reset and don\u0027t start offline\ntests if it is true.\nAdd netif_info(\"testing failed\") into unhappy path of i40e_diag_test()"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:44:08.894Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5ba9956ca57e361fb13ea369bb753eb33177acc7"
},
{
"url": "https://git.kernel.org/stable/c/15950157e2c24865b696db1c9ccc72743ae0e967"
},
{
"url": "https://git.kernel.org/stable/c/ff6e03fe84bc917bb0c907d02de668c2fe101712"
},
{
"url": "https://git.kernel.org/stable/c/814092927a215f5ca6c08249ec72a205e0b473cd"
},
{
"url": "https://git.kernel.org/stable/c/0a4e5a3dc5e41212870e6043895ae02455c93f63"
},
{
"url": "https://git.kernel.org/stable/c/322271351b0e41565171e4cce70ea41854fac115"
},
{
"url": "https://git.kernel.org/stable/c/fd5855e6b1358e816710afee68a1d2bc685176ca"
}
],
"title": "i40e: Fix call trace in setup_tx_descriptors",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49725",
"datePublished": "2025-02-26T02:24:37.349Z",
"dateReserved": "2025-02-26T02:21:30.447Z",
"dateUpdated": "2025-05-04T08:44:08.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41092 (GCVE-0-2024-41092)
Vulnerability from cvelistv5
Published
2024-07-29 15:48
Modified
2025-11-03 22:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Fix potential UAF by revoke of fence registers
CI has been sporadically reporting the following issue triggered by
igt@i915_selftest@live@hangcheck on ADL-P and similar machines:
<6> [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence
...
<6> [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled
<6> [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled
<3> [414.070354] Unable to pin Y-tiled fence; err:-4
<3> [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(&fence->active))
...
<4>[ 609.603992] ------------[ cut here ]------------
<2>[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301!
<4>[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
<4>[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1
<4>[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023
<4>[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915]
<4>[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915]
...
<4>[ 609.604271] Call Trace:
<4>[ 609.604273] <TASK>
...
<4>[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915]
<4>[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915]
<4>[ 609.604977] force_unbind+0x24/0xa0 [i915]
<4>[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915]
<4>[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915]
<4>[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915]
<4>[ 609.605440] process_scheduled_works+0x351/0x690
...
In the past, there were similar failures reported by CI from other IGT
tests, observed on other platforms.
Before commit 63baf4f3d587 ("drm/i915/gt: Only wait for GPU activity
before unbinding a GGTT fence"), i915_vma_revoke_fence() was waiting for
idleness of vma->active via fence_update(). That commit introduced
vma->fence->active in order for the fence_update() to be able to wait
selectively on that one instead of vma->active since only idleness of
fence registers was needed. But then, another commit 0d86ee35097a
("drm/i915/gt: Make fence revocation unequivocal") replaced the call to
fence_update() in i915_vma_revoke_fence() with only fence_write(), and
also added that GEM_BUG_ON(!i915_active_is_idle(&fence->active)) in front.
No justification was provided on why we might then expect idleness of
vma->fence->active without first waiting on it.
The issue can be potentially caused by a race among revocation of fence
registers on one side and sequential execution of signal callbacks invoked
on completion of a request that was using them on the other, still
processed in parallel to revocation of those fence registers. Fix it by
waiting for idleness of vma->fence->active in i915_vma_revoke_fence().
(cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1)
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 Version: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 Version: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 Version: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 Version: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 Version: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:49.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f771b91f21c46ad1217328d05e72a2c7e3add535"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29c0fdf49078ab161570d3d1c6e13d66f182717d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca0fabd365a27a94a36e68a7a02df8ff3c13dac6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06dec31a0a5112a91f49085e8a8fa1a82296d5c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/414f4a31f7a811008fd9a33b06216b060bad18fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/996c3412a06578e9d779a16b9e79ace18125ab50"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:35.535942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:56.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f771b91f21c46ad1217328d05e72a2c7e3add535",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "29c0fdf49078ab161570d3d1c6e13d66f182717d",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "ca0fabd365a27a94a36e68a7a02df8ff3c13dac6",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "06dec31a0a5112a91f49085e8a8fa1a82296d5c7",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "414f4a31f7a811008fd9a33b06216b060bad18fc",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "996c3412a06578e9d779a16b9e79ace18125ab50",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix potential UAF by revoke of fence registers\n\nCI has been sporadically reporting the following issue triggered by\nigt@i915_selftest@live@hangcheck on ADL-P and similar machines:\n\n\u003c6\u003e [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence\n...\n\u003c6\u003e [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled\n\u003c6\u003e [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled\n\u003c3\u003e [414.070354] Unable to pin Y-tiled fence; err:-4\n\u003c3\u003e [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(\u0026fence-\u003eactive))\n...\n\u003c4\u003e[ 609.603992] ------------[ cut here ]------------\n\u003c2\u003e[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301!\n\u003c4\u003e[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n\u003c4\u003e[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1\n\u003c4\u003e[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n\u003c4\u003e[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915]\n\u003c4\u003e[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915]\n...\n\u003c4\u003e[ 609.604271] Call Trace:\n\u003c4\u003e[ 609.604273] \u003cTASK\u003e\n...\n\u003c4\u003e[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915]\n\u003c4\u003e[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915]\n\u003c4\u003e[ 609.604977] force_unbind+0x24/0xa0 [i915]\n\u003c4\u003e[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915]\n\u003c4\u003e[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915]\n\u003c4\u003e[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915]\n\u003c4\u003e[ 609.605440] process_scheduled_works+0x351/0x690\n...\n\nIn the past, there were similar failures reported by CI from other IGT\ntests, observed on other platforms.\n\nBefore commit 63baf4f3d587 (\"drm/i915/gt: Only wait for GPU activity\nbefore unbinding a GGTT fence\"), i915_vma_revoke_fence() was waiting for\nidleness of vma-\u003eactive via fence_update(). That commit introduced\nvma-\u003efence-\u003eactive in order for the fence_update() to be able to wait\nselectively on that one instead of vma-\u003eactive since only idleness of\nfence registers was needed. But then, another commit 0d86ee35097a\n(\"drm/i915/gt: Make fence revocation unequivocal\") replaced the call to\nfence_update() in i915_vma_revoke_fence() with only fence_write(), and\nalso added that GEM_BUG_ON(!i915_active_is_idle(\u0026fence-\u003eactive)) in front.\nNo justification was provided on why we might then expect idleness of\nvma-\u003efence-\u003eactive without first waiting on it.\n\nThe issue can be potentially caused by a race among revocation of fence\nregisters on one side and sequential execution of signal callbacks invoked\non completion of a request that was using them on the other, still\nprocessed in parallel to revocation of those fence registers. Fix it by\nwaiting for idleness of vma-\u003efence-\u003eactive in i915_vma_revoke_fence().\n\n(cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:54.366Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f771b91f21c46ad1217328d05e72a2c7e3add535"
},
{
"url": "https://git.kernel.org/stable/c/29c0fdf49078ab161570d3d1c6e13d66f182717d"
},
{
"url": "https://git.kernel.org/stable/c/ca0fabd365a27a94a36e68a7a02df8ff3c13dac6"
},
{
"url": "https://git.kernel.org/stable/c/06dec31a0a5112a91f49085e8a8fa1a82296d5c7"
},
{
"url": "https://git.kernel.org/stable/c/414f4a31f7a811008fd9a33b06216b060bad18fc"
},
{
"url": "https://git.kernel.org/stable/c/996c3412a06578e9d779a16b9e79ace18125ab50"
}
],
"title": "drm/i915/gt: Fix potential UAF by revoke of fence registers",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41092",
"datePublished": "2024-07-29T15:48:05.853Z",
"dateReserved": "2024-07-12T12:17:45.636Z",
"dateUpdated": "2025-11-03T22:00:49.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49159 (GCVE-0-2022-49159)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Implement ref count for SRB
The timeout handler and the done function are racing. When
qla2x00_async_iocb_timeout() starts to run it can be preempted by the
normal response path (via the firmware?). qla24xx_async_gpsc_sp_done()
releases the SRB unconditionally. When scheduling back to
qla2x00_async_iocb_timeout() qla24xx_async_abort_cmd() will access an freed
sp->qpair pointer:
qla2xxx [0000:83:00.0]-2871:0: Async-gpsc timeout - hdl=63d portid=234500 50:06:0e:80:08:77:b6:21.
qla2xxx [0000:83:00.0]-2853:0: Async done-gpsc res 0, WWPN 50:06:0e:80:08:77:b6:21
qla2xxx [0000:83:00.0]-2854:0: Async-gpsc OUT WWPN 20:45:00:27:f8:75:33:00 speeds=2c00 speed=0400.
qla2xxx [0000:83:00.0]-28d8:0: qla24xx_handle_gpsc_event 50:06:0e:80:08:77:b6:21 DS 7 LS 6 rc 0 login 1|1 rscn 1|0 lid 5
BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
IP: qla24xx_async_abort_cmd+0x1b/0x1c0 [qla2xxx]
Obvious solution to this is to introduce a reference counter. One reference
is taken for the normal code path (the 'good' case) and one for the timeout
path. As we always race between the normal good case and the timeout/abort
handler we need to serialize it. Also we cannot assume any order between
the handlers. Since this is slow path we can use proper synchronization via
locks.
When we are able to cancel a timer (del_timer returns 1) we know there
can't be any error handling in progress because the timeout handler hasn't
expired yet, thus we can safely decrement the refcounter by one.
If we are not able to cancel the timer, we know an abort handler is
running. We have to make sure we call sp->done() in the abort handlers
before calling kref_put().
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_bsg.c",
"drivers/scsi/qla2xxx/qla_def.h",
"drivers/scsi/qla2xxx/qla_edif.c",
"drivers/scsi/qla2xxx/qla_gbl.h",
"drivers/scsi/qla2xxx/qla_gs.c",
"drivers/scsi/qla2xxx/qla_init.c",
"drivers/scsi/qla2xxx/qla_inline.h",
"drivers/scsi/qla2xxx/qla_iocb.c",
"drivers/scsi/qla2xxx/qla_mbx.c",
"drivers/scsi/qla2xxx/qla_mid.c",
"drivers/scsi/qla2xxx/qla_mr.c",
"drivers/scsi/qla2xxx/qla_os.c",
"drivers/scsi/qla2xxx/qla_target.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e17111dd2fda81c35f309b1e5b6ab35809a375e7",
"status": "affected",
"version": "7ebb336e45ef1ce23462c3bbd03779929008901f",
"versionType": "git"
},
{
"lessThan": "e140723f78ff418c8df7d990e102e07b65c87d4a",
"status": "affected",
"version": "7ebb336e45ef1ce23462c3bbd03779929008901f",
"versionType": "git"
},
{
"lessThan": "ceda7f794f3dfe272491e93e3e93049f8be5f07b",
"status": "affected",
"version": "7ebb336e45ef1ce23462c3bbd03779929008901f",
"versionType": "git"
},
{
"lessThan": "31e6cdbe0eae37badceb5e0d4f06cf051432fd77",
"status": "affected",
"version": "7ebb336e45ef1ce23462c3bbd03779929008901f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_bsg.c",
"drivers/scsi/qla2xxx/qla_def.h",
"drivers/scsi/qla2xxx/qla_edif.c",
"drivers/scsi/qla2xxx/qla_gbl.h",
"drivers/scsi/qla2xxx/qla_gs.c",
"drivers/scsi/qla2xxx/qla_init.c",
"drivers/scsi/qla2xxx/qla_inline.h",
"drivers/scsi/qla2xxx/qla_iocb.c",
"drivers/scsi/qla2xxx/qla_mbx.c",
"drivers/scsi/qla2xxx/qla_mid.c",
"drivers/scsi/qla2xxx/qla_mr.c",
"drivers/scsi/qla2xxx/qla_os.c",
"drivers/scsi/qla2xxx/qla_target.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Implement ref count for SRB\n\nThe timeout handler and the done function are racing. When\nqla2x00_async_iocb_timeout() starts to run it can be preempted by the\nnormal response path (via the firmware?). qla24xx_async_gpsc_sp_done()\nreleases the SRB unconditionally. When scheduling back to\nqla2x00_async_iocb_timeout() qla24xx_async_abort_cmd() will access an freed\nsp-\u003eqpair pointer:\n\n qla2xxx [0000:83:00.0]-2871:0: Async-gpsc timeout - hdl=63d portid=234500 50:06:0e:80:08:77:b6:21.\n qla2xxx [0000:83:00.0]-2853:0: Async done-gpsc res 0, WWPN 50:06:0e:80:08:77:b6:21\n qla2xxx [0000:83:00.0]-2854:0: Async-gpsc OUT WWPN 20:45:00:27:f8:75:33:00 speeds=2c00 speed=0400.\n qla2xxx [0000:83:00.0]-28d8:0: qla24xx_handle_gpsc_event 50:06:0e:80:08:77:b6:21 DS 7 LS 6 rc 0 login 1|1 rscn 1|0 lid 5\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000004\n IP: qla24xx_async_abort_cmd+0x1b/0x1c0 [qla2xxx]\n\nObvious solution to this is to introduce a reference counter. One reference\nis taken for the normal code path (the \u0027good\u0027 case) and one for the timeout\npath. As we always race between the normal good case and the timeout/abort\nhandler we need to serialize it. Also we cannot assume any order between\nthe handlers. Since this is slow path we can use proper synchronization via\nlocks.\n\nWhen we are able to cancel a timer (del_timer returns 1) we know there\ncan\u0027t be any error handling in progress because the timeout handler hasn\u0027t\nexpired yet, thus we can safely decrement the refcounter by one.\n\nIf we are not able to cancel the timer, we know an abort handler is\nrunning. We have to make sure we call sp-\u003edone() in the abort handlers\nbefore calling kref_put()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:15.436Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e17111dd2fda81c35f309b1e5b6ab35809a375e7"
},
{
"url": "https://git.kernel.org/stable/c/e140723f78ff418c8df7d990e102e07b65c87d4a"
},
{
"url": "https://git.kernel.org/stable/c/ceda7f794f3dfe272491e93e3e93049f8be5f07b"
},
{
"url": "https://git.kernel.org/stable/c/31e6cdbe0eae37badceb5e0d4f06cf051432fd77"
}
],
"title": "scsi: qla2xxx: Implement ref count for SRB",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49159",
"datePublished": "2025-02-26T01:55:22.021Z",
"dateReserved": "2025-02-26T01:49:39.276Z",
"dateUpdated": "2025-05-04T08:31:15.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49680 (GCVE-0-2022-49680)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: exynos: Fix refcount leak in exynos_map_pmu
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
of_node_put() checks null pointer.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fce9e5bb25264153f9f002eada41757118d25ba9 Version: fce9e5bb25264153f9f002eada41757118d25ba9 Version: fce9e5bb25264153f9f002eada41757118d25ba9 Version: fce9e5bb25264153f9f002eada41757118d25ba9 Version: fce9e5bb25264153f9f002eada41757118d25ba9 Version: fce9e5bb25264153f9f002eada41757118d25ba9 Version: fce9e5bb25264153f9f002eada41757118d25ba9 Version: fce9e5bb25264153f9f002eada41757118d25ba9 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:02.308011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:46.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-exynos/exynos.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "545ae5cbae839ce39bfe09828e413f1c916082de",
"status": "affected",
"version": "fce9e5bb25264153f9f002eada41757118d25ba9",
"versionType": "git"
},
{
"lessThan": "31d09571bb071c20f6bdc0bb7ac1ef8dd2987c04",
"status": "affected",
"version": "fce9e5bb25264153f9f002eada41757118d25ba9",
"versionType": "git"
},
{
"lessThan": "7571bcecf01b69f0d3ec60ca41ce5d4c75411a4a",
"status": "affected",
"version": "fce9e5bb25264153f9f002eada41757118d25ba9",
"versionType": "git"
},
{
"lessThan": "f9b77a52937582a5b99a5a07e4ef1e2f48f87347",
"status": "affected",
"version": "fce9e5bb25264153f9f002eada41757118d25ba9",
"versionType": "git"
},
{
"lessThan": "68f28d52e6cbab8dcfa249cac4356d1d0573e868",
"status": "affected",
"version": "fce9e5bb25264153f9f002eada41757118d25ba9",
"versionType": "git"
},
{
"lessThan": "d23f76018e17618559da9eea179d137362023f95",
"status": "affected",
"version": "fce9e5bb25264153f9f002eada41757118d25ba9",
"versionType": "git"
},
{
"lessThan": "fc354856e9fad9cd36e2ad28f9da70716025055a",
"status": "affected",
"version": "fce9e5bb25264153f9f002eada41757118d25ba9",
"versionType": "git"
},
{
"lessThan": "c4c79525042a4a7df96b73477feaf232fe44ae81",
"status": "affected",
"version": "fce9e5bb25264153f9f002eada41757118d25ba9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-exynos/exynos.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.17"
},
{
"lessThan": "3.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.250",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.321",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.286",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.250",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.202",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: exynos: Fix refcount leak in exynos_map_pmu\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.\nof_node_put() checks null pointer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:11.018Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/545ae5cbae839ce39bfe09828e413f1c916082de"
},
{
"url": "https://git.kernel.org/stable/c/31d09571bb071c20f6bdc0bb7ac1ef8dd2987c04"
},
{
"url": "https://git.kernel.org/stable/c/7571bcecf01b69f0d3ec60ca41ce5d4c75411a4a"
},
{
"url": "https://git.kernel.org/stable/c/f9b77a52937582a5b99a5a07e4ef1e2f48f87347"
},
{
"url": "https://git.kernel.org/stable/c/68f28d52e6cbab8dcfa249cac4356d1d0573e868"
},
{
"url": "https://git.kernel.org/stable/c/d23f76018e17618559da9eea179d137362023f95"
},
{
"url": "https://git.kernel.org/stable/c/fc354856e9fad9cd36e2ad28f9da70716025055a"
},
{
"url": "https://git.kernel.org/stable/c/c4c79525042a4a7df96b73477feaf232fe44ae81"
}
],
"title": "ARM: exynos: Fix refcount leak in exynos_map_pmu",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49680",
"datePublished": "2025-02-26T02:24:09.762Z",
"dateReserved": "2025-02-26T02:21:30.439Z",
"dateUpdated": "2025-10-01T19:36:46.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49714 (GCVE-0-2022-49714)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 20:17
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
irqchip/realtek-rtl: Fix refcount leak in map_interrupts
of_find_node_by_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
This function doesn't call of_node_put() in error path.
Call of_node_put() directly after of_property_read_u32() to cover
both normal path and error path.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:08:40.370260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:05.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-realtek-rtl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e85b1b797de0e7a271b906291ce28245822820b8",
"status": "affected",
"version": "9f3a0f34b84ad1b9a8f2bdae44b66f16685b2143",
"versionType": "git"
},
{
"lessThan": "f6d6223df0666fbc054e3a8c6ac14eb0af37c286",
"status": "affected",
"version": "9f3a0f34b84ad1b9a8f2bdae44b66f16685b2143",
"versionType": "git"
},
{
"lessThan": "eff4780f83d0ae3e5b6c02ff5d999dc4c1c5c8ce",
"status": "affected",
"version": "9f3a0f34b84ad1b9a8f2bdae44b66f16685b2143",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-realtek-rtl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/realtek-rtl: Fix refcount leak in map_interrupts\n\nof_find_node_by_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nThis function doesn\u0027t call of_node_put() in error path.\nCall of_node_put() directly after of_property_read_u32() to cover\nboth normal path and error path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:55.303Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e85b1b797de0e7a271b906291ce28245822820b8"
},
{
"url": "https://git.kernel.org/stable/c/f6d6223df0666fbc054e3a8c6ac14eb0af37c286"
},
{
"url": "https://git.kernel.org/stable/c/eff4780f83d0ae3e5b6c02ff5d999dc4c1c5c8ce"
}
],
"title": "irqchip/realtek-rtl: Fix refcount leak in map_interrupts",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49714",
"datePublished": "2025-02-26T02:24:30.224Z",
"dateReserved": "2025-02-26T02:21:30.444Z",
"dateUpdated": "2025-10-01T20:17:05.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49713 (GCVE-0-2022-49713)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc2: Fix memory leak in dwc2_hcd_init
usb_create_hcd will alloc memory for hcd, and we should
call usb_put_hcd to free it when platform_get_resource()
fails to prevent memory leak.
goto error2 label instead error1 to fix this.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 4b7f4a0eb92bf37bea4cd838c7f83ea42823ca8b Version: a7182993dd8e09f96839ddc3ac54f9b37370d282 Version: 8b9c1c33e51d0959f2aec573dfbac0ffd3f5c0b7 Version: 2754fa3b73df7d0ae042f3ed6cfd9df9042f6262 Version: 856e6e8e0f9300befa87dde09edb578555c99a82 Version: 856e6e8e0f9300befa87dde09edb578555c99a82 Version: 856e6e8e0f9300befa87dde09edb578555c99a82 Version: 337f00a0bc62d7cb7d10ec0b872c79009a1641df |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:32:22.966404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:44.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc2/hcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "981ee40649e5fd9550f82db1fbb3bfab037da346",
"status": "affected",
"version": "4b7f4a0eb92bf37bea4cd838c7f83ea42823ca8b",
"versionType": "git"
},
{
"lessThan": "84e6d0af87e27bbc0db94f2e7323b34abe17b6e5",
"status": "affected",
"version": "a7182993dd8e09f96839ddc3ac54f9b37370d282",
"versionType": "git"
},
{
"lessThan": "6506aff2dc2f7059aa3d45ee2e8639b25e87090f",
"status": "affected",
"version": "8b9c1c33e51d0959f2aec573dfbac0ffd3f5c0b7",
"versionType": "git"
},
{
"lessThan": "a44a8a762f7fe9ad3c065813d058e835a6180cb2",
"status": "affected",
"version": "2754fa3b73df7d0ae042f3ed6cfd9df9042f6262",
"versionType": "git"
},
{
"lessThan": "701d8ec01e0f229d4db6f43d3d64ee479120cbeb",
"status": "affected",
"version": "856e6e8e0f9300befa87dde09edb578555c99a82",
"versionType": "git"
},
{
"lessThan": "52bfcedbfd5bf962dbdcb6e761f4d0dd3ba26dfd",
"status": "affected",
"version": "856e6e8e0f9300befa87dde09edb578555c99a82",
"versionType": "git"
},
{
"lessThan": "3755278f078460b021cd0384562977bf2039a57a",
"status": "affected",
"version": "856e6e8e0f9300befa87dde09edb578555c99a82",
"versionType": "git"
},
{
"status": "affected",
"version": "337f00a0bc62d7cb7d10ec0b872c79009a1641df",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc2/hcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.285",
"versionStartIncluding": "4.14.250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.249",
"versionStartIncluding": "4.19.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"versionStartIncluding": "5.4.152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "5.10.72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: Fix memory leak in dwc2_hcd_init\n\nusb_create_hcd will alloc memory for hcd, and we should\ncall usb_put_hcd to free it when platform_get_resource()\nfails to prevent memory leak.\ngoto error2 label instead error1 to fix this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:45:11.539Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/981ee40649e5fd9550f82db1fbb3bfab037da346"
},
{
"url": "https://git.kernel.org/stable/c/84e6d0af87e27bbc0db94f2e7323b34abe17b6e5"
},
{
"url": "https://git.kernel.org/stable/c/6506aff2dc2f7059aa3d45ee2e8639b25e87090f"
},
{
"url": "https://git.kernel.org/stable/c/a44a8a762f7fe9ad3c065813d058e835a6180cb2"
},
{
"url": "https://git.kernel.org/stable/c/701d8ec01e0f229d4db6f43d3d64ee479120cbeb"
},
{
"url": "https://git.kernel.org/stable/c/52bfcedbfd5bf962dbdcb6e761f4d0dd3ba26dfd"
},
{
"url": "https://git.kernel.org/stable/c/3755278f078460b021cd0384562977bf2039a57a"
}
],
"title": "usb: dwc2: Fix memory leak in dwc2_hcd_init",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49713",
"datePublished": "2025-02-26T02:24:29.566Z",
"dateReserved": "2025-02-26T02:21:30.444Z",
"dateUpdated": "2025-10-01T19:36:44.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47653 (GCVE-0-2021-47653)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 07:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: davinci: vpif: fix use-after-free on driver unbind
The driver allocates and registers two platform device structures during
probe, but the devices were never deregistered on driver unbind.
This results in a use-after-free on driver unbind as the device
structures were allocated using devres and would be freed by driver
core when remove() returns.
Fix this by adding the missing deregistration calls to the remove()
callback and failing probe on registration errors.
Note that the platform device structures must be freed using a proper
release callback to avoid leaking associated resources like device
names.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:17:48.500799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:35.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/davinci/vpif.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6512c3c39cb6b573b791ce45365818a38b76afbe",
"status": "affected",
"version": "479f7a1181058689435baddc16a6a42e1a8ff0e8",
"versionType": "git"
},
{
"lessThan": "b5a3bb7f6f164eb6ee74ef4898dcd019b2063448",
"status": "affected",
"version": "479f7a1181058689435baddc16a6a42e1a8ff0e8",
"versionType": "git"
},
{
"lessThan": "9ffc602e14d7b9f7e7cb2f67e18dfef9ef8af676",
"status": "affected",
"version": "479f7a1181058689435baddc16a6a42e1a8ff0e8",
"versionType": "git"
},
{
"lessThan": "43acb728bbc40169d2e2425e84a80068270974be",
"status": "affected",
"version": "479f7a1181058689435baddc16a6a42e1a8ff0e8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/davinci/vpif.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: davinci: vpif: fix use-after-free on driver unbind\n\nThe driver allocates and registers two platform device structures during\nprobe, but the devices were never deregistered on driver unbind.\n\nThis results in a use-after-free on driver unbind as the device\nstructures were allocated using devres and would be freed by driver\ncore when remove() returns.\n\nFix this by adding the missing deregistration calls to the remove()\ncallback and failing probe on registration errors.\n\nNote that the platform device structures must be freed using a proper\nrelease callback to avoid leaking associated resources like device\nnames."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:34.891Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6512c3c39cb6b573b791ce45365818a38b76afbe"
},
{
"url": "https://git.kernel.org/stable/c/b5a3bb7f6f164eb6ee74ef4898dcd019b2063448"
},
{
"url": "https://git.kernel.org/stable/c/9ffc602e14d7b9f7e7cb2f67e18dfef9ef8af676"
},
{
"url": "https://git.kernel.org/stable/c/43acb728bbc40169d2e2425e84a80068270974be"
}
],
"title": "media: davinci: vpif: fix use-after-free on driver unbind",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47653",
"datePublished": "2025-02-26T01:54:18.596Z",
"dateReserved": "2025-02-26T01:48:21.520Z",
"dateUpdated": "2025-05-04T07:15:34.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49564 (GCVE-0-2022-49564)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - add param check for DH
Reject requests with a source buffer that is bigger than the size of the
key. This is to prevent a possible integer underflow that might happen
when copying the source scatterlist into a linear buffer.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:37:06.730762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:38.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/qat/qat_common/qat_asym_algs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e7f979ed51f96495328157df663c835b17db1e30",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "76c9216833e7c20a67c987cf89719a3f01666aaa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2acbb8771f6ac82422886e63832ee7a0f4b1635b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/qat/qat_common/qat_asym_algs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - add param check for DH\n\nReject requests with a source buffer that is bigger than the size of the\nkey. This is to prevent a possible integer underflow that might happen\nwhen copying the source scatterlist into a linear buffer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:44.269Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e7f979ed51f96495328157df663c835b17db1e30"
},
{
"url": "https://git.kernel.org/stable/c/76c9216833e7c20a67c987cf89719a3f01666aaa"
},
{
"url": "https://git.kernel.org/stable/c/2acbb8771f6ac82422886e63832ee7a0f4b1635b"
}
],
"title": "crypto: qat - add param check for DH",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49564",
"datePublished": "2025-02-26T02:23:10.733Z",
"dateReserved": "2025-02-26T02:21:30.410Z",
"dateUpdated": "2025-10-01T19:46:38.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49273 (GCVE-0-2022-49273)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rtc: pl031: fix rtc features null pointer dereference
When there is no interrupt line, rtc alarm feature is disabled.
The clearing of the alarm feature bit was being done prior to allocations
of ldata->rtc device, resulting in a null pointer dereference.
Clear RTC_FEATURE_ALARM after the rtc device is allocated.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:45:38.229436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:02.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/rtc/rtc-pl031.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cd2722e411e8ab7e5ae41102f6925fa13dffdac5",
"status": "affected",
"version": "d9b0dd54a1943f47a381a474f8ea2c94466110c0",
"versionType": "git"
},
{
"lessThan": "d274ce4a3dfd0b9a292667535578359b865765cb",
"status": "affected",
"version": "d9b0dd54a1943f47a381a474f8ea2c94466110c0",
"versionType": "git"
},
{
"lessThan": "1b915703964f7e636961df04c540261dc55c6c70",
"status": "affected",
"version": "d9b0dd54a1943f47a381a474f8ea2c94466110c0",
"versionType": "git"
},
{
"lessThan": "ea6af39f3da50c86367a71eb3cc674ade3ed244c",
"status": "affected",
"version": "d9b0dd54a1943f47a381a474f8ea2c94466110c0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/rtc/rtc-pl031.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pl031: fix rtc features null pointer dereference\n\nWhen there is no interrupt line, rtc alarm feature is disabled.\n\nThe clearing of the alarm feature bit was being done prior to allocations\nof ldata-\u003ertc device, resulting in a null pointer dereference.\n\nClear RTC_FEATURE_ALARM after the rtc device is allocated."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:55.937Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cd2722e411e8ab7e5ae41102f6925fa13dffdac5"
},
{
"url": "https://git.kernel.org/stable/c/d274ce4a3dfd0b9a292667535578359b865765cb"
},
{
"url": "https://git.kernel.org/stable/c/1b915703964f7e636961df04c540261dc55c6c70"
},
{
"url": "https://git.kernel.org/stable/c/ea6af39f3da50c86367a71eb3cc674ade3ed244c"
}
],
"title": "rtc: pl031: fix rtc features null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49273",
"datePublished": "2025-02-26T01:56:19.110Z",
"dateReserved": "2025-02-26T01:49:39.297Z",
"dateUpdated": "2025-10-01T19:47:02.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49646 (GCVE-0-2022-49646)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-06-19 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix queue selection for mesh/OCB interfaces
When using iTXQ, the code assumes that there is only one vif queue for
broadcast packets, using the BE queue. Allowing non-BE queue marking
violates that assumption and txq->ac == skb_queue_mapping is no longer
guaranteed. This can cause issues with queue handling in the driver and
also causes issues with the recent ATF change, resulting in an AQL
underflow warning.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/wme.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "444be5a02b77f3b7a8ac9c1a0b074fbb3bd89cd0",
"status": "affected",
"version": "1974da8b31e6ea9c96c21505ffcb546fa59add23",
"versionType": "git"
},
{
"lessThan": "e013ea2a51a94b903b396a8dff531a07d470335d",
"status": "affected",
"version": "1974da8b31e6ea9c96c21505ffcb546fa59add23",
"versionType": "git"
},
{
"lessThan": "5a9df31017999197b6e60535940f2f2fe1bd3b0d",
"status": "affected",
"version": "1974da8b31e6ea9c96c21505ffcb546fa59add23",
"versionType": "git"
},
{
"lessThan": "41ecab279a70dced9005f4d55fa0fcde8938603f",
"status": "affected",
"version": "1974da8b31e6ea9c96c21505ffcb546fa59add23",
"versionType": "git"
},
{
"lessThan": "50e2ab39291947b6c6c7025cf01707c270fcde59",
"status": "affected",
"version": "1974da8b31e6ea9c96c21505ffcb546fa59add23",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/wme.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix queue selection for mesh/OCB interfaces\n\nWhen using iTXQ, the code assumes that there is only one vif queue for\nbroadcast packets, using the BE queue. Allowing non-BE queue marking\nviolates that assumption and txq-\u003eac == skb_queue_mapping is no longer\nguaranteed. This can cause issues with queue handling in the driver and\nalso causes issues with the recent ATF change, resulting in an AQL\nunderflow warning."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:56:22.868Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/444be5a02b77f3b7a8ac9c1a0b074fbb3bd89cd0"
},
{
"url": "https://git.kernel.org/stable/c/e013ea2a51a94b903b396a8dff531a07d470335d"
},
{
"url": "https://git.kernel.org/stable/c/5a9df31017999197b6e60535940f2f2fe1bd3b0d"
},
{
"url": "https://git.kernel.org/stable/c/41ecab279a70dced9005f4d55fa0fcde8938603f"
},
{
"url": "https://git.kernel.org/stable/c/50e2ab39291947b6c6c7025cf01707c270fcde59"
}
],
"title": "wifi: mac80211: fix queue selection for mesh/OCB interfaces",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49646",
"datePublished": "2025-02-26T02:23:51.083Z",
"dateReserved": "2025-02-26T02:21:30.432Z",
"dateUpdated": "2025-06-19T12:56:22.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49421 (GCVE-0-2022-49421)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
of_parse_phandle() returns a node pointer with refcount incremented, we should
use of_node_put() on it when not need anymore. Add missing of_node_put() to
avoid refcount leak.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d10715be03bd8bad59ddc50236cb140c3bd73c7b Version: d10715be03bd8bad59ddc50236cb140c3bd73c7b Version: d10715be03bd8bad59ddc50236cb140c3bd73c7b Version: d10715be03bd8bad59ddc50236cb140c3bd73c7b Version: d10715be03bd8bad59ddc50236cb140c3bd73c7b Version: d10715be03bd8bad59ddc50236cb140c3bd73c7b Version: d10715be03bd8bad59ddc50236cb140c3bd73c7b Version: d10715be03bd8bad59ddc50236cb140c3bd73c7b Version: d10715be03bd8bad59ddc50236cb140c3bd73c7b |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/amba-clcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6c92711db7c90f78e0b67ac2a8944d0fe7e12d83",
"status": "affected",
"version": "d10715be03bd8bad59ddc50236cb140c3bd73c7b",
"versionType": "git"
},
{
"lessThan": "2e2e2c71b2642289438392edbf5d08cdbc0b138b",
"status": "affected",
"version": "d10715be03bd8bad59ddc50236cb140c3bd73c7b",
"versionType": "git"
},
{
"lessThan": "51eb1bb6baeb478538dd4ec6459fd68c44a855b1",
"status": "affected",
"version": "d10715be03bd8bad59ddc50236cb140c3bd73c7b",
"versionType": "git"
},
{
"lessThan": "8db59df7f5826e104db82cfddbf22a33a151193e",
"status": "affected",
"version": "d10715be03bd8bad59ddc50236cb140c3bd73c7b",
"versionType": "git"
},
{
"lessThan": "c1c4405222b6fc98c16e8c2aa679c14e41d81465",
"status": "affected",
"version": "d10715be03bd8bad59ddc50236cb140c3bd73c7b",
"versionType": "git"
},
{
"lessThan": "f2dfb4ab887d67be7d0892ba041d3c8d738d3356",
"status": "affected",
"version": "d10715be03bd8bad59ddc50236cb140c3bd73c7b",
"versionType": "git"
},
{
"lessThan": "bbb2a24e863b6a10129546a0a4ceea2f07deec39",
"status": "affected",
"version": "d10715be03bd8bad59ddc50236cb140c3bd73c7b",
"versionType": "git"
},
{
"lessThan": "38d245cebf545338a6bc1c7762023de3fbecd7b7",
"status": "affected",
"version": "d10715be03bd8bad59ddc50236cb140c3bd73c7b",
"versionType": "git"
},
{
"lessThan": "b23789a59fa6f00e98a319291819f91fbba0deb8",
"status": "affected",
"version": "d10715be03bd8bad59ddc50236cb140c3bd73c7b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/amba-clcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.17"
},
{
"lessThan": "3.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup\n\nof_parse_phandle() returns a node pointer with refcount incremented, we should\nuse of_node_put() on it when not need anymore. Add missing of_node_put() to\navoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:19.074Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6c92711db7c90f78e0b67ac2a8944d0fe7e12d83"
},
{
"url": "https://git.kernel.org/stable/c/2e2e2c71b2642289438392edbf5d08cdbc0b138b"
},
{
"url": "https://git.kernel.org/stable/c/51eb1bb6baeb478538dd4ec6459fd68c44a855b1"
},
{
"url": "https://git.kernel.org/stable/c/8db59df7f5826e104db82cfddbf22a33a151193e"
},
{
"url": "https://git.kernel.org/stable/c/c1c4405222b6fc98c16e8c2aa679c14e41d81465"
},
{
"url": "https://git.kernel.org/stable/c/f2dfb4ab887d67be7d0892ba041d3c8d738d3356"
},
{
"url": "https://git.kernel.org/stable/c/bbb2a24e863b6a10129546a0a4ceea2f07deec39"
},
{
"url": "https://git.kernel.org/stable/c/38d245cebf545338a6bc1c7762023de3fbecd7b7"
},
{
"url": "https://git.kernel.org/stable/c/b23789a59fa6f00e98a319291819f91fbba0deb8"
}
],
"title": "video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49421",
"datePublished": "2025-02-26T02:12:44.790Z",
"dateReserved": "2025-02-26T02:08:31.568Z",
"dateUpdated": "2025-05-04T08:37:19.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49733 (GCVE-0-2022-49733)
Vulnerability from cvelistv5
Published
2025-03-02 14:30
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
There is a small race window at snd_pcm_oss_sync() that is called from
OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls
snd_pcm_oss_make_ready() at first, then takes the params_lock mutex
for the rest. When the stream is set up again by another thread
between them, it leads to inconsistency, and may result in unexpected
results such as NULL dereference of OSS buffer as a fuzzer spotted
recently.
The fix is simply to cover snd_pcm_oss_make_ready() call into the same
params_lock mutex with snd_pcm_oss_make_ready_locked() variant.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:28:32.574856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:38.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/core/oss/pcm_oss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4051324a6dafd7053c74c475e80b3ba10ae672b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fce793a056c604b41a298317cf704dae255f1b36",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8015ef9e8a0ee5cecfd0cb6805834d007ab26f86",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "723ac5ab2891b6c10dd6cc78ef5456af593490eb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8423f0b6d513b259fdab9c9bf4aaa6188d054c2d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/core/oss/pcm_oss.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC\n\nThere is a small race window at snd_pcm_oss_sync() that is called from\nOSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls\nsnd_pcm_oss_make_ready() at first, then takes the params_lock mutex\nfor the rest. When the stream is set up again by another thread\nbetween them, it leads to inconsistency, and may result in unexpected\nresults such as NULL dereference of OSS buffer as a fuzzer spotted\nrecently.\n\nThe fix is simply to cover snd_pcm_oss_make_ready() call into the same\nparams_lock mutex with snd_pcm_oss_make_ready_locked() variant."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:44:18.298Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4051324a6dafd7053c74c475e80b3ba10ae672b0"
},
{
"url": "https://git.kernel.org/stable/c/fce793a056c604b41a298317cf704dae255f1b36"
},
{
"url": "https://git.kernel.org/stable/c/8015ef9e8a0ee5cecfd0cb6805834d007ab26f86"
},
{
"url": "https://git.kernel.org/stable/c/723ac5ab2891b6c10dd6cc78ef5456af593490eb"
},
{
"url": "https://git.kernel.org/stable/c/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d"
}
],
"title": "ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49733",
"datePublished": "2025-03-02T14:30:02.838Z",
"dateReserved": "2025-02-26T02:21:30.449Z",
"dateUpdated": "2025-10-01T19:36:38.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49278 (GCVE-0-2022-49278)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: Fix count check in rproc_coredump_write()
Check count for 0, to avoid a potential underflow. Make the check the
same as the one in rproc_recovery_write().
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/remoteproc/remoteproc_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b97b305656a7013690e7b6e310f0e827e0bbff90",
"status": "affected",
"version": "3afdc59e4390487f04f2435b7e8a6289984e0a1e",
"versionType": "git"
},
{
"lessThan": "34afac3c75fa08d6fabbab4c93f0a90618afaaa6",
"status": "affected",
"version": "3afdc59e4390487f04f2435b7e8a6289984e0a1e",
"versionType": "git"
},
{
"lessThan": "a8c3e53517985d69040a1b36a269e85f99cf0cea",
"status": "affected",
"version": "3afdc59e4390487f04f2435b7e8a6289984e0a1e",
"versionType": "git"
},
{
"lessThan": "11572dad9fbadbd9269a2550f7e236b5b8c2d80c",
"status": "affected",
"version": "3afdc59e4390487f04f2435b7e8a6289984e0a1e",
"versionType": "git"
},
{
"lessThan": "f89672cc3681952f2d06314981a6b45f8b0045d1",
"status": "affected",
"version": "3afdc59e4390487f04f2435b7e8a6289984e0a1e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/remoteproc/remoteproc_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: Fix count check in rproc_coredump_write()\n\nCheck count for 0, to avoid a potential underflow. Make the check the\nsame as the one in rproc_recovery_write()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:02.129Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b97b305656a7013690e7b6e310f0e827e0bbff90"
},
{
"url": "https://git.kernel.org/stable/c/34afac3c75fa08d6fabbab4c93f0a90618afaaa6"
},
{
"url": "https://git.kernel.org/stable/c/a8c3e53517985d69040a1b36a269e85f99cf0cea"
},
{
"url": "https://git.kernel.org/stable/c/11572dad9fbadbd9269a2550f7e236b5b8c2d80c"
},
{
"url": "https://git.kernel.org/stable/c/f89672cc3681952f2d06314981a6b45f8b0045d1"
}
],
"title": "remoteproc: Fix count check in rproc_coredump_write()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49278",
"datePublished": "2025-02-26T01:56:21.546Z",
"dateReserved": "2025-02-26T01:49:39.298Z",
"dateUpdated": "2025-05-04T08:34:02.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49486 (GCVE-0-2022-49486)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
of_find_i2c_device_by_node() takes a reference,
In error paths, we should call put_device() to drop
the reference to aviod refount leak.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 81e8e4926167ab32593bbb915b45a42024ca1020 Version: 81e8e4926167ab32593bbb915b45a42024ca1020 Version: 81e8e4926167ab32593bbb915b45a42024ca1020 Version: 81e8e4926167ab32593bbb915b45a42024ca1020 Version: 81e8e4926167ab32593bbb915b45a42024ca1020 Version: 81e8e4926167ab32593bbb915b45a42024ca1020 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:06.570417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:44.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/fsl/imx-sgtl5000.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "96fc3da6184af5687e153d420cd7dcdeefdd2f9a",
"status": "affected",
"version": "81e8e4926167ab32593bbb915b45a42024ca1020",
"versionType": "git"
},
{
"lessThan": "e84aaf23ca82753d765bf84d05295d9d9c5fed29",
"status": "affected",
"version": "81e8e4926167ab32593bbb915b45a42024ca1020",
"versionType": "git"
},
{
"lessThan": "922bccdb1796a9e7b989f2bc6d9ada7b499a4329",
"status": "affected",
"version": "81e8e4926167ab32593bbb915b45a42024ca1020",
"versionType": "git"
},
{
"lessThan": "4bfbbfdb3d761323127a67d7d765abe2f77d7b21",
"status": "affected",
"version": "81e8e4926167ab32593bbb915b45a42024ca1020",
"versionType": "git"
},
{
"lessThan": "7f75e9f629ef54a0845b43889d8ab9dd6e280dd5",
"status": "affected",
"version": "81e8e4926167ab32593bbb915b45a42024ca1020",
"versionType": "git"
},
{
"lessThan": "41cd312dfe980af869c3503b4d38e62ed20dd3b7",
"status": "affected",
"version": "81e8e4926167ab32593bbb915b45a42024ca1020",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/fsl/imx-sgtl5000.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.5"
},
{
"lessThan": "3.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl: Fix refcount leak in imx_sgtl5000_probe\n\nof_find_i2c_device_by_node() takes a reference,\nIn error paths, we should call put_device() to drop\nthe reference to aviod refount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:56.408Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/96fc3da6184af5687e153d420cd7dcdeefdd2f9a"
},
{
"url": "https://git.kernel.org/stable/c/e84aaf23ca82753d765bf84d05295d9d9c5fed29"
},
{
"url": "https://git.kernel.org/stable/c/922bccdb1796a9e7b989f2bc6d9ada7b499a4329"
},
{
"url": "https://git.kernel.org/stable/c/4bfbbfdb3d761323127a67d7d765abe2f77d7b21"
},
{
"url": "https://git.kernel.org/stable/c/7f75e9f629ef54a0845b43889d8ab9dd6e280dd5"
},
{
"url": "https://git.kernel.org/stable/c/41cd312dfe980af869c3503b4d38e62ed20dd3b7"
}
],
"title": "ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49486",
"datePublished": "2025-02-26T02:13:24.815Z",
"dateReserved": "2025-02-26T02:08:31.582Z",
"dateUpdated": "2025-10-01T19:46:44.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49493 (GCVE-0-2022-49493)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-09-03 16:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: rt5645: Fix errorenous cleanup order
There is a logic error when removing rt5645 device as the function
rt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and
delete the &rt5645->btn_check_timer latter. However, since the timer
handler rt5645_btn_check_callback() will re-queue the jack_detect_work,
this cleanup order is buggy.
That is, once the del_timer_sync in rt5645_i2c_remove is concurrently
run with the rt5645_btn_check_callback, the canceled jack_detect_work
will be rescheduled again, leading to possible use-after-free.
This patch fix the issue by placing the del_timer_sync function before
the cancel_delayed_work_sync.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5 Version: a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5 Version: a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5 Version: a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5 Version: a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5 Version: a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5 Version: a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5 Version: a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:15:46.025138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:32.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/rt5645.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "236d29c5857f02e0a53fdf15d3dce1536c4322ce",
"status": "affected",
"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5",
"versionType": "git"
},
{
"lessThan": "0941150100173d4eaf3fe08ff4b16740e7c3026f",
"status": "affected",
"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5",
"versionType": "git"
},
{
"lessThan": "abe7554da62cb489712a54de69ef5665c250e564",
"status": "affected",
"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5",
"versionType": "git"
},
{
"lessThan": "1a5a3dfd9f172dcb115072f0aea5e27d3083c20e",
"status": "affected",
"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5",
"versionType": "git"
},
{
"lessThan": "061a6159cea583f1155f67d1915917a6b9282662",
"status": "affected",
"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5",
"versionType": "git"
},
{
"lessThan": "88c09e4812d72c3153afc8e5a45ecac2d0eae3ff",
"status": "affected",
"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5",
"versionType": "git"
},
{
"lessThan": "453f0920ffc1a28e28ddb9c3cd5562472b2895b0",
"status": "affected",
"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5",
"versionType": "git"
},
{
"lessThan": "2def44d3aec59e38d2701c568d65540783f90f2f",
"status": "affected",
"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/rt5645.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt5645: Fix errorenous cleanup order\n\nThere is a logic error when removing rt5645 device as the function\nrt5645_i2c_remove() first cancel the \u0026rt5645-\u003ejack_detect_work and\ndelete the \u0026rt5645-\u003ebtn_check_timer latter. However, since the timer\nhandler rt5645_btn_check_callback() will re-queue the jack_detect_work,\nthis cleanup order is buggy.\n\nThat is, once the del_timer_sync in rt5645_i2c_remove is concurrently\nrun with the rt5645_btn_check_callback, the canceled jack_detect_work\nwill be rescheduled again, leading to possible use-after-free.\n\nThis patch fix the issue by placing the del_timer_sync function before\nthe cancel_delayed_work_sync."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T16:35:17.372Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/236d29c5857f02e0a53fdf15d3dce1536c4322ce"
},
{
"url": "https://git.kernel.org/stable/c/0941150100173d4eaf3fe08ff4b16740e7c3026f"
},
{
"url": "https://git.kernel.org/stable/c/abe7554da62cb489712a54de69ef5665c250e564"
},
{
"url": "https://git.kernel.org/stable/c/1a5a3dfd9f172dcb115072f0aea5e27d3083c20e"
},
{
"url": "https://git.kernel.org/stable/c/061a6159cea583f1155f67d1915917a6b9282662"
},
{
"url": "https://git.kernel.org/stable/c/88c09e4812d72c3153afc8e5a45ecac2d0eae3ff"
},
{
"url": "https://git.kernel.org/stable/c/453f0920ffc1a28e28ddb9c3cd5562472b2895b0"
},
{
"url": "https://git.kernel.org/stable/c/2def44d3aec59e38d2701c568d65540783f90f2f"
}
],
"title": "ASoC: rt5645: Fix errorenous cleanup order",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49493",
"datePublished": "2025-02-26T02:13:29.518Z",
"dateReserved": "2025-02-26T02:08:31.585Z",
"dateUpdated": "2025-09-03T16:35:17.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49549 (GCVE-0-2022-49549)
Vulnerability from cvelistv5
Published
2025-02-26 02:14
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails
In mce_threshold_create_device(), if threshold_create_bank() fails, the
previously allocated threshold banks array @bp will be leaked because
the call to mce_threshold_remove_device() will not free it.
This happens because mce_threshold_remove_device() fetches the pointer
through the threshold_banks per-CPU variable but bp is written there
only after the bank creation is successful, and not before, when
threshold_create_bank() fails.
Add a helper which unwinds all the bank creation work previously done
and pass into it the previously allocated threshold banks array for
freeing.
[ bp: Massage. ]
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:37:22.894160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:39.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/cpu/mce/amd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b4acb8e7f1594607bc9017ef0aacb40b24a003d6",
"status": "affected",
"version": "6458de97fc15530b54477c4e2b70af653e8ac3d9",
"versionType": "git"
},
{
"lessThan": "cc0dd4456f9573bf8af9b4d8754433918e809e1e",
"status": "affected",
"version": "6458de97fc15530b54477c4e2b70af653e8ac3d9",
"versionType": "git"
},
{
"lessThan": "9708f1956eeb70c86943e0bc62fa3b0101b59616",
"status": "affected",
"version": "6458de97fc15530b54477c4e2b70af653e8ac3d9",
"versionType": "git"
},
{
"lessThan": "396b8e7ab2a99ddac57d3522b3da5e58cb608d37",
"status": "affected",
"version": "6458de97fc15530b54477c4e2b70af653e8ac3d9",
"versionType": "git"
},
{
"lessThan": "e5f28623ceb103e13fc3d7bd45edf9818b227fd0",
"status": "affected",
"version": "6458de97fc15530b54477c4e2b70af653e8ac3d9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/cpu/mce/amd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/MCE/AMD: Fix memory leak when threshold_create_bank() fails\n\nIn mce_threshold_create_device(), if threshold_create_bank() fails, the\npreviously allocated threshold banks array @bp will be leaked because\nthe call to mce_threshold_remove_device() will not free it.\n\nThis happens because mce_threshold_remove_device() fetches the pointer\nthrough the threshold_banks per-CPU variable but bp is written there\nonly after the bank creation is successful, and not before, when\nthreshold_create_bank() fails.\n\nAdd a helper which unwinds all the bank creation work previously done\nand pass into it the previously allocated threshold banks array for\nfreeing.\n\n [ bp: Massage. ]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:19.654Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b4acb8e7f1594607bc9017ef0aacb40b24a003d6"
},
{
"url": "https://git.kernel.org/stable/c/cc0dd4456f9573bf8af9b4d8754433918e809e1e"
},
{
"url": "https://git.kernel.org/stable/c/9708f1956eeb70c86943e0bc62fa3b0101b59616"
},
{
"url": "https://git.kernel.org/stable/c/396b8e7ab2a99ddac57d3522b3da5e58cb608d37"
},
{
"url": "https://git.kernel.org/stable/c/e5f28623ceb103e13fc3d7bd45edf9818b227fd0"
}
],
"title": "x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49549",
"datePublished": "2025-02-26T02:14:00.256Z",
"dateReserved": "2025-02-26T02:08:31.590Z",
"dateUpdated": "2025-10-01T19:46:39.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49335 (GCVE-0-2022-49335)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
Submitting a cs with 0 chunks, causes an oops later, found trying
to execute the wrong userspace driver.
MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo
[172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8
[172536.665188] #PF: supervisor read access in kernel mode
[172536.665189] #PF: error_code(0x0000) - not-present page
[172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0
[172536.665195] Oops: 0000 [#1] SMP NOPTI
[172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P O 5.10.81 #1-NixOS
[172536.665199] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015
[172536.665272] RIP: 0010:amdgpu_cs_ioctl+0x96/0x1ce0 [amdgpu]
[172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 68 49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 <48> 83 ba d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10
[172536.665276] RSP: 0018:ffffb47c0e81bbe0 EFLAGS: 00010246
[172536.665277] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[172536.665278] RDX: 0000000000000000 RSI: ffffb47c0e81be28 RDI: ffffb47c0e81bd68
[172536.665279] RBP: ffff936524080010 R08: 0000000000000000 R09: ffffb47c0e81be38
[172536.665281] R10: ffff936524080010 R11: ffff936524080000 R12: ffffb47c0e81bc40
[172536.665282] R13: ffffb47c0e81be28 R14: ffff9367bc410000 R15: ffffb47c0e81be28
[172536.665283] FS: 00007fe35e05d740(0000) GS:ffff936c1edc0000(0000) knlGS:0000000000000000
[172536.665284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[172536.665286] CR2: 00000000000001d8 CR3: 0000000532e46000 CR4: 00000000000406e0
[172536.665287] Call Trace:
[172536.665322] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
[172536.665332] drm_ioctl_kernel+0xaa/0xf0 [drm]
[172536.665338] drm_ioctl+0x201/0x3b0 [drm]
[172536.665369] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
[172536.665372] ? selinux_file_ioctl+0x135/0x230
[172536.665399] amdgpu_drm_ioctl+0x49/0x80 [amdgpu]
[172536.665403] __x64_sys_ioctl+0x83/0xb0
[172536.665406] do_syscall_64+0x33/0x40
[172536.665409] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 Version: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:43:07.709316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:55.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8189f44270db1be78169e11eec51a3eeb980bc63",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "aa25acbe96692e4bf8482311c293f72d8c6034c0",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "15c3bcc9b5349d40207e5f8d4d799b8b4b7d13b8",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "c12984cdb077b9042d2dc20ca18cb16a87bcc774",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "be585921f29df5422a39c952d188b418ad48ffab",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "70276460e914d560e96bfc208695a872fe9469c9",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "20b947e5a3c74c5084d661c097517a554989d462",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "7086a23890d255bb5761604e39174b20d06231a4",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "31ab27b14daaa75541a415c6794d6f3567fea44a",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/cs: make commands with 0 chunks illegal behaviour.\n\nSubmitting a cs with 0 chunks, causes an oops later, found trying\nto execute the wrong userspace driver.\n\nMESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo\n\n[172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8\n[172536.665188] #PF: supervisor read access in kernel mode\n[172536.665189] #PF: error_code(0x0000) - not-present page\n[172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0\n[172536.665195] Oops: 0000 [#1] SMP NOPTI\n[172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P O 5.10.81 #1-NixOS\n[172536.665199] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015\n[172536.665272] RIP: 0010:amdgpu_cs_ioctl+0x96/0x1ce0 [amdgpu]\n[172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 68 49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 \u003c48\u003e 83 ba d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10\n[172536.665276] RSP: 0018:ffffb47c0e81bbe0 EFLAGS: 00010246\n[172536.665277] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[172536.665278] RDX: 0000000000000000 RSI: ffffb47c0e81be28 RDI: ffffb47c0e81bd68\n[172536.665279] RBP: ffff936524080010 R08: 0000000000000000 R09: ffffb47c0e81be38\n[172536.665281] R10: ffff936524080010 R11: ffff936524080000 R12: ffffb47c0e81bc40\n[172536.665282] R13: ffffb47c0e81be28 R14: ffff9367bc410000 R15: ffffb47c0e81be28\n[172536.665283] FS: 00007fe35e05d740(0000) GS:ffff936c1edc0000(0000) knlGS:0000000000000000\n[172536.665284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[172536.665286] CR2: 00000000000001d8 CR3: 0000000532e46000 CR4: 00000000000406e0\n[172536.665287] Call Trace:\n[172536.665322] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]\n[172536.665332] drm_ioctl_kernel+0xaa/0xf0 [drm]\n[172536.665338] drm_ioctl+0x201/0x3b0 [drm]\n[172536.665369] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]\n[172536.665372] ? selinux_file_ioctl+0x135/0x230\n[172536.665399] amdgpu_drm_ioctl+0x49/0x80 [amdgpu]\n[172536.665403] __x64_sys_ioctl+0x83/0xb0\n[172536.665406] do_syscall_64+0x33/0x40\n[172536.665409] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nBug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018"
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:01:59.183Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8189f44270db1be78169e11eec51a3eeb980bc63"
},
{
"url": "https://git.kernel.org/stable/c/aa25acbe96692e4bf8482311c293f72d8c6034c0"
},
{
"url": "https://git.kernel.org/stable/c/15c3bcc9b5349d40207e5f8d4d799b8b4b7d13b8"
},
{
"url": "https://git.kernel.org/stable/c/c12984cdb077b9042d2dc20ca18cb16a87bcc774"
},
{
"url": "https://git.kernel.org/stable/c/be585921f29df5422a39c952d188b418ad48ffab"
},
{
"url": "https://git.kernel.org/stable/c/70276460e914d560e96bfc208695a872fe9469c9"
},
{
"url": "https://git.kernel.org/stable/c/20b947e5a3c74c5084d661c097517a554989d462"
},
{
"url": "https://git.kernel.org/stable/c/7086a23890d255bb5761604e39174b20d06231a4"
},
{
"url": "https://git.kernel.org/stable/c/31ab27b14daaa75541a415c6794d6f3567fea44a"
}
],
"title": "drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49335",
"datePublished": "2025-02-26T02:10:54.763Z",
"dateReserved": "2025-02-26T02:08:31.539Z",
"dateUpdated": "2025-10-01T19:46:55.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49304 (GCVE-0-2022-49304)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
There is a deadlock in sa1100_set_termios(), which is shown
below:
(Thread 1) | (Thread 2)
| sa1100_enable_ms()
sa1100_set_termios() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | sa1100_timeout()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold sport->port.lock in position (1) of thread 1 and
use del_timer_sync() to wait timer to stop, but timer handler
also need sport->port.lock in position (2) of thread 2. As a result,
sa1100_set_termios() will block forever.
This patch moves del_timer_sync() before spin_lock_irqsave()
in order to prevent the deadlock.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:33.088615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:58.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/sa1100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0976808d0d171ec837d4bd3e9f4ad4a00ab703b8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "85e20f8bd31a46d8c60103d0274a8ebe8f47f2b2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "920f0ae7a129ffee98a106e3bbdfd61a2a59e939",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "09a5958a2452ad22d0cb638711ef34ea1863a829",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e2273eefab54a521d9c59efb6e1114e742bdf41",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2cbfc38df580bff5b2fe19f21c1a7520efcc4b3b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "553213432ef0c295becdc08c0207d2094468f673",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "34d91e555e5582cffdbcbb75517bc9217866823e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "62b2caef400c1738b6d22f636c628d9f85cd4c4c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/serial/sa1100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: tty: serial: Fix deadlock in sa1100_set_termios()\n\nThere is a deadlock in sa1100_set_termios(), which is shown\nbelow:\n\n (Thread 1) | (Thread 2)\n | sa1100_enable_ms()\nsa1100_set_termios() | mod_timer()\n spin_lock_irqsave() //(1) | (wait a time)\n ... | sa1100_timeout()\n del_timer_sync() | spin_lock_irqsave() //(2)\n (wait timer to stop) | ...\n\nWe hold sport-\u003eport.lock in position (1) of thread 1 and\nuse del_timer_sync() to wait timer to stop, but timer handler\nalso need sport-\u003eport.lock in position (2) of thread 2. As a result,\nsa1100_set_termios() will block forever.\n\nThis patch moves del_timer_sync() before spin_lock_irqsave()\nin order to prevent the deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:42.892Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0976808d0d171ec837d4bd3e9f4ad4a00ab703b8"
},
{
"url": "https://git.kernel.org/stable/c/85e20f8bd31a46d8c60103d0274a8ebe8f47f2b2"
},
{
"url": "https://git.kernel.org/stable/c/920f0ae7a129ffee98a106e3bbdfd61a2a59e939"
},
{
"url": "https://git.kernel.org/stable/c/09a5958a2452ad22d0cb638711ef34ea1863a829"
},
{
"url": "https://git.kernel.org/stable/c/6e2273eefab54a521d9c59efb6e1114e742bdf41"
},
{
"url": "https://git.kernel.org/stable/c/2cbfc38df580bff5b2fe19f21c1a7520efcc4b3b"
},
{
"url": "https://git.kernel.org/stable/c/553213432ef0c295becdc08c0207d2094468f673"
},
{
"url": "https://git.kernel.org/stable/c/34d91e555e5582cffdbcbb75517bc9217866823e"
},
{
"url": "https://git.kernel.org/stable/c/62b2caef400c1738b6d22f636c628d9f85cd4c4c"
}
],
"title": "drivers: tty: serial: Fix deadlock in sa1100_set_termios()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49304",
"datePublished": "2025-02-26T02:10:37.726Z",
"dateReserved": "2025-02-26T02:08:31.535Z",
"dateUpdated": "2025-10-01T19:46:58.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49132 (GCVE-0-2022-49132)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ath11k: pci: fix crash on suspend if board file is not found
Mario reported that the kernel was crashing on suspend if ath11k was not able
to find a board file:
[ 473.693286] PM: Suspending system (s2idle)
[ 473.693291] printk: Suspending console(s) (use no_console_suspend to debug)
[ 474.407787] BUG: unable to handle page fault for address: 0000000000002070
[ 474.407791] #PF: supervisor read access in kernel mode
[ 474.407794] #PF: error_code(0x0000) - not-present page
[ 474.407798] PGD 0 P4D 0
[ 474.407801] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 474.407805] CPU: 2 PID: 2350 Comm: kworker/u32:14 Tainted: G W 5.16.0 #248
[...]
[ 474.407868] Call Trace:
[ 474.407870] <TASK>
[ 474.407874] ? _raw_spin_lock_irqsave+0x2a/0x60
[ 474.407882] ? lock_timer_base+0x72/0xa0
[ 474.407889] ? _raw_spin_unlock_irqrestore+0x29/0x3d
[ 474.407892] ? try_to_del_timer_sync+0x54/0x80
[ 474.407896] ath11k_dp_rx_pktlog_stop+0x49/0xc0 [ath11k]
[ 474.407912] ath11k_core_suspend+0x34/0x130 [ath11k]
[ 474.407923] ath11k_pci_pm_suspend+0x1b/0x50 [ath11k_pci]
[ 474.407928] pci_pm_suspend+0x7e/0x170
[ 474.407935] ? pci_pm_freeze+0xc0/0xc0
[ 474.407939] dpm_run_callback+0x4e/0x150
[ 474.407947] __device_suspend+0x148/0x4c0
[ 474.407951] async_suspend+0x20/0x90
dmesg-efi-164255130401001:
Oops#1 Part1
[ 474.407955] async_run_entry_fn+0x33/0x120
[ 474.407959] process_one_work+0x220/0x3f0
[ 474.407966] worker_thread+0x4a/0x3d0
[ 474.407971] kthread+0x17a/0x1a0
[ 474.407975] ? process_one_work+0x3f0/0x3f0
[ 474.407979] ? set_kthread_struct+0x40/0x40
[ 474.407983] ret_from_fork+0x22/0x30
[ 474.407991] </TASK>
The issue here is that board file loading happens after ath11k_pci_probe()
succesfully returns (ath11k initialisation happends asynchronously) and the
suspend handler is still enabled, of course failing as ath11k is not properly
initialised. Fix this by checking ATH11K_FLAG_QMI_FAIL during both suspend and
resume.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fed4cef115ab21a18faf499b3fa9b9a4b544f941",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "f3c5ef433da82d257337424b3647ce9dcb37d4b5",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "aeed776c00e804a0f7896db39c7c661cea34ee1f",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
},
{
"lessThan": "b4f4c56459a5c744f7f066b9fc2b54ea995030c5",
"status": "affected",
"version": "d5c65159f2895379e11ca13f62feabe93278985d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath11k/pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: pci: fix crash on suspend if board file is not found\n\nMario reported that the kernel was crashing on suspend if ath11k was not able\nto find a board file:\n\n[ 473.693286] PM: Suspending system (s2idle)\n[ 473.693291] printk: Suspending console(s) (use no_console_suspend to debug)\n[ 474.407787] BUG: unable to handle page fault for address: 0000000000002070\n[ 474.407791] #PF: supervisor read access in kernel mode\n[ 474.407794] #PF: error_code(0x0000) - not-present page\n[ 474.407798] PGD 0 P4D 0\n[ 474.407801] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 474.407805] CPU: 2 PID: 2350 Comm: kworker/u32:14 Tainted: G W 5.16.0 #248\n[...]\n[ 474.407868] Call Trace:\n[ 474.407870] \u003cTASK\u003e\n[ 474.407874] ? _raw_spin_lock_irqsave+0x2a/0x60\n[ 474.407882] ? lock_timer_base+0x72/0xa0\n[ 474.407889] ? _raw_spin_unlock_irqrestore+0x29/0x3d\n[ 474.407892] ? try_to_del_timer_sync+0x54/0x80\n[ 474.407896] ath11k_dp_rx_pktlog_stop+0x49/0xc0 [ath11k]\n[ 474.407912] ath11k_core_suspend+0x34/0x130 [ath11k]\n[ 474.407923] ath11k_pci_pm_suspend+0x1b/0x50 [ath11k_pci]\n[ 474.407928] pci_pm_suspend+0x7e/0x170\n[ 474.407935] ? pci_pm_freeze+0xc0/0xc0\n[ 474.407939] dpm_run_callback+0x4e/0x150\n[ 474.407947] __device_suspend+0x148/0x4c0\n[ 474.407951] async_suspend+0x20/0x90\ndmesg-efi-164255130401001:\nOops#1 Part1\n[ 474.407955] async_run_entry_fn+0x33/0x120\n[ 474.407959] process_one_work+0x220/0x3f0\n[ 474.407966] worker_thread+0x4a/0x3d0\n[ 474.407971] kthread+0x17a/0x1a0\n[ 474.407975] ? process_one_work+0x3f0/0x3f0\n[ 474.407979] ? set_kthread_struct+0x40/0x40\n[ 474.407983] ret_from_fork+0x22/0x30\n[ 474.407991] \u003c/TASK\u003e\n\nThe issue here is that board file loading happens after ath11k_pci_probe()\nsuccesfully returns (ath11k initialisation happends asynchronously) and the\nsuspend handler is still enabled, of course failing as ath11k is not properly\ninitialised. Fix this by checking ATH11K_FLAG_QMI_FAIL during both suspend and\nresume.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:40.946Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fed4cef115ab21a18faf499b3fa9b9a4b544f941"
},
{
"url": "https://git.kernel.org/stable/c/f3c5ef433da82d257337424b3647ce9dcb37d4b5"
},
{
"url": "https://git.kernel.org/stable/c/aeed776c00e804a0f7896db39c7c661cea34ee1f"
},
{
"url": "https://git.kernel.org/stable/c/b4f4c56459a5c744f7f066b9fc2b54ea995030c5"
}
],
"title": "ath11k: pci: fix crash on suspend if board file is not found",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49132",
"datePublished": "2025-02-26T01:55:07.144Z",
"dateReserved": "2025-02-26T01:49:39.267Z",
"dateUpdated": "2025-05-04T08:30:40.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49535 (GCVE-0-2022-49535)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
If lpfc_issue_els_flogi() fails and returns non-zero status, the node
reference count is decremented to trigger the release of the nodelist
structure. However, if there is a prior registration or dev-loss-evt work
pending, the node may be released prematurely. When dev-loss-evt
completes, the released node is referenced causing a use-after-free null
pointer dereference.
Similarly, when processing non-zero ELS PLOGI completion status in
lpfc_cmpl_els_plogi(), the ndlp flags are checked for a transport
registration before triggering node removal. If dev-loss-evt work is
pending, the node may be released prematurely and a subsequent call to
lpfc_dev_loss_tmo_handler() results in a use after free ndlp dereference.
Add test for pending dev-loss before decrementing the node reference count
for FLOGI, PLOGI, PRLI, and ADISC handling.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:15:34.195435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:31.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_els.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c7dc74ab7975c9b96284abfe4cca756d75fa4604",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "10663ebec0ad5c78493a0dd34c9ee4d73d7ca0df",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "577a942df3de2666f6947bdd3a5c9e8d30073424",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_els.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI\n\nIf lpfc_issue_els_flogi() fails and returns non-zero status, the node\nreference count is decremented to trigger the release of the nodelist\nstructure. However, if there is a prior registration or dev-loss-evt work\npending, the node may be released prematurely. When dev-loss-evt\ncompletes, the released node is referenced causing a use-after-free null\npointer dereference.\n\nSimilarly, when processing non-zero ELS PLOGI completion status in\nlpfc_cmpl_els_plogi(), the ndlp flags are checked for a transport\nregistration before triggering node removal. If dev-loss-evt work is\npending, the node may be released prematurely and a subsequent call to\nlpfc_dev_loss_tmo_handler() results in a use after free ndlp dereference.\n\nAdd test for pending dev-loss before decrementing the node reference count\nfor FLOGI, PLOGI, PRLI, and ADISC handling."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:01.596Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c7dc74ab7975c9b96284abfe4cca756d75fa4604"
},
{
"url": "https://git.kernel.org/stable/c/10663ebec0ad5c78493a0dd34c9ee4d73d7ca0df"
},
{
"url": "https://git.kernel.org/stable/c/577a942df3de2666f6947bdd3a5c9e8d30073424"
}
],
"title": "scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49535",
"datePublished": "2025-02-26T02:13:53.482Z",
"dateReserved": "2025-02-26T02:08:31.589Z",
"dateUpdated": "2025-05-04T08:40:01.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49347 (GCVE-0-2022-49347)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix bug_on in ext4_writepages
we got issue as follows:
EXT4-fs error (device loop0): ext4_mb_generate_buddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls
------------[ cut here ]------------
kernel BUG at fs/ext4/inode.c:2708!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 2 PID: 2147 Comm: rep Not tainted 5.18.0-rc2-next-20220413+ #155
RIP: 0010:ext4_writepages+0x1977/0x1c10
RSP: 0018:ffff88811d3e7880 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88811c098000
RDX: 0000000000000000 RSI: ffff88811c098000 RDI: 0000000000000002
RBP: ffff888128140f50 R08: ffffffffb1ff6387 R09: 0000000000000000
R10: 0000000000000007 R11: ffffed10250281ea R12: 0000000000000001
R13: 00000000000000a4 R14: ffff88811d3e7bb8 R15: ffff888128141028
FS: 00007f443aed9740(0000) GS:ffff8883aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020007200 CR3: 000000011c2a4000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
do_writepages+0x130/0x3a0
filemap_fdatawrite_wbc+0x83/0xa0
filemap_flush+0xab/0xe0
ext4_alloc_da_blocks+0x51/0x120
__ext4_ioctl+0x1534/0x3210
__x64_sys_ioctl+0x12c/0x170
do_syscall_64+0x3b/0x90
It may happen as follows:
1. write inline_data inode
vfs_write
new_sync_write
ext4_file_write_iter
ext4_buffered_write_iter
generic_perform_write
ext4_da_write_begin
ext4_da_write_inline_data_begin -> If inline data size too
small will allocate block to write, then mapping will has
dirty page
ext4_da_convert_inline_data_to_extent ->clear EXT4_STATE_MAY_INLINE_DATA
2. fallocate
do_vfs_ioctl
ioctl_preallocate
vfs_fallocate
ext4_fallocate
ext4_convert_inline_data
ext4_convert_inline_data_nolock
ext4_map_blocks -> fail will goto restore data
ext4_restore_inline_data
ext4_create_inline_data
ext4_write_inline_data
ext4_set_inode_state -> set inode EXT4_STATE_MAY_INLINE_DATA
3. writepages
__ext4_ioctl
ext4_alloc_da_blocks
filemap_flush
filemap_fdatawrite_wbc
do_writepages
ext4_writepages
if (ext4_has_inline_data(inode))
BUG_ON(ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA))
The root cause of this issue is we destory inline data until call
ext4_writepages under delay allocation mode. But there maybe already
convert from inline to extent. To solve this issue, we call
filemap_flush first..
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/inline.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "19918ec7717d87d5ab825884a46b26b21375d7ce",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b2b78f5bf2d453dda3903955efee059260787a42",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "de1732b5c1693ad489c5d254f124f67cb775f37d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "73fd5b19285197078ee8a2e651d75d5b094a4de9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1b061af037646c9cdb0afd8a8d2f1e1c06285866",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "18a759f7f99f0b65a08ff5b7e745fc405a42bde4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1cde35417edc0370fb0179a4e38b78a15350a8d0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "013f12bdedb96816aaa27ee04349f4433d361f52",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ef09ed5d37b84d18562b30cf7253e57062d0db05",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/inline.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug_on in ext4_writepages\n\nwe got issue as follows:\nEXT4-fs error (device loop0): ext4_mb_generate_buddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls\n------------[ cut here ]------------\nkernel BUG at fs/ext4/inode.c:2708!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 2 PID: 2147 Comm: rep Not tainted 5.18.0-rc2-next-20220413+ #155\nRIP: 0010:ext4_writepages+0x1977/0x1c10\nRSP: 0018:ffff88811d3e7880 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88811c098000\nRDX: 0000000000000000 RSI: ffff88811c098000 RDI: 0000000000000002\nRBP: ffff888128140f50 R08: ffffffffb1ff6387 R09: 0000000000000000\nR10: 0000000000000007 R11: ffffed10250281ea R12: 0000000000000001\nR13: 00000000000000a4 R14: ffff88811d3e7bb8 R15: ffff888128141028\nFS: 00007f443aed9740(0000) GS:ffff8883aef00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020007200 CR3: 000000011c2a4000 CR4: 00000000000006e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n do_writepages+0x130/0x3a0\n filemap_fdatawrite_wbc+0x83/0xa0\n filemap_flush+0xab/0xe0\n ext4_alloc_da_blocks+0x51/0x120\n __ext4_ioctl+0x1534/0x3210\n __x64_sys_ioctl+0x12c/0x170\n do_syscall_64+0x3b/0x90\n\nIt may happen as follows:\n1. write inline_data inode\nvfs_write\n new_sync_write\n ext4_file_write_iter\n ext4_buffered_write_iter\n generic_perform_write\n ext4_da_write_begin\n ext4_da_write_inline_data_begin -\u003e If inline data size too\n small will allocate block to write, then mapping will has\n dirty page\n ext4_da_convert_inline_data_to_extent -\u003eclear EXT4_STATE_MAY_INLINE_DATA\n2. fallocate\ndo_vfs_ioctl\n ioctl_preallocate\n vfs_fallocate\n ext4_fallocate\n ext4_convert_inline_data\n ext4_convert_inline_data_nolock\n ext4_map_blocks -\u003e fail will goto restore data\n ext4_restore_inline_data\n ext4_create_inline_data\n ext4_write_inline_data\n ext4_set_inode_state -\u003e set inode EXT4_STATE_MAY_INLINE_DATA\n3. writepages\n__ext4_ioctl\n ext4_alloc_da_blocks\n filemap_flush\n filemap_fdatawrite_wbc\n do_writepages\n ext4_writepages\n if (ext4_has_inline_data(inode))\n BUG_ON(ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA))\n\nThe root cause of this issue is we destory inline data until call\next4_writepages under delay allocation mode. But there maybe already\nconvert from inline to extent. To solve this issue, we call\nfilemap_flush first.."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:47.612Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/19918ec7717d87d5ab825884a46b26b21375d7ce"
},
{
"url": "https://git.kernel.org/stable/c/b2b78f5bf2d453dda3903955efee059260787a42"
},
{
"url": "https://git.kernel.org/stable/c/de1732b5c1693ad489c5d254f124f67cb775f37d"
},
{
"url": "https://git.kernel.org/stable/c/73fd5b19285197078ee8a2e651d75d5b094a4de9"
},
{
"url": "https://git.kernel.org/stable/c/1b061af037646c9cdb0afd8a8d2f1e1c06285866"
},
{
"url": "https://git.kernel.org/stable/c/18a759f7f99f0b65a08ff5b7e745fc405a42bde4"
},
{
"url": "https://git.kernel.org/stable/c/1cde35417edc0370fb0179a4e38b78a15350a8d0"
},
{
"url": "https://git.kernel.org/stable/c/013f12bdedb96816aaa27ee04349f4433d361f52"
},
{
"url": "https://git.kernel.org/stable/c/ef09ed5d37b84d18562b30cf7253e57062d0db05"
}
],
"title": "ext4: fix bug_on in ext4_writepages",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49347",
"datePublished": "2025-02-26T02:11:01.983Z",
"dateReserved": "2025-02-26T02:08:31.543Z",
"dateUpdated": "2025-05-04T08:35:47.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42240 (GCVE-0-2024-42240)
Vulnerability from cvelistv5
Published
2024-08-07 15:14
Modified
2025-11-03 22:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/bhi: Avoid warning in #DB handler due to BHI mitigation
When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set
then entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the
clear_bhb_loop() before the TF flag is cleared. This causes the #DB handler
(exc_debug_kernel()) to issue a warning because single-step is used outside the
entry_SYSENTER_compat() function.
To address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY
after making sure the TF flag is cleared.
The problem can be reproduced with the following sequence:
$ cat sysenter_step.c
int main()
{ asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); }
$ gcc -o sysenter_step sysenter_step.c
$ ./sysenter_step
Segmentation fault (core dumped)
The program is expected to crash, and the #DB handler will issue a warning.
Kernel log:
WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160
...
RIP: 0010:exc_debug_kernel+0xd2/0x160
...
Call Trace:
<#DB>
? show_regs+0x68/0x80
? __warn+0x8c/0x140
? exc_debug_kernel+0xd2/0x160
? report_bug+0x175/0x1a0
? handle_bug+0x44/0x90
? exc_invalid_op+0x1c/0x70
? asm_exc_invalid_op+0x1f/0x30
? exc_debug_kernel+0xd2/0x160
exc_debug+0x43/0x50
asm_exc_debug+0x1e/0x40
RIP: 0010:clear_bhb_loop+0x0/0xb0
...
</#DB>
<TASK>
? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d
</TASK>
[ bp: Massage commit message. ]
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bd53ec80f21839cfd4d852a6088279d602d67e5b Version: 07dbb10f153f483e8249acebdffedf922e2ec2e1 Version: eb36b0dce2138581bc6b5e39d0273cb4c96ded81 Version: 7390db8aea0d64e9deb28b8e1ce716f5020c7ee5 Version: 7390db8aea0d64e9deb28b8e1ce716f5020c7ee5 Version: 8f51637712e4da5be410a1666f8aee0d86eef898 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:13:51.001454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:31.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:02:42.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/entry/entry_64_compat.S"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "db56615e96c439e13783d7715330e824b4fd4b84",
"status": "affected",
"version": "bd53ec80f21839cfd4d852a6088279d602d67e5b",
"versionType": "git"
},
{
"lessThan": "a765679defe1dc1b8fa01928a6ad6361e72a1364",
"status": "affected",
"version": "07dbb10f153f483e8249acebdffedf922e2ec2e1",
"versionType": "git"
},
{
"lessThan": "dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf",
"status": "affected",
"version": "eb36b0dce2138581bc6b5e39d0273cb4c96ded81",
"versionType": "git"
},
{
"lessThan": "08518d48e5b744620524f0acd7c26c19bda7f513",
"status": "affected",
"version": "7390db8aea0d64e9deb28b8e1ce716f5020c7ee5",
"versionType": "git"
},
{
"lessThan": "ac8b270b61d48fcc61f052097777e3b5e11591e0",
"status": "affected",
"version": "7390db8aea0d64e9deb28b8e1ce716f5020c7ee5",
"versionType": "git"
},
{
"status": "affected",
"version": "8f51637712e4da5be410a1666f8aee0d86eef898",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/entry/entry_64_compat.S"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "5.15.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "6.1.85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "6.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/bhi: Avoid warning in #DB handler due to BHI mitigation\n\nWhen BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set\nthen entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the\nclear_bhb_loop() before the TF flag is cleared. This causes the #DB handler\n(exc_debug_kernel()) to issue a warning because single-step is used outside the\nentry_SYSENTER_compat() function.\n\nTo address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY\nafter making sure the TF flag is cleared.\n\nThe problem can be reproduced with the following sequence:\n\n $ cat sysenter_step.c\n int main()\n { asm(\"pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter\"); }\n\n $ gcc -o sysenter_step sysenter_step.c\n\n $ ./sysenter_step\n Segmentation fault (core dumped)\n\nThe program is expected to crash, and the #DB handler will issue a warning.\n\nKernel log:\n\n WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160\n ...\n RIP: 0010:exc_debug_kernel+0xd2/0x160\n ...\n Call Trace:\n \u003c#DB\u003e\n ? show_regs+0x68/0x80\n ? __warn+0x8c/0x140\n ? exc_debug_kernel+0xd2/0x160\n ? report_bug+0x175/0x1a0\n ? handle_bug+0x44/0x90\n ? exc_invalid_op+0x1c/0x70\n ? asm_exc_invalid_op+0x1f/0x30\n ? exc_debug_kernel+0xd2/0x160\n exc_debug+0x43/0x50\n asm_exc_debug+0x1e/0x40\n RIP: 0010:clear_bhb_loop+0x0/0xb0\n ...\n \u003c/#DB\u003e\n \u003cTASK\u003e\n ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d\n \u003c/TASK\u003e\n\n [ bp: Massage commit message. ]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:48.564Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/db56615e96c439e13783d7715330e824b4fd4b84"
},
{
"url": "https://git.kernel.org/stable/c/a765679defe1dc1b8fa01928a6ad6361e72a1364"
},
{
"url": "https://git.kernel.org/stable/c/dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf"
},
{
"url": "https://git.kernel.org/stable/c/08518d48e5b744620524f0acd7c26c19bda7f513"
},
{
"url": "https://git.kernel.org/stable/c/ac8b270b61d48fcc61f052097777e3b5e11591e0"
}
],
"title": "x86/bhi: Avoid warning in #DB handler due to BHI mitigation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42240",
"datePublished": "2024-08-07T15:14:27.977Z",
"dateReserved": "2024-07-30T07:40:12.253Z",
"dateUpdated": "2025-11-03T22:02:42.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49449 (GCVE-0-2022-49449)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()
It will cause null-ptr-deref when using 'res', if platform_get_resource()
returns NULL, so move using 'res' after devm_ioremap_resource() that
will check it to avoid null-ptr-deref.
And use devm_platform_get_and_ioremap_resource() to simplify code.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:40:36.057043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:48.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/renesas/pinctrl-rzn1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b646e0cfeb38bf5f1944fd548f1dfa9b129fa00c",
"status": "affected",
"version": "4e53b5004745ef26a37bca4933b2d3ea71313f2a",
"versionType": "git"
},
{
"lessThan": "c16b59d445135c8026a04e388d8b2762feaa3b3b",
"status": "affected",
"version": "4e53b5004745ef26a37bca4933b2d3ea71313f2a",
"versionType": "git"
},
{
"lessThan": "34c719b8fdfbd0c7c54cae56e6b0f16e9f8bf03e",
"status": "affected",
"version": "4e53b5004745ef26a37bca4933b2d3ea71313f2a",
"versionType": "git"
},
{
"lessThan": "01f9e02e0f13df3fd291676dc80054e977be1601",
"status": "affected",
"version": "4e53b5004745ef26a37bca4933b2d3ea71313f2a",
"versionType": "git"
},
{
"lessThan": "2f661477c2bb8068194dbba9738d05219f111c6e",
"status": "affected",
"version": "4e53b5004745ef26a37bca4933b2d3ea71313f2a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/renesas/pinctrl-rzn1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()\n\nIt will cause null-ptr-deref when using \u0027res\u0027, if platform_get_resource()\nreturns NULL, so move using \u0027res\u0027 after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.\nAnd use devm_platform_get_and_ioremap_resource() to simplify code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:59.146Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b646e0cfeb38bf5f1944fd548f1dfa9b129fa00c"
},
{
"url": "https://git.kernel.org/stable/c/c16b59d445135c8026a04e388d8b2762feaa3b3b"
},
{
"url": "https://git.kernel.org/stable/c/34c719b8fdfbd0c7c54cae56e6b0f16e9f8bf03e"
},
{
"url": "https://git.kernel.org/stable/c/01f9e02e0f13df3fd291676dc80054e977be1601"
},
{
"url": "https://git.kernel.org/stable/c/2f661477c2bb8068194dbba9738d05219f111c6e"
}
],
"title": "pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49449",
"datePublished": "2025-02-26T02:12:59.709Z",
"dateReserved": "2025-02-26T02:08:31.572Z",
"dateUpdated": "2025-10-01T19:46:48.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49260 (GCVE-0-2022-49260)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: hisilicon/sec - fix the aead software fallback for engine
Due to the subreq pointer misuse the private context memory. The aead
soft crypto occasionally casues the OS panic as setting the 64K page.
Here is fix it.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/hisilicon/sec2/sec_crypto.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "40dba7c26e897c637e91312b35f664f1d4d0073c",
"status": "affected",
"version": "6c46a3297beae4ae2d22b26da5e091f058381c7c",
"versionType": "git"
},
{
"lessThan": "ef7b10f3cac7810ddcfd976304fd125aca33d144",
"status": "affected",
"version": "6c46a3297beae4ae2d22b26da5e091f058381c7c",
"versionType": "git"
},
{
"lessThan": "5c1149e2abe0b7489300736b8277b45b113de67f",
"status": "affected",
"version": "6c46a3297beae4ae2d22b26da5e091f058381c7c",
"versionType": "git"
},
{
"lessThan": "0a2a464f863187f97e96ebc6384c052cafd4a54c",
"status": "affected",
"version": "6c46a3297beae4ae2d22b26da5e091f058381c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/hisilicon/sec2/sec_crypto.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/sec - fix the aead software fallback for engine\n\nDue to the subreq pointer misuse the private context memory. The aead\nsoft crypto occasionally casues the OS panic as setting the 64K page.\nHere is fix it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:34.942Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/40dba7c26e897c637e91312b35f664f1d4d0073c"
},
{
"url": "https://git.kernel.org/stable/c/ef7b10f3cac7810ddcfd976304fd125aca33d144"
},
{
"url": "https://git.kernel.org/stable/c/5c1149e2abe0b7489300736b8277b45b113de67f"
},
{
"url": "https://git.kernel.org/stable/c/0a2a464f863187f97e96ebc6384c052cafd4a54c"
}
],
"title": "crypto: hisilicon/sec - fix the aead software fallback for engine",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49260",
"datePublished": "2025-02-26T01:56:12.548Z",
"dateReserved": "2025-02-26T01:49:39.296Z",
"dateUpdated": "2025-05-04T08:33:34.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49641 (GCVE-0-2022-49641)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sysctl: Fix data races in proc_douintvec().
A sysctl variable is accessed concurrently, and there is always a chance
of data-race. So, all readers and writers need some basic protection to
avoid load/store-tearing.
This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE()
internally to fix data-races on the sysctl side. For now, proc_douintvec()
itself is tolerant to a data-race, but we still need to add annotations on
the other subsystem's side.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e7d316a02f683864a12389f8808570e37fb90aa3 Version: e7d316a02f683864a12389f8808570e37fb90aa3 Version: e7d316a02f683864a12389f8808570e37fb90aa3 Version: e7d316a02f683864a12389f8808570e37fb90aa3 Version: 70cd763eb1574cac07138be91f474a661e02d694 Version: f4cea51e9a3d536e2ca2b74a958f7c0b4ea733c3 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:58.576694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:48.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/sysctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d5d54714e329f646bd7af4994fc427d88ee68936",
"status": "affected",
"version": "e7d316a02f683864a12389f8808570e37fb90aa3",
"versionType": "git"
},
{
"lessThan": "d335db59f7fb3353f56e52371f1ee796ae9c8f09",
"status": "affected",
"version": "e7d316a02f683864a12389f8808570e37fb90aa3",
"versionType": "git"
},
{
"lessThan": "630c76850d554d7140232e71b5d1663e88cffb54",
"status": "affected",
"version": "e7d316a02f683864a12389f8808570e37fb90aa3",
"versionType": "git"
},
{
"lessThan": "4762b532ec9539755aab61445d5da6e1926ccb99",
"status": "affected",
"version": "e7d316a02f683864a12389f8808570e37fb90aa3",
"versionType": "git"
},
{
"status": "affected",
"version": "70cd763eb1574cac07138be91f474a661e02d694",
"versionType": "git"
},
{
"status": "affected",
"version": "f4cea51e9a3d536e2ca2b74a958f7c0b4ea733c3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/sysctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: Fix data races in proc_douintvec().\n\nA sysctl variable is accessed concurrently, and there is always a chance\nof data-race. So, all readers and writers need some basic protection to\navoid load/store-tearing.\n\nThis patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE()\ninternally to fix data-races on the sysctl side. For now, proc_douintvec()\nitself is tolerant to a data-race, but we still need to add annotations on\nthe other subsystem\u0027s side."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:45:01.026Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d5d54714e329f646bd7af4994fc427d88ee68936"
},
{
"url": "https://git.kernel.org/stable/c/d335db59f7fb3353f56e52371f1ee796ae9c8f09"
},
{
"url": "https://git.kernel.org/stable/c/630c76850d554d7140232e71b5d1663e88cffb54"
},
{
"url": "https://git.kernel.org/stable/c/4762b532ec9539755aab61445d5da6e1926ccb99"
}
],
"title": "sysctl: Fix data races in proc_douintvec().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49641",
"datePublished": "2025-02-26T02:23:48.675Z",
"dateReserved": "2025-02-26T02:21:30.430Z",
"dateUpdated": "2025-10-01T19:36:48.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49397 (GCVE-0-2022-49397)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom-qmp: fix struct clk leak on probe errors
Make sure to release the pipe clock reference in case of a late probe
error (e.g. probe deferral).
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b Version: e78f3d15e115e8e764d4b1562b4fa538f2e22f6b |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/phy/qualcomm/phy-qcom-qmp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b999d48b0869b8599de532ff6081575a7ab5358a",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "621a4bcfb7aa031e7760d7b156bad7a45df58387",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "1668ad103679306ba2ef37f758d704e58a3ef1a0",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "6f3673c8d8eff0c4ab5a5ee0d3ca9717d85419b4",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "b246695636a861a09f0e2cde92bb2dd8f114f024",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "f8d23895a41243c6a8dbf392e531fff9497bb023",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "ad9b0fad02f9b3a06ad5ac7df11f244e316a6254",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
},
{
"lessThan": "f0a4bc38a12f5a0cc5ad68670d9480e91e6a94df",
"status": "affected",
"version": "e78f3d15e115e8e764d4b1562b4fa538f2e22f6b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/phy/qualcomm/phy-qcom-qmp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp: fix struct clk leak on probe errors\n\nMake sure to release the pipe clock reference in case of a late probe\nerror (e.g. probe deferral)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:49.119Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b999d48b0869b8599de532ff6081575a7ab5358a"
},
{
"url": "https://git.kernel.org/stable/c/621a4bcfb7aa031e7760d7b156bad7a45df58387"
},
{
"url": "https://git.kernel.org/stable/c/1668ad103679306ba2ef37f758d704e58a3ef1a0"
},
{
"url": "https://git.kernel.org/stable/c/6f3673c8d8eff0c4ab5a5ee0d3ca9717d85419b4"
},
{
"url": "https://git.kernel.org/stable/c/b246695636a861a09f0e2cde92bb2dd8f114f024"
},
{
"url": "https://git.kernel.org/stable/c/f8d23895a41243c6a8dbf392e531fff9497bb023"
},
{
"url": "https://git.kernel.org/stable/c/ad9b0fad02f9b3a06ad5ac7df11f244e316a6254"
},
{
"url": "https://git.kernel.org/stable/c/f0a4bc38a12f5a0cc5ad68670d9480e91e6a94df"
}
],
"title": "phy: qcom-qmp: fix struct clk leak on probe errors",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49397",
"datePublished": "2025-02-26T02:11:26.612Z",
"dateReserved": "2025-02-26T02:08:31.563Z",
"dateUpdated": "2025-05-04T08:36:49.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49221 (GCVE-0-2022-49221)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dp: populate connector of struct dp_panel
DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose
and expect DP source return correct checksum. During drm edid read,
correct edid checksum is calculated and stored at
connector::real_edid_checksum.
The problem is struct dp_panel::connector never be assigned, instead the
connector is stored in struct msm_dp::connector. When we run compliance
testing test case 4.2.2.6 dp_panel_handle_sink_request() won't have a valid
edid set in struct dp_panel::edid so we'll try to use the connectors
real_edid_checksum and hit a NULL pointer dereference error because the
connector pointer is never assigned.
Changes in V2:
-- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps()
Changes in V3:
-- remove unhelpful kernel crash trace commit text
-- remove renaming dp_display parameter to dp
Changes in V4:
-- add more details to commit text
Changes in v10:
-- group into one series
Changes in v11:
-- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read
Signee-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: f86bc4a1a401d3691bad41e67f9db0c2ea94da32 Version: 7948fe12d47a946fb8025a0534c900e3dd4b5839 Version: 7948fe12d47a946fb8025a0534c900e3dd4b5839 Version: 7948fe12d47a946fb8025a0534c900e3dd4b5839 Version: 7948fe12d47a946fb8025a0534c900e3dd4b5839 Version: ab1ccd1e2584b268784518f838f7cc72faec576b Version: 08a96864a45b65ee406a344c78dd761b2fd66887 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:46:27.011573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:04.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/dp/dp_display.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "413c62697b61226a236c8b1f5cd64dcf42bcc12f",
"status": "affected",
"version": "f86bc4a1a401d3691bad41e67f9db0c2ea94da32",
"versionType": "git"
},
{
"lessThan": "9525b8bcae8b99188990b56484799cf4b1b43786",
"status": "affected",
"version": "7948fe12d47a946fb8025a0534c900e3dd4b5839",
"versionType": "git"
},
{
"lessThan": "fbba600f432a360b42452fee79d1fb35d3aa8aeb",
"status": "affected",
"version": "7948fe12d47a946fb8025a0534c900e3dd4b5839",
"versionType": "git"
},
{
"lessThan": "104074ebc0c3f358dd1ee944fbcde92c6e5a21dd",
"status": "affected",
"version": "7948fe12d47a946fb8025a0534c900e3dd4b5839",
"versionType": "git"
},
{
"lessThan": "5e602f5156910c7b19661699896cb6e3fb94fab9",
"status": "affected",
"version": "7948fe12d47a946fb8025a0534c900e3dd4b5839",
"versionType": "git"
},
{
"status": "affected",
"version": "ab1ccd1e2584b268784518f838f7cc72faec576b",
"versionType": "git"
},
{
"status": "affected",
"version": "08a96864a45b65ee406a344c78dd761b2fd66887",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/dp/dp_display.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.10.67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: populate connector of struct dp_panel\n\nDP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose\nand expect DP source return correct checksum. During drm edid read,\ncorrect edid checksum is calculated and stored at\nconnector::real_edid_checksum.\n\nThe problem is struct dp_panel::connector never be assigned, instead the\nconnector is stored in struct msm_dp::connector. When we run compliance\ntesting test case 4.2.2.6 dp_panel_handle_sink_request() won\u0027t have a valid\nedid set in struct dp_panel::edid so we\u0027ll try to use the connectors\nreal_edid_checksum and hit a NULL pointer dereference error because the\nconnector pointer is never assigned.\n\nChanges in V2:\n-- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps()\n\nChanges in V3:\n-- remove unhelpful kernel crash trace commit text\n-- remove renaming dp_display parameter to dp\n\nChanges in V4:\n-- add more details to commit text\n\nChanges in v10:\n-- group into one series\n\nChanges in v11:\n-- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read\n\nSignee-off-by: Kuogee Hsieh \u003cquic_khsieh@quicinc.com\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:22.205Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/413c62697b61226a236c8b1f5cd64dcf42bcc12f"
},
{
"url": "https://git.kernel.org/stable/c/9525b8bcae8b99188990b56484799cf4b1b43786"
},
{
"url": "https://git.kernel.org/stable/c/fbba600f432a360b42452fee79d1fb35d3aa8aeb"
},
{
"url": "https://git.kernel.org/stable/c/104074ebc0c3f358dd1ee944fbcde92c6e5a21dd"
},
{
"url": "https://git.kernel.org/stable/c/5e602f5156910c7b19661699896cb6e3fb94fab9"
}
],
"title": "drm/msm/dp: populate connector of struct dp_panel",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49221",
"datePublished": "2025-02-26T01:55:53.318Z",
"dateReserved": "2025-02-26T01:49:39.292Z",
"dateUpdated": "2025-10-01T19:47:04.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49521 (GCVE-0-2022-49521)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
If no handler is found in lpfc_complete_unsol_iocb() to match the rctl of a
received frame, the frame is dropped and resources are leaked.
Fix by returning resources when discarding an unhandled frame type. Update
lpfc_fc_frame_check() handling of NOP basic link service.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fa1b509d41c5433672f72c0615cf4aefa0611c99",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "40cf4ea4d2d497f7732c87d350ba5c3f5e8a43a1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "08709769ff2fb6c5ffedcda3742700d8ea1618a8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7860d8f8082605b57596aa82d3d438c1fdad9a9e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "646db1a560f44236b7278b822ca99a1d3b6ea72c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()\n\nIf no handler is found in lpfc_complete_unsol_iocb() to match the rctl of a\nreceived frame, the frame is dropped and resources are leaked.\n\nFix by returning resources when discarding an unhandled frame type. Update\nlpfc_fc_frame_check() handling of NOP basic link service."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:42.826Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fa1b509d41c5433672f72c0615cf4aefa0611c99"
},
{
"url": "https://git.kernel.org/stable/c/40cf4ea4d2d497f7732c87d350ba5c3f5e8a43a1"
},
{
"url": "https://git.kernel.org/stable/c/08709769ff2fb6c5ffedcda3742700d8ea1618a8"
},
{
"url": "https://git.kernel.org/stable/c/7860d8f8082605b57596aa82d3d438c1fdad9a9e"
},
{
"url": "https://git.kernel.org/stable/c/646db1a560f44236b7278b822ca99a1d3b6ea72c"
}
],
"title": "scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49521",
"datePublished": "2025-02-26T02:13:46.812Z",
"dateReserved": "2025-02-26T02:08:31.588Z",
"dateUpdated": "2025-05-04T08:39:42.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49381 (GCVE-0-2022-49381)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jffs2: fix memory leak in jffs2_do_fill_super
If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns
an error, we can observe the following kmemleak report:
--------------------------------------------
unreferenced object 0xffff888105a65340 (size 64):
comm "mount", pid 710, jiffies 4302851558 (age 58.239s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff859c45e5>] kmem_cache_alloc_trace+0x475/0x8a0
[<ffffffff86160146>] jffs2_sum_init+0x96/0x1a0
[<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120
[<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810
[<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0
[...]
unreferenced object 0xffff8881bd7f0000 (size 65536):
comm "mount", pid 710, jiffies 4302851558 (age 58.239s)
hex dump (first 32 bytes):
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
backtrace:
[<ffffffff858579ba>] kmalloc_order+0xda/0x110
[<ffffffff85857a11>] kmalloc_order_trace+0x21/0x130
[<ffffffff859c2ed1>] __kmalloc+0x711/0x8a0
[<ffffffff86160189>] jffs2_sum_init+0xd9/0x1a0
[<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120
[<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810
[<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0
[...]
--------------------------------------------
This is because the resources allocated in jffs2_sum_init() are not
released. Call jffs2_sum_exit() to release these resources to solve
the problem.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:55.283015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:52.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jffs2/fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4ba7bbeab8009faf3a726e565d98816593ddd5b0",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "4da8763a3d2b684c773b72ed80fad40bc264bc40",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "28048a4cf3813b7cf5cc8cce629dfdc7951cb1c2",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "d3a4fff1e7e408c32649030daa7c2c42a7e19a95",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "3252d327f977b14663a10967f3b0930d6c325687",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "ecc53e58596542791e82eff00702f8af7a313f70",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "cf9db013e167bc8fc2ecd7a13ed97a37df0c9dab",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "69295267c481545f636b69ff341b8db75aa136b9",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "c14adb1cf70a984ed081c67e9d27bc3caad9537c",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jffs2/fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.15"
},
{
"lessThan": "2.6.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "2.6.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix memory leak in jffs2_do_fill_super\n\nIf jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns\nan error, we can observe the following kmemleak report:\n\n--------------------------------------------\nunreferenced object 0xffff888105a65340 (size 64):\n comm \"mount\", pid 710, jiffies 4302851558 (age 58.239s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffff859c45e5\u003e] kmem_cache_alloc_trace+0x475/0x8a0\n [\u003cffffffff86160146\u003e] jffs2_sum_init+0x96/0x1a0\n [\u003cffffffff86140e25\u003e] jffs2_do_mount_fs+0x745/0x2120\n [\u003cffffffff86149fec\u003e] jffs2_do_fill_super+0x35c/0x810\n [\u003cffffffff8614aae9\u003e] jffs2_fill_super+0x2b9/0x3b0\n [...]\nunreferenced object 0xffff8881bd7f0000 (size 65536):\n comm \"mount\", pid 710, jiffies 4302851558 (age 58.239s)\n hex dump (first 32 bytes):\n bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................\n bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................\n backtrace:\n [\u003cffffffff858579ba\u003e] kmalloc_order+0xda/0x110\n [\u003cffffffff85857a11\u003e] kmalloc_order_trace+0x21/0x130\n [\u003cffffffff859c2ed1\u003e] __kmalloc+0x711/0x8a0\n [\u003cffffffff86160189\u003e] jffs2_sum_init+0xd9/0x1a0\n [\u003cffffffff86140e25\u003e] jffs2_do_mount_fs+0x745/0x2120\n [\u003cffffffff86149fec\u003e] jffs2_do_fill_super+0x35c/0x810\n [\u003cffffffff8614aae9\u003e] jffs2_fill_super+0x2b9/0x3b0\n [...]\n--------------------------------------------\n\nThis is because the resources allocated in jffs2_sum_init() are not\nreleased. Call jffs2_sum_exit() to release these resources to solve\nthe problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:28.528Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4ba7bbeab8009faf3a726e565d98816593ddd5b0"
},
{
"url": "https://git.kernel.org/stable/c/4da8763a3d2b684c773b72ed80fad40bc264bc40"
},
{
"url": "https://git.kernel.org/stable/c/28048a4cf3813b7cf5cc8cce629dfdc7951cb1c2"
},
{
"url": "https://git.kernel.org/stable/c/d3a4fff1e7e408c32649030daa7c2c42a7e19a95"
},
{
"url": "https://git.kernel.org/stable/c/3252d327f977b14663a10967f3b0930d6c325687"
},
{
"url": "https://git.kernel.org/stable/c/ecc53e58596542791e82eff00702f8af7a313f70"
},
{
"url": "https://git.kernel.org/stable/c/cf9db013e167bc8fc2ecd7a13ed97a37df0c9dab"
},
{
"url": "https://git.kernel.org/stable/c/69295267c481545f636b69ff341b8db75aa136b9"
},
{
"url": "https://git.kernel.org/stable/c/c14adb1cf70a984ed081c67e9d27bc3caad9537c"
}
],
"title": "jffs2: fix memory leak in jffs2_do_fill_super",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49381",
"datePublished": "2025-02-26T02:11:18.812Z",
"dateReserved": "2025-02-26T02:08:31.559Z",
"dateUpdated": "2025-10-01T19:46:52.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49320 (GCVE-0-2022-49320)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
In zynqmp_dma_alloc/free_chan_resources functions there is a
potential overflow in the below expressions.
dma_alloc_coherent(chan->dev, (2 * chan->desc_size *
ZYNQMP_DMA_NUM_DESCS),
&chan->desc_pool_p, GFP_KERNEL);
dma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) *
ZYNQMP_DMA_NUM_DESCS),
chan->desc_pool_v, chan->desc_pool_p);
The arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though
this overflow condition is not observed but it is a potential problem
in the case of 32-bit multiplication. Hence fix it by changing the
desc_size data type to size_t.
In addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in
dma_alloc_coherent API argument.
Addresses-Coverity: Event overflow_before_widen.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b0cc417c1637192be658e68a74c8d1568e3d35f6 Version: b0cc417c1637192be658e68a74c8d1568e3d35f6 Version: b0cc417c1637192be658e68a74c8d1568e3d35f6 Version: b0cc417c1637192be658e68a74c8d1568e3d35f6 Version: b0cc417c1637192be658e68a74c8d1568e3d35f6 Version: b0cc417c1637192be658e68a74c8d1568e3d35f6 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/xilinx/zynqmp_dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "83960276ffc9bf5570d4106490346b61e61be5f3",
"status": "affected",
"version": "b0cc417c1637192be658e68a74c8d1568e3d35f6",
"versionType": "git"
},
{
"lessThan": "95a0ba85c1b51b36e909841c02d205cd223ab753",
"status": "affected",
"version": "b0cc417c1637192be658e68a74c8d1568e3d35f6",
"versionType": "git"
},
{
"lessThan": "7b5488f4721fed6e121e661e165bab06ae2f8675",
"status": "affected",
"version": "b0cc417c1637192be658e68a74c8d1568e3d35f6",
"versionType": "git"
},
{
"lessThan": "4838969e4d95d2bd2995d1605b20d3144fcb3e74",
"status": "affected",
"version": "b0cc417c1637192be658e68a74c8d1568e3d35f6",
"versionType": "git"
},
{
"lessThan": "90aefae2e3a770a6909d339f5d8a988c0b0ceaf0",
"status": "affected",
"version": "b0cc417c1637192be658e68a74c8d1568e3d35f6",
"versionType": "git"
},
{
"lessThan": "f9a9f43a62a04ec3183fb0da9226c7706eed0115",
"status": "affected",
"version": "b0cc417c1637192be658e68a74c8d1568e3d35f6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/xilinx/zynqmp_dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type\n\nIn zynqmp_dma_alloc/free_chan_resources functions there is a\npotential overflow in the below expressions.\n\ndma_alloc_coherent(chan-\u003edev, (2 * chan-\u003edesc_size *\n\t\t ZYNQMP_DMA_NUM_DESCS),\n\t\t \u0026chan-\u003edesc_pool_p, GFP_KERNEL);\n\ndma_free_coherent(chan-\u003edev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) *\n ZYNQMP_DMA_NUM_DESCS),\n chan-\u003edesc_pool_v, chan-\u003edesc_pool_p);\n\nThe arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though\nthis overflow condition is not observed but it is a potential problem\nin the case of 32-bit multiplication. Hence fix it by changing the\ndesc_size data type to size_t.\n\nIn addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in\ndma_alloc_coherent API argument.\n\nAddresses-Coverity: Event overflow_before_widen."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:08.000Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/83960276ffc9bf5570d4106490346b61e61be5f3"
},
{
"url": "https://git.kernel.org/stable/c/95a0ba85c1b51b36e909841c02d205cd223ab753"
},
{
"url": "https://git.kernel.org/stable/c/7b5488f4721fed6e121e661e165bab06ae2f8675"
},
{
"url": "https://git.kernel.org/stable/c/4838969e4d95d2bd2995d1605b20d3144fcb3e74"
},
{
"url": "https://git.kernel.org/stable/c/90aefae2e3a770a6909d339f5d8a988c0b0ceaf0"
},
{
"url": "https://git.kernel.org/stable/c/f9a9f43a62a04ec3183fb0da9226c7706eed0115"
}
],
"title": "dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49320",
"datePublished": "2025-02-26T02:10:45.703Z",
"dateReserved": "2025-02-26T02:08:31.537Z",
"dateUpdated": "2025-05-04T08:35:08.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49155 (GCVE-0-2022-49155)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
[ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020
[ 12.332297] caller is qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx]
[ 12.338417] CPU: 7 PID: 1020 Comm: systemd-udevd Tainted: G I --------- --- 5.14.0-29.el9.x86_64 #1
[ 12.348827] Hardware name: Dell Inc. PowerEdge R610/0F0XJ6, BIOS 6.6.0 05/22/2018
[ 12.356356] Call Trace:
[ 12.358821] dump_stack_lvl+0x34/0x44
[ 12.362514] check_preemption_disabled+0xd9/0xe0
[ 12.367164] qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx]
[ 12.372481] qla2x00_probe_one+0xa3a/0x1b80 [qla2xxx]
[ 12.377617] ? _raw_spin_lock_irqsave+0x19/0x40
[ 12.384284] local_pci_probe+0x42/0x80
[ 12.390162] ? pci_match_device+0xd7/0x110
[ 12.396366] pci_device_probe+0xfd/0x1b0
[ 12.402372] really_probe+0x1e7/0x3e0
[ 12.408114] __driver_probe_device+0xfe/0x180
[ 12.414544] driver_probe_device+0x1e/0x90
[ 12.420685] __driver_attach+0xc0/0x1c0
[ 12.426536] ? __device_attach_driver+0xe0/0xe0
[ 12.433061] ? __device_attach_driver+0xe0/0xe0
[ 12.439538] bus_for_each_dev+0x78/0xc0
[ 12.445294] bus_add_driver+0x12b/0x1e0
[ 12.451021] driver_register+0x8f/0xe0
[ 12.456631] ? 0xffffffffc07bc000
[ 12.461773] qla2x00_module_init+0x1be/0x229 [qla2xxx]
[ 12.468776] do_one_initcall+0x44/0x200
[ 12.474401] ? load_module+0xad3/0xba0
[ 12.479908] ? kmem_cache_alloc_trace+0x45/0x410
[ 12.486268] do_init_module+0x5c/0x280
[ 12.491730] __do_sys_init_module+0x12e/0x1b0
[ 12.497785] do_syscall_64+0x3b/0x90
[ 12.503029] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 12.509764] RIP: 0033:0x7f554f73ab2e
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:47:40.390281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:00.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "43195a0c620761fbb88db04e2475313855b948a4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f68776f28d9134fa65056e7e63bfc734049730b7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8077a7162bc3cf658dd9ff112bc77716c08458c5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f97316dd393bc8df1cc2af6295a97b876eecf252",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9c33d49ab9f3d8bd7512b3070cd2f07c4a8849d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1ab81d82fb1db7ec4be4b0d04563513e6d4bcdd5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a669a22aef0ceff706b885370af74b5a60a8ac85",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a60447e7d451df42c7bde43af53b34f10f34f469",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()\n\n[ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020\n[ 12.332297] caller is qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx]\n[ 12.338417] CPU: 7 PID: 1020 Comm: systemd-udevd Tainted: G I --------- --- 5.14.0-29.el9.x86_64 #1\n[ 12.348827] Hardware name: Dell Inc. PowerEdge R610/0F0XJ6, BIOS 6.6.0 05/22/2018\n[ 12.356356] Call Trace:\n[ 12.358821] dump_stack_lvl+0x34/0x44\n[ 12.362514] check_preemption_disabled+0xd9/0xe0\n[ 12.367164] qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx]\n[ 12.372481] qla2x00_probe_one+0xa3a/0x1b80 [qla2xxx]\n[ 12.377617] ? _raw_spin_lock_irqsave+0x19/0x40\n[ 12.384284] local_pci_probe+0x42/0x80\n[ 12.390162] ? pci_match_device+0xd7/0x110\n[ 12.396366] pci_device_probe+0xfd/0x1b0\n[ 12.402372] really_probe+0x1e7/0x3e0\n[ 12.408114] __driver_probe_device+0xfe/0x180\n[ 12.414544] driver_probe_device+0x1e/0x90\n[ 12.420685] __driver_attach+0xc0/0x1c0\n[ 12.426536] ? __device_attach_driver+0xe0/0xe0\n[ 12.433061] ? __device_attach_driver+0xe0/0xe0\n[ 12.439538] bus_for_each_dev+0x78/0xc0\n[ 12.445294] bus_add_driver+0x12b/0x1e0\n[ 12.451021] driver_register+0x8f/0xe0\n[ 12.456631] ? 0xffffffffc07bc000\n[ 12.461773] qla2x00_module_init+0x1be/0x229 [qla2xxx]\n[ 12.468776] do_one_initcall+0x44/0x200\n[ 12.474401] ? load_module+0xad3/0xba0\n[ 12.479908] ? kmem_cache_alloc_trace+0x45/0x410\n[ 12.486268] do_init_module+0x5c/0x280\n[ 12.491730] __do_sys_init_module+0x12e/0x1b0\n[ 12.497785] do_syscall_64+0x3b/0x90\n[ 12.503029] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 12.509764] RIP: 0033:0x7f554f73ab2e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:10.418Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/43195a0c620761fbb88db04e2475313855b948a4"
},
{
"url": "https://git.kernel.org/stable/c/f68776f28d9134fa65056e7e63bfc734049730b7"
},
{
"url": "https://git.kernel.org/stable/c/8077a7162bc3cf658dd9ff112bc77716c08458c5"
},
{
"url": "https://git.kernel.org/stable/c/f97316dd393bc8df1cc2af6295a97b876eecf252"
},
{
"url": "https://git.kernel.org/stable/c/9c33d49ab9f3d8bd7512b3070cd2f07c4a8849d5"
},
{
"url": "https://git.kernel.org/stable/c/1ab81d82fb1db7ec4be4b0d04563513e6d4bcdd5"
},
{
"url": "https://git.kernel.org/stable/c/a669a22aef0ceff706b885370af74b5a60a8ac85"
},
{
"url": "https://git.kernel.org/stable/c/a60447e7d451df42c7bde43af53b34f10f34f469"
}
],
"title": "scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49155",
"datePublished": "2025-02-26T01:55:19.760Z",
"dateReserved": "2025-02-26T01:49:39.275Z",
"dateUpdated": "2025-10-01T19:57:00.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49445 (GCVE-0-2022-49445)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()
It will cause null-ptr-deref when using 'res', if platform_get_resource()
returns NULL, so move using 'res' after devm_ioremap_resource() that
will check it to avoid null-ptr-deref.
And use devm_platform_get_and_ioremap_resource() to simplify code.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49445",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:40:49.569465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:48.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/renesas/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f991879762392c19661af5b722578089a12b305f",
"status": "affected",
"version": "c7977ec4a33633c8e8d9267dd014356cf857351c",
"versionType": "git"
},
{
"lessThan": "5ed0519d425619b435150372cce2ffeec71581fa",
"status": "affected",
"version": "c7977ec4a33633c8e8d9267dd014356cf857351c",
"versionType": "git"
},
{
"lessThan": "e3a1ad8fd0ac11f4fa1260c23b5db71a25473254",
"status": "affected",
"version": "c7977ec4a33633c8e8d9267dd014356cf857351c",
"versionType": "git"
},
{
"lessThan": "fb4f022b3ad1f3ff3cafdbc7d51896090ae17701",
"status": "affected",
"version": "c7977ec4a33633c8e8d9267dd014356cf857351c",
"versionType": "git"
},
{
"lessThan": "5376e3d904532e657fd7ca1a9b1ff3d351527b90",
"status": "affected",
"version": "c7977ec4a33633c8e8d9267dd014356cf857351c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/renesas/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()\n\nIt will cause null-ptr-deref when using \u0027res\u0027, if platform_get_resource()\nreturns NULL, so move using \u0027res\u0027 after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref.\nAnd use devm_platform_get_and_ioremap_resource() to simplify code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:53.708Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f991879762392c19661af5b722578089a12b305f"
},
{
"url": "https://git.kernel.org/stable/c/5ed0519d425619b435150372cce2ffeec71581fa"
},
{
"url": "https://git.kernel.org/stable/c/e3a1ad8fd0ac11f4fa1260c23b5db71a25473254"
},
{
"url": "https://git.kernel.org/stable/c/fb4f022b3ad1f3ff3cafdbc7d51896090ae17701"
},
{
"url": "https://git.kernel.org/stable/c/5376e3d904532e657fd7ca1a9b1ff3d351527b90"
}
],
"title": "pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49445",
"datePublished": "2025-02-26T02:12:57.249Z",
"dateReserved": "2025-02-26T02:08:31.571Z",
"dateUpdated": "2025-10-01T19:46:48.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49319 (GCVE-0-2022-49319)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu-v3: check return value after calling platform_get_resource()
It will cause null-ptr-deref if platform_get_resource() returns NULL,
we need check the return value.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:43:48.096516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:56.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "54c1e0e3bbcab2abe25b2874a43050ae5df87831",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fb0f1c5eb8d60b3e018ba7c87da249b52674ebe6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "db728a891f9177b044aaca89b678f6b5e24d5cc3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "54cf47da0c7532d151d76e5d63f5936191698c44",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b131fa8c1d2afd05d0b7598621114674289c2fbb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-v3: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:06.900Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/54c1e0e3bbcab2abe25b2874a43050ae5df87831"
},
{
"url": "https://git.kernel.org/stable/c/fb0f1c5eb8d60b3e018ba7c87da249b52674ebe6"
},
{
"url": "https://git.kernel.org/stable/c/db728a891f9177b044aaca89b678f6b5e24d5cc3"
},
{
"url": "https://git.kernel.org/stable/c/54cf47da0c7532d151d76e5d63f5936191698c44"
},
{
"url": "https://git.kernel.org/stable/c/b131fa8c1d2afd05d0b7598621114674289c2fbb"
}
],
"title": "iommu/arm-smmu-v3: check return value after calling platform_get_resource()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49319",
"datePublished": "2025-02-26T02:10:45.131Z",
"dateReserved": "2025-02-26T02:08:31.537Z",
"dateUpdated": "2025-10-01T19:46:56.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49298 (GCVE-0-2022-49298)
Vulnerability from cvelistv5
Published
2025-02-26 02:01
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8712: fix uninit-value in r871xu_drv_init()
When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0,
'mac[6]' will not be initialized.
BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
really_probe+0x653/0x14b0 drivers/base/dd.c:596
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238
usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293
really_probe+0x653/0x14b0 drivers/base/dd.c:596
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_new_device+0x1b8e/0x2950 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5358 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
port_event drivers/usb/core/hub.c:5660 [inline]
hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5742
process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
kthread+0x3c7/0x500 kernel/kthread.c:377
ret_from_fork+0x1f/0x30
Local variable mac created at:
r871xu_drv_init+0x1771/0x3070 drivers/staging/rtl8712/usb_intf.c:394
usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
KMSAN: uninit-value in r871xu_drv_init
https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:56.175459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:59.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8712/usb_intf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0b7371a22489cbb2e8e826ca03fb5ce92afb04fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "277faa442fe0c59f418ac53f47a78e1266addd65",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "52a0d88c328098b4e9fb8f2f3877fec0eff4104b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ff727ab0b7d7a56b5ef281f12abd00c4b85894e9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f36e754a1f0bafb9feeea63463de78080acb6de0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "76a964ad0ea8f2b10abd69a7532e174a28258283",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "70df04433fd351ba72bc635bd0b5fe443d9ac964",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0458e5428e5e959d201a40ffe71d762a79ecedc4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8712/usb_intf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix uninit-value in r871xu_drv_init()\n\nWhen \u0027tmpU1b\u0027 returns from r8712_read8(padapter, EE_9346CR) is 0,\n\u0027mac[6]\u0027 will not be initialized.\n\nBUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541\n r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541\n usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396\n really_probe+0x653/0x14b0 drivers/base/dd.c:596\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238\n usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293\n really_probe+0x653/0x14b0 drivers/base/dd.c:596\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_new_device+0x1b8e/0x2950 drivers/usb/core/hub.c:2566\n hub_port_connect drivers/usb/core/hub.c:5358 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]\n port_event drivers/usb/core/hub.c:5660 [inline]\n hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5742\n process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307\n worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454\n kthread+0x3c7/0x500 kernel/kthread.c:377\n ret_from_fork+0x1f/0x30\n\nLocal variable mac created at:\n r871xu_drv_init+0x1771/0x3070 drivers/staging/rtl8712/usb_intf.c:394\n usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396\n\nKMSAN: uninit-value in r871xu_drv_init\nhttps://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:36.038Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0b7371a22489cbb2e8e826ca03fb5ce92afb04fe"
},
{
"url": "https://git.kernel.org/stable/c/277faa442fe0c59f418ac53f47a78e1266addd65"
},
{
"url": "https://git.kernel.org/stable/c/a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2"
},
{
"url": "https://git.kernel.org/stable/c/52a0d88c328098b4e9fb8f2f3877fec0eff4104b"
},
{
"url": "https://git.kernel.org/stable/c/ff727ab0b7d7a56b5ef281f12abd00c4b85894e9"
},
{
"url": "https://git.kernel.org/stable/c/f36e754a1f0bafb9feeea63463de78080acb6de0"
},
{
"url": "https://git.kernel.org/stable/c/76a964ad0ea8f2b10abd69a7532e174a28258283"
},
{
"url": "https://git.kernel.org/stable/c/70df04433fd351ba72bc635bd0b5fe443d9ac964"
},
{
"url": "https://git.kernel.org/stable/c/0458e5428e5e959d201a40ffe71d762a79ecedc4"
}
],
"title": "staging: rtl8712: fix uninit-value in r871xu_drv_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49298",
"datePublished": "2025-02-26T02:01:27.111Z",
"dateReserved": "2025-02-26T01:49:39.302Z",
"dateUpdated": "2025-10-01T19:46:59.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49616 (GCVE-0-2022-49616)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: rt7*-sdw: harden jack_detect_handler
Realtek headset codec drivers typically check if the card is
instantiated before proceeding with the jack detection.
The rt700, rt711 and rt711-sdca are however missing a check on the
card pointer, which can lead to NULL dereferences encountered in
driver bind/unbind tests.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/rt700.c",
"sound/soc/codecs/rt711-sdca.c",
"sound/soc/codecs/rt711.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "07a606e1389a63b61cb8cd591026f30529117573",
"status": "affected",
"version": "320b8b0d13b81f3697acff5b6ddb47f88a09c118",
"versionType": "git"
},
{
"lessThan": "1d75b73ec6d6b705cca528b36d8315e43e8d7fa5",
"status": "affected",
"version": "320b8b0d13b81f3697acff5b6ddb47f88a09c118",
"versionType": "git"
},
{
"lessThan": "0484271ab0ce50649329fa9dc23c50853c5b26a4",
"status": "affected",
"version": "320b8b0d13b81f3697acff5b6ddb47f88a09c118",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/rt700.c",
"sound/soc/codecs/rt711-sdca.c",
"sound/soc/codecs/rt711.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt7*-sdw: harden jack_detect_handler\n\nRealtek headset codec drivers typically check if the card is\ninstantiated before proceeding with the jack detection.\n\nThe rt700, rt711 and rt711-sdca are however missing a check on the\ncard pointer, which can lead to NULL dereferences encountered in\ndriver bind/unbind tests."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:51.624Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/07a606e1389a63b61cb8cd591026f30529117573"
},
{
"url": "https://git.kernel.org/stable/c/1d75b73ec6d6b705cca528b36d8315e43e8d7fa5"
},
{
"url": "https://git.kernel.org/stable/c/0484271ab0ce50649329fa9dc23c50853c5b26a4"
}
],
"title": "ASoC: rt7*-sdw: harden jack_detect_handler",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49616",
"datePublished": "2025-02-26T02:23:36.180Z",
"dateReserved": "2025-02-26T02:21:30.419Z",
"dateUpdated": "2025-05-04T08:41:51.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49302 (GCVE-0-2022-49302)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: host: isp116x: check return value after calling platform_get_resource()
It will cause null-ptr-deref if platform_get_resource() returns NULL,
we need check the return value.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:40.488195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:58.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/isp116x-hcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "804de302ada3544699c5f48c5314b249af76faa3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7bffda1560a6f255fdf504e059fbbdb5d46b9e44",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3825db88d8c704e7992b685618a03f82bffcf2ef",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c91a74b1f0f2d2d7e728742ae55e3ffe9ba7853d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ee105039d3653444de4d3ede642383c92855dc1e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3592cfd8b848bf0c4d7740d78a87a7b8f6e1fa9a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "aca0cab0e9ed33b6371aafb519a6c38f2850ffc3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "82a101f14943f479fd190b1e5b40d91c77e2ac1b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "134a3408c2d3f7e23eb0e4556e0a2d9f36c2614e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/isp116x-hcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: host: isp116x: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:40.636Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/804de302ada3544699c5f48c5314b249af76faa3"
},
{
"url": "https://git.kernel.org/stable/c/7bffda1560a6f255fdf504e059fbbdb5d46b9e44"
},
{
"url": "https://git.kernel.org/stable/c/3825db88d8c704e7992b685618a03f82bffcf2ef"
},
{
"url": "https://git.kernel.org/stable/c/c91a74b1f0f2d2d7e728742ae55e3ffe9ba7853d"
},
{
"url": "https://git.kernel.org/stable/c/ee105039d3653444de4d3ede642383c92855dc1e"
},
{
"url": "https://git.kernel.org/stable/c/3592cfd8b848bf0c4d7740d78a87a7b8f6e1fa9a"
},
{
"url": "https://git.kernel.org/stable/c/aca0cab0e9ed33b6371aafb519a6c38f2850ffc3"
},
{
"url": "https://git.kernel.org/stable/c/82a101f14943f479fd190b1e5b40d91c77e2ac1b"
},
{
"url": "https://git.kernel.org/stable/c/134a3408c2d3f7e23eb0e4556e0a2d9f36c2614e"
}
],
"title": "USB: host: isp116x: check return value after calling platform_get_resource()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49302",
"datePublished": "2025-02-26T02:10:36.556Z",
"dateReserved": "2025-02-26T02:08:31.535Z",
"dateUpdated": "2025-10-01T19:46:58.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49634 (GCVE-0-2022-49634)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sysctl: Fix data-races in proc_dou8vec_minmax().
A sysctl variable is accessed concurrently, and there is always a chance
of data-race. So, all readers and writers need some basic protection to
avoid load/store-tearing.
This patch changes proc_dou8vec_minmax() to use READ_ONCE() and
WRITE_ONCE() internally to fix data-races on the sysctl side. For now,
proc_dou8vec_minmax() itself is tolerant to a data-race, but we still
need to add annotations on the other subsystem's side.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:34:15.087673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:49.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/sysctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f177b382c33900d0e5a9766493c11a1074076f78",
"status": "affected",
"version": "389dab6142d742f91010f38de0f1f2f440b97e1b",
"versionType": "git"
},
{
"lessThan": "e58b02e445463065b4078bf621561da75197853f",
"status": "affected",
"version": "cb9444130662c6c13022579c861098f212db2562",
"versionType": "git"
},
{
"lessThan": "5f776daef0b5354615ec4b4234cd9539ca05f273",
"status": "affected",
"version": "cb9444130662c6c13022579c861098f212db2562",
"versionType": "git"
},
{
"lessThan": "7dee5d7747a69aa2be41f04c6a7ecfe3ac8cdf18",
"status": "affected",
"version": "cb9444130662c6c13022579c861098f212db2562",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/sysctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: Fix data-races in proc_dou8vec_minmax().\n\nA sysctl variable is accessed concurrently, and there is always a chance\nof data-race. So, all readers and writers need some basic protection to\navoid load/store-tearing.\n\nThis patch changes proc_dou8vec_minmax() to use READ_ONCE() and\nWRITE_ONCE() internally to fix data-races on the sysctl side. For now,\nproc_dou8vec_minmax() itself is tolerant to a data-race, but we still\nneed to add annotations on the other subsystem\u0027s side."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:15.216Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f177b382c33900d0e5a9766493c11a1074076f78"
},
{
"url": "https://git.kernel.org/stable/c/e58b02e445463065b4078bf621561da75197853f"
},
{
"url": "https://git.kernel.org/stable/c/5f776daef0b5354615ec4b4234cd9539ca05f273"
},
{
"url": "https://git.kernel.org/stable/c/7dee5d7747a69aa2be41f04c6a7ecfe3ac8cdf18"
}
],
"title": "sysctl: Fix data-races in proc_dou8vec_minmax().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49634",
"datePublished": "2025-02-26T02:23:45.254Z",
"dateReserved": "2025-02-26T02:21:30.429Z",
"dateUpdated": "2025-10-01T19:36:49.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49157 (GCVE-0-2022-49157)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix premature hw access after PCI error
After a recoverable PCI error has been detected and recovered, qla driver
needs to check to see if the error condition still persist and/or wait
for the OS to give the resume signal.
Sep 8 22:26:03 localhost kernel: WARNING: CPU: 9 PID: 124606 at qla_tmpl.c:440
qla27xx_fwdt_entry_t266+0x55/0x60 [qla2xxx]
Sep 8 22:26:03 localhost kernel: RIP: 0010:qla27xx_fwdt_entry_t266+0x55/0x60
[qla2xxx]
Sep 8 22:26:03 localhost kernel: Call Trace:
Sep 8 22:26:03 localhost kernel: ? qla27xx_walk_template+0xb1/0x1b0 [qla2xxx]
Sep 8 22:26:03 localhost kernel: ? qla27xx_execute_fwdt_template+0x12a/0x160
[qla2xxx]
Sep 8 22:26:03 localhost kernel: ? qla27xx_fwdump+0xa0/0x1c0 [qla2xxx]
Sep 8 22:26:03 localhost kernel: ? qla2xxx_pci_mmio_enabled+0xfb/0x120
[qla2xxx]
Sep 8 22:26:03 localhost kernel: ? report_mmio_enabled+0x44/0x80
Sep 8 22:26:03 localhost kernel: ? report_slot_reset+0x80/0x80
Sep 8 22:26:03 localhost kernel: ? pci_walk_bus+0x70/0x90
Sep 8 22:26:03 localhost kernel: ? aer_dev_correctable_show+0xc0/0xc0
Sep 8 22:26:03 localhost kernel: ? pcie_do_recovery+0x1bb/0x240
Sep 8 22:26:03 localhost kernel: ? aer_recover_work_func+0xaa/0xd0
Sep 8 22:26:03 localhost kernel: ? process_one_work+0x1a7/0x360
..
Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-8041:22: detected PCI
disconnect.
Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-107ff:22:
qla27xx_fwdt_entry_t262: dump ram MB failed. Area 5h start 198013h end 198013h
Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-107ff:22: Unable to
capture FW dump
Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-1015:22: cmd=0x0,
waited 5221 msecs
Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-680d:22: mmio
enabled returning.
Sep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-d04c:22: MBX
Command timeout for cmd 0, iocontrol=ffffffff jiffies=10140f2e5
mb[0-3]=[0xffff 0xffff 0xffff 0xffff]
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c",
"drivers/scsi/qla2xxx/qla_tmpl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5ef6319f9882699613d5182fbd7929b017e8c5ab",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d7994dff9071555a959a168f9184dd9abae68a6b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6c125fd5ad035777f7b471553f7ddda76e8e7136",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e35920ab7874d5e2faeb4f958a74bfa793f1ce5a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c",
"drivers/scsi/qla2xxx/qla_tmpl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix premature hw access after PCI error\n\nAfter a recoverable PCI error has been detected and recovered, qla driver\nneeds to check to see if the error condition still persist and/or wait\nfor the OS to give the resume signal.\n\nSep 8 22:26:03 localhost kernel: WARNING: CPU: 9 PID: 124606 at qla_tmpl.c:440\nqla27xx_fwdt_entry_t266+0x55/0x60 [qla2xxx]\nSep 8 22:26:03 localhost kernel: RIP: 0010:qla27xx_fwdt_entry_t266+0x55/0x60\n[qla2xxx]\nSep 8 22:26:03 localhost kernel: Call Trace:\nSep 8 22:26:03 localhost kernel: ? qla27xx_walk_template+0xb1/0x1b0 [qla2xxx]\nSep 8 22:26:03 localhost kernel: ? qla27xx_execute_fwdt_template+0x12a/0x160\n[qla2xxx]\nSep 8 22:26:03 localhost kernel: ? qla27xx_fwdump+0xa0/0x1c0 [qla2xxx]\nSep 8 22:26:03 localhost kernel: ? qla2xxx_pci_mmio_enabled+0xfb/0x120\n[qla2xxx]\nSep 8 22:26:03 localhost kernel: ? report_mmio_enabled+0x44/0x80\nSep 8 22:26:03 localhost kernel: ? report_slot_reset+0x80/0x80\nSep 8 22:26:03 localhost kernel: ? pci_walk_bus+0x70/0x90\nSep 8 22:26:03 localhost kernel: ? aer_dev_correctable_show+0xc0/0xc0\nSep 8 22:26:03 localhost kernel: ? pcie_do_recovery+0x1bb/0x240\nSep 8 22:26:03 localhost kernel: ? aer_recover_work_func+0xaa/0xd0\nSep 8 22:26:03 localhost kernel: ? process_one_work+0x1a7/0x360\n..\nSep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-8041:22: detected PCI\ndisconnect.\nSep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-107ff:22:\nqla27xx_fwdt_entry_t262: dump ram MB failed. Area 5h start 198013h end 198013h\nSep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-107ff:22: Unable to\ncapture FW dump\nSep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-1015:22: cmd=0x0,\nwaited 5221 msecs\nSep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-680d:22: mmio\nenabled returning.\nSep 8 22:26:03 localhost kernel: qla2xxx [0000:42:00.2]-d04c:22: MBX\nCommand timeout for cmd 0, iocontrol=ffffffff jiffies=10140f2e5\nmb[0-3]=[0xffff 0xffff 0xffff 0xffff]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:12.861Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5ef6319f9882699613d5182fbd7929b017e8c5ab"
},
{
"url": "https://git.kernel.org/stable/c/d7994dff9071555a959a168f9184dd9abae68a6b"
},
{
"url": "https://git.kernel.org/stable/c/6c125fd5ad035777f7b471553f7ddda76e8e7136"
},
{
"url": "https://git.kernel.org/stable/c/e35920ab7874d5e2faeb4f958a74bfa793f1ce5a"
}
],
"title": "scsi: qla2xxx: Fix premature hw access after PCI error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49157",
"datePublished": "2025-02-26T01:55:20.807Z",
"dateReserved": "2025-02-26T01:49:39.276Z",
"dateUpdated": "2025-05-04T08:31:12.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49189 (GCVE-0-2022-49189)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
The display pixel clock has a requirement on certain newer platforms to
support M/N as (2/3) and the final D value calculated results in
underflow errors.
As the current implementation does not check for D value is within
the accepted range for a given M & N value. Update the logic to
calculate the final D value based on the range.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 99cbd064b059f222c8839ba433a68b2d6ee33066 Version: 99cbd064b059f222c8839ba433a68b2d6ee33066 Version: 99cbd064b059f222c8839ba433a68b2d6ee33066 Version: 99cbd064b059f222c8839ba433a68b2d6ee33066 Version: 99cbd064b059f222c8839ba433a68b2d6ee33066 Version: 99cbd064b059f222c8839ba433a68b2d6ee33066 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/qcom/clk-rcg2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "52592f9afbfe01bce8f8953e4f19cbe3bcbdbd3a",
"status": "affected",
"version": "99cbd064b059f222c8839ba433a68b2d6ee33066",
"versionType": "git"
},
{
"lessThan": "334720f418f57b1d969dad2117b21f9388cb9395",
"status": "affected",
"version": "99cbd064b059f222c8839ba433a68b2d6ee33066",
"versionType": "git"
},
{
"lessThan": "34dca60982e93e69ae442aa2d36ce61c9a3bb563",
"status": "affected",
"version": "99cbd064b059f222c8839ba433a68b2d6ee33066",
"versionType": "git"
},
{
"lessThan": "96888f0dcf351e758b9df57e015a48427ca709c1",
"status": "affected",
"version": "99cbd064b059f222c8839ba433a68b2d6ee33066",
"versionType": "git"
},
{
"lessThan": "a4e2e31971354790b0d1fa3e783452a9d135fcff",
"status": "affected",
"version": "99cbd064b059f222c8839ba433a68b2d6ee33066",
"versionType": "git"
},
{
"lessThan": "58922910add18583d5273c2edcdb9fd7bf4eca02",
"status": "affected",
"version": "99cbd064b059f222c8839ba433a68b2d6ee33066",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/qcom/clk-rcg2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: clk-rcg2: Update logic to calculate D value for RCG\n\nThe display pixel clock has a requirement on certain newer platforms to\nsupport M/N as (2/3) and the final D value calculated results in\nunderflow errors.\nAs the current implementation does not check for D value is within\nthe accepted range for a given M \u0026 N value. Update the logic to\ncalculate the final D value based on the range."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:54.404Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/52592f9afbfe01bce8f8953e4f19cbe3bcbdbd3a"
},
{
"url": "https://git.kernel.org/stable/c/334720f418f57b1d969dad2117b21f9388cb9395"
},
{
"url": "https://git.kernel.org/stable/c/34dca60982e93e69ae442aa2d36ce61c9a3bb563"
},
{
"url": "https://git.kernel.org/stable/c/96888f0dcf351e758b9df57e015a48427ca709c1"
},
{
"url": "https://git.kernel.org/stable/c/a4e2e31971354790b0d1fa3e783452a9d135fcff"
},
{
"url": "https://git.kernel.org/stable/c/58922910add18583d5273c2edcdb9fd7bf4eca02"
}
],
"title": "clk: qcom: clk-rcg2: Update logic to calculate D value for RCG",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49189",
"datePublished": "2025-02-26T01:55:37.095Z",
"dateReserved": "2025-02-26T01:49:39.286Z",
"dateUpdated": "2025-05-04T08:31:54.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49631 (GCVE-0-2022-49631)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
raw: Fix a data-race around sysctl_raw_l3mdev_accept.
While reading sysctl_raw_l3mdev_accept, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its reader.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:34:24.758858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:50.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/raw.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc9540ba5b3652c473af7e54892a48cdced87983",
"status": "affected",
"version": "6897445fb194c8ad046df4a13e1ee9f080a5a21e",
"versionType": "git"
},
{
"lessThan": "038a87b3e460d2ee579c8b1bd3890d816d6687b1",
"status": "affected",
"version": "6897445fb194c8ad046df4a13e1ee9f080a5a21e",
"versionType": "git"
},
{
"lessThan": "46e9c46203fd4676720ddca0fef7eff26826648e",
"status": "affected",
"version": "6897445fb194c8ad046df4a13e1ee9f080a5a21e",
"versionType": "git"
},
{
"lessThan": "ab5adca2e17d6595f3fc0e25ccb6bcbe2e01ca4f",
"status": "affected",
"version": "6897445fb194c8ad046df4a13e1ee9f080a5a21e",
"versionType": "git"
},
{
"lessThan": "1dace014928e6e385363032d359a04dee9158af0",
"status": "affected",
"version": "6897445fb194c8ad046df4a13e1ee9f080a5a21e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/raw.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nraw: Fix a data-race around sysctl_raw_l3mdev_accept.\n\nWhile reading sysctl_raw_l3mdev_accept, it can be changed concurrently.\nThus, we need to add READ_ONCE() to its reader."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:11.315Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc9540ba5b3652c473af7e54892a48cdced87983"
},
{
"url": "https://git.kernel.org/stable/c/038a87b3e460d2ee579c8b1bd3890d816d6687b1"
},
{
"url": "https://git.kernel.org/stable/c/46e9c46203fd4676720ddca0fef7eff26826648e"
},
{
"url": "https://git.kernel.org/stable/c/ab5adca2e17d6595f3fc0e25ccb6bcbe2e01ca4f"
},
{
"url": "https://git.kernel.org/stable/c/1dace014928e6e385363032d359a04dee9158af0"
}
],
"title": "raw: Fix a data-race around sysctl_raw_l3mdev_accept.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49631",
"datePublished": "2025-02-26T02:23:43.727Z",
"dateReserved": "2025-02-26T02:21:30.422Z",
"dateUpdated": "2025-10-01T19:36:50.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49258 (GCVE-0-2022-49258)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccree - Fix use after free in cc_cipher_exit()
kfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. But
ctx_p->user.key is still used in the next line, which will lead to a
use after free.
We can call kfree_sensitive() after dev_dbg() to avoid the uaf.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:58:54.341608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:29.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/ccree/cc_cipher.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c93017c8d5ebf55a4e453ac7c84cc84cf92ab570",
"status": "affected",
"version": "63ee04c8b491ee148489347e7da9fbfd982ca2bb",
"versionType": "git"
},
{
"lessThan": "335bf1fc74f775a8255257aa3e33763f2257b676",
"status": "affected",
"version": "63ee04c8b491ee148489347e7da9fbfd982ca2bb",
"versionType": "git"
},
{
"lessThan": "25c358efee5153dfd240d4e0d3169d5bebe9cacd",
"status": "affected",
"version": "63ee04c8b491ee148489347e7da9fbfd982ca2bb",
"versionType": "git"
},
{
"lessThan": "cffb5382bd8d3cf21b874ab5b84bf7618932286b",
"status": "affected",
"version": "63ee04c8b491ee148489347e7da9fbfd982ca2bb",
"versionType": "git"
},
{
"lessThan": "3d950c34074ed74d2713c3856ba01264523289e6",
"status": "affected",
"version": "63ee04c8b491ee148489347e7da9fbfd982ca2bb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/ccree/cc_cipher.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccree - Fix use after free in cc_cipher_exit()\n\nkfree_sensitive(ctx_p-\u003euser.key) will free the ctx_p-\u003euser.key. But\nctx_p-\u003euser.key is still used in the next line, which will lead to a\nuse after free.\n\nWe can call kfree_sensitive() after dev_dbg() to avoid the uaf."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:32.476Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c93017c8d5ebf55a4e453ac7c84cc84cf92ab570"
},
{
"url": "https://git.kernel.org/stable/c/335bf1fc74f775a8255257aa3e33763f2257b676"
},
{
"url": "https://git.kernel.org/stable/c/25c358efee5153dfd240d4e0d3169d5bebe9cacd"
},
{
"url": "https://git.kernel.org/stable/c/cffb5382bd8d3cf21b874ab5b84bf7618932286b"
},
{
"url": "https://git.kernel.org/stable/c/3d950c34074ed74d2713c3856ba01264523289e6"
}
],
"title": "crypto: ccree - Fix use after free in cc_cipher_exit()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49258",
"datePublished": "2025-02-26T01:56:11.561Z",
"dateReserved": "2025-02-26T01:49:39.296Z",
"dateUpdated": "2025-05-04T08:33:32.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49342 (GCVE-0-2022-49342)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:43:03.611967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:55.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/bgmac-bcma-mdio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b51996e35bbfcc7a27d94dfeed5cc2429b2c0df4",
"status": "affected",
"version": "55954f3bfdacc5908515b0c306cea23e77fab740",
"versionType": "git"
},
{
"lessThan": "7fb1fe7d9a167205413f1de8db9f7d0f82c78286",
"status": "affected",
"version": "55954f3bfdacc5908515b0c306cea23e77fab740",
"versionType": "git"
},
{
"lessThan": "b8d91399775c55162073bb2aca061ec42e3d4bc1",
"status": "affected",
"version": "55954f3bfdacc5908515b0c306cea23e77fab740",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/broadcom/bgmac-bcma-mdio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:41.250Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b51996e35bbfcc7a27d94dfeed5cc2429b2c0df4"
},
{
"url": "https://git.kernel.org/stable/c/7fb1fe7d9a167205413f1de8db9f7d0f82c78286"
},
{
"url": "https://git.kernel.org/stable/c/b8d91399775c55162073bb2aca061ec42e3d4bc1"
}
],
"title": "net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49342",
"datePublished": "2025-02-26T02:10:58.604Z",
"dateReserved": "2025-02-26T02:08:31.542Z",
"dateUpdated": "2025-10-01T19:46:55.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49474 (GCVE-0-2022-49474)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
Connecting the same socket twice consecutively in sco_sock_connect()
could lead to a race condition where two sco_conn objects are created
but only one is associated with the socket. If the socket is closed
before the SCO connection is established, the timer associated with the
dangling sco_conn object won't be canceled. As the sock object is being
freed, the use-after-free problem happens when the timer callback
function sco_sock_timeout() accesses the socket. Here's the call trace:
dump_stack+0x107/0x163
? refcount_inc+0x1c/
print_address_description.constprop.0+0x1c/0x47e
? refcount_inc+0x1c/0x7b
kasan_report+0x13a/0x173
? refcount_inc+0x1c/0x7b
check_memory_region+0x132/0x139
refcount_inc+0x1c/0x7b
sco_sock_timeout+0xb2/0x1ba
process_one_work+0x739/0xbd1
? cancel_delayed_work+0x13f/0x13f
? __raw_spin_lock_init+0xf0/0xf0
? to_kthread+0x59/0x85
worker_thread+0x593/0x70e
kthread+0x346/0x35a
? drain_workqueue+0x31a/0x31a
? kthread_bind+0x4b/0x4b
ret_from_fork+0x1f/0x30
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 22c66af08230a7030bdb88accffaec3424695631 Version: 0115a66ebb44bd9127ccb58cf43ed23c795eb1f0 Version: bc4b08383046f3282b6fa58cfcef05bd13e52b93 Version: 5ccb04c6e1fb7b97fa2e1785b67c3a1cb3527ef7 Version: 059c2c09f4b7f97711d0d8eaa0b9877f5e7d0a75 Version: e1dee2c1de2b4dd00eb44004a4bda6326ed07b59 Version: e1dee2c1de2b4dd00eb44004a4bda6326ed07b59 Version: e1dee2c1de2b4dd00eb44004a4bda6326ed07b59 Version: e1dee2c1de2b4dd00eb44004a4bda6326ed07b59 Version: 98ae477ed1540d3acbbf44d88ee237ad64275158 Version: f0c389e23e2475e5837716a629c81b7a9d90cc94 Version: 0b9da4bde0d59c61b3675bdd80a05a726beb875a |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:15:54.463749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:32.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/sco.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9de3dc09e56f8deacd2bdbf4cecb71e11a312405",
"status": "affected",
"version": "22c66af08230a7030bdb88accffaec3424695631",
"versionType": "git"
},
{
"lessThan": "7d61dbd7311ab978d8ddac1749a758de4de00374",
"status": "affected",
"version": "0115a66ebb44bd9127ccb58cf43ed23c795eb1f0",
"versionType": "git"
},
{
"lessThan": "390d82733a953c1fabf3de9c9618091a7a9c90a6",
"status": "affected",
"version": "bc4b08383046f3282b6fa58cfcef05bd13e52b93",
"versionType": "git"
},
{
"lessThan": "6f55fac0af3531cf60d11369454c41f5fc81ab3f",
"status": "affected",
"version": "5ccb04c6e1fb7b97fa2e1785b67c3a1cb3527ef7",
"versionType": "git"
},
{
"lessThan": "36c644c63bfcaee2d3a426f45e89a9cd09799318",
"status": "affected",
"version": "059c2c09f4b7f97711d0d8eaa0b9877f5e7d0a75",
"versionType": "git"
},
{
"lessThan": "65d347cb39e2e6bd0c2a745ad7c928998ebb0162",
"status": "affected",
"version": "e1dee2c1de2b4dd00eb44004a4bda6326ed07b59",
"versionType": "git"
},
{
"lessThan": "537f619dea4e3fa8ed1f8f938abffe3615794bcc",
"status": "affected",
"version": "e1dee2c1de2b4dd00eb44004a4bda6326ed07b59",
"versionType": "git"
},
{
"lessThan": "99df16007f4bbf9abfc3478cb17d10f0d7f8906e",
"status": "affected",
"version": "e1dee2c1de2b4dd00eb44004a4bda6326ed07b59",
"versionType": "git"
},
{
"lessThan": "7aa1e7d15f8a5b65f67bacb100d8fc033b21efa2",
"status": "affected",
"version": "e1dee2c1de2b4dd00eb44004a4bda6326ed07b59",
"versionType": "git"
},
{
"status": "affected",
"version": "98ae477ed1540d3acbbf44d88ee237ad64275158",
"versionType": "git"
},
{
"status": "affected",
"version": "f0c389e23e2475e5837716a629c81b7a9d90cc94",
"versionType": "git"
},
{
"status": "affected",
"version": "0b9da4bde0d59c61b3675bdd80a05a726beb875a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/sco.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "4.9.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.14.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.19.207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "5.4.146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.10.65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout\n\nConnecting the same socket twice consecutively in sco_sock_connect()\ncould lead to a race condition where two sco_conn objects are created\nbut only one is associated with the socket. If the socket is closed\nbefore the SCO connection is established, the timer associated with the\ndangling sco_conn object won\u0027t be canceled. As the sock object is being\nfreed, the use-after-free problem happens when the timer callback\nfunction sco_sock_timeout() accesses the socket. Here\u0027s the call trace:\n\ndump_stack+0x107/0x163\n? refcount_inc+0x1c/\nprint_address_description.constprop.0+0x1c/0x47e\n? refcount_inc+0x1c/0x7b\nkasan_report+0x13a/0x173\n? refcount_inc+0x1c/0x7b\ncheck_memory_region+0x132/0x139\nrefcount_inc+0x1c/0x7b\nsco_sock_timeout+0xb2/0x1ba\nprocess_one_work+0x739/0xbd1\n? cancel_delayed_work+0x13f/0x13f\n? __raw_spin_lock_init+0xf0/0xf0\n? to_kthread+0x59/0x85\nworker_thread+0x593/0x70e\nkthread+0x346/0x35a\n? drain_workqueue+0x31a/0x31a\n? kthread_bind+0x4b/0x4b\nret_from_fork+0x1f/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:51.218Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9de3dc09e56f8deacd2bdbf4cecb71e11a312405"
},
{
"url": "https://git.kernel.org/stable/c/7d61dbd7311ab978d8ddac1749a758de4de00374"
},
{
"url": "https://git.kernel.org/stable/c/390d82733a953c1fabf3de9c9618091a7a9c90a6"
},
{
"url": "https://git.kernel.org/stable/c/6f55fac0af3531cf60d11369454c41f5fc81ab3f"
},
{
"url": "https://git.kernel.org/stable/c/36c644c63bfcaee2d3a426f45e89a9cd09799318"
},
{
"url": "https://git.kernel.org/stable/c/65d347cb39e2e6bd0c2a745ad7c928998ebb0162"
},
{
"url": "https://git.kernel.org/stable/c/537f619dea4e3fa8ed1f8f938abffe3615794bcc"
},
{
"url": "https://git.kernel.org/stable/c/99df16007f4bbf9abfc3478cb17d10f0d7f8906e"
},
{
"url": "https://git.kernel.org/stable/c/7aa1e7d15f8a5b65f67bacb100d8fc033b21efa2"
}
],
"title": "Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49474",
"datePublished": "2025-02-26T02:13:16.679Z",
"dateReserved": "2025-02-26T02:08:31.579Z",
"dateUpdated": "2025-05-04T12:44:51.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49088 (GCVE-0-2022-49088)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
This node pointer is returned by of_find_compatible_node() with
refcount incremented. Calling of_node_put() to aovid the refcount leak.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d346c9e86d8685d7cdceddf5b2e9c4376334620c Version: d346c9e86d8685d7cdceddf5b2e9c4376334620c Version: d346c9e86d8685d7cdceddf5b2e9c4376334620c Version: d346c9e86d8685d7cdceddf5b2e9c4376334620c Version: d346c9e86d8685d7cdceddf5b2e9c4376334620c Version: d346c9e86d8685d7cdceddf5b2e9c4376334620c |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/dpaa2/dpaa2-ptp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fbe5f4c0dd3475178f17ddd8b8d5044ebeae0be7",
"status": "affected",
"version": "d346c9e86d8685d7cdceddf5b2e9c4376334620c",
"versionType": "git"
},
{
"lessThan": "ebd1e3458dbf6643aa0272da398cb5b537d492b7",
"status": "affected",
"version": "d346c9e86d8685d7cdceddf5b2e9c4376334620c",
"versionType": "git"
},
{
"lessThan": "599874bbc4ed832ccb578d48ac0ae7344382ef43",
"status": "affected",
"version": "d346c9e86d8685d7cdceddf5b2e9c4376334620c",
"versionType": "git"
},
{
"lessThan": "46d120f7c163706d6c31ee00baa0be64c4572b78",
"status": "affected",
"version": "d346c9e86d8685d7cdceddf5b2e9c4376334620c",
"versionType": "git"
},
{
"lessThan": "45fdd98b70142521739615ad1bfb760401863b73",
"status": "affected",
"version": "d346c9e86d8685d7cdceddf5b2e9c4376334620c",
"versionType": "git"
},
{
"lessThan": "2b04bd4f03bba021959ca339314f6739710f0954",
"status": "affected",
"version": "d346c9e86d8685d7cdceddf5b2e9c4376334620c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/dpaa2/dpaa2-ptp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe\n\nThis node pointer is returned by of_find_compatible_node() with\nrefcount incremented. Calling of_node_put() to aovid the refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:28.243Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fbe5f4c0dd3475178f17ddd8b8d5044ebeae0be7"
},
{
"url": "https://git.kernel.org/stable/c/ebd1e3458dbf6643aa0272da398cb5b537d492b7"
},
{
"url": "https://git.kernel.org/stable/c/599874bbc4ed832ccb578d48ac0ae7344382ef43"
},
{
"url": "https://git.kernel.org/stable/c/46d120f7c163706d6c31ee00baa0be64c4572b78"
},
{
"url": "https://git.kernel.org/stable/c/45fdd98b70142521739615ad1bfb760401863b73"
},
{
"url": "https://git.kernel.org/stable/c/2b04bd4f03bba021959ca339314f6739710f0954"
}
],
"title": "dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49088",
"datePublished": "2025-02-26T01:54:45.165Z",
"dateReserved": "2025-02-26T01:49:39.248Z",
"dateUpdated": "2025-05-04T08:29:28.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49199 (GCVE-0-2022-49199)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit()
This code checks "index" for an upper bound but it does not check for
negatives. Change the type to unsigned to prevent underflows.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/nldev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f6dd8669b8299a3a536cd92a7069152a7704da1d",
"status": "affected",
"version": "3c3c1f1416392382faa0238e76a70d7810aab2ef",
"versionType": "git"
},
{
"lessThan": "2a495ef04d5f42e6f00eb2bec1ee9075e3d5a771",
"status": "affected",
"version": "3c3c1f1416392382faa0238e76a70d7810aab2ef",
"versionType": "git"
},
{
"lessThan": "87e0eacb176f9500c2063d140c0a1d7fa51ab8a5",
"status": "affected",
"version": "3c3c1f1416392382faa0238e76a70d7810aab2ef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/nldev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit()\n\nThis code checks \"index\" for an upper bound but it does not check for\nnegatives. Change the type to unsigned to prevent underflows."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:12.066Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f6dd8669b8299a3a536cd92a7069152a7704da1d"
},
{
"url": "https://git.kernel.org/stable/c/2a495ef04d5f42e6f00eb2bec1ee9075e3d5a771"
},
{
"url": "https://git.kernel.org/stable/c/87e0eacb176f9500c2063d140c0a1d7fa51ab8a5"
}
],
"title": "RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49199",
"datePublished": "2025-02-26T01:55:42.120Z",
"dateReserved": "2025-02-26T01:49:39.291Z",
"dateUpdated": "2025-05-04T08:32:12.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49424 (GCVE-0-2022-49424)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 12:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/mediatek: Fix NULL pointer dereference when printing dev_name
When larbdev is NULL (in the case I hit, the node is incorrectly set
iommus = <&iommu NUM>), it will cause device_link_add() fail and
kernel crashes when we try to print dev_name(larbdev).
Let's fail the probe if a larbdev is NULL to avoid invalid inputs from
dts.
It should work for normal correct setting and avoid the crash caused
by my incorrect setting.
Error log:
[ 18.189042][ T301] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050
...
[ 18.344519][ T301] pstate: a0400005 (NzCv daif +PAN -UAO)
[ 18.345213][ T301] pc : mtk_iommu_probe_device+0xf8/0x118 [mtk_iommu]
[ 18.346050][ T301] lr : mtk_iommu_probe_device+0xd0/0x118 [mtk_iommu]
[ 18.346884][ T301] sp : ffffffc00a5635e0
[ 18.347392][ T301] x29: ffffffc00a5635e0 x28: ffffffd44a46c1d8
[ 18.348156][ T301] x27: ffffff80c39a8000 x26: ffffffd44a80cc38
[ 18.348917][ T301] x25: 0000000000000000 x24: ffffffd44a80cc38
[ 18.349677][ T301] x23: ffffffd44e4da4c6 x22: ffffffd44a80cc38
[ 18.350438][ T301] x21: ffffff80cecd1880 x20: 0000000000000000
[ 18.351198][ T301] x19: ffffff80c439f010 x18: ffffffc00a50d0c0
[ 18.351959][ T301] x17: ffffffffffffffff x16: 0000000000000004
[ 18.352719][ T301] x15: 0000000000000004 x14: ffffffd44eb5d420
[ 18.353480][ T301] x13: 0000000000000ad2 x12: 0000000000000003
[ 18.354241][ T301] x11: 00000000fffffad2 x10: c0000000fffffad2
[ 18.355003][ T301] x9 : a0d288d8d7142d00 x8 : a0d288d8d7142d00
[ 18.355763][ T301] x7 : ffffffd44c2bc640 x6 : 0000000000000000
[ 18.356524][ T301] x5 : 0000000000000080 x4 : 0000000000000001
[ 18.357284][ T301] x3 : 0000000000000000 x2 : 0000000000000005
[ 18.358045][ T301] x1 : 0000000000000000 x0 : 0000000000000000
[ 18.360208][ T301] Hardware name: MT6873 (DT)
[ 18.360771][ T301] Call trace:
[ 18.361168][ T301] dump_backtrace+0xf8/0x1f0
[ 18.361737][ T301] dump_stack_lvl+0xa8/0x11c
[ 18.362305][ T301] dump_stack+0x1c/0x2c
[ 18.362816][ T301] mrdump_common_die+0x184/0x40c [mrdump]
[ 18.363575][ T301] ipanic_die+0x24/0x38 [mrdump]
[ 18.364230][ T301] atomic_notifier_call_chain+0x128/0x2b8
[ 18.364937][ T301] die+0x16c/0x568
[ 18.365394][ T301] __do_kernel_fault+0x1e8/0x214
[ 18.365402][ T301] do_page_fault+0xb8/0x678
[ 18.366934][ T301] do_translation_fault+0x48/0x64
[ 18.368645][ T301] do_mem_abort+0x68/0x148
[ 18.368652][ T301] el1_abort+0x40/0x64
[ 18.368660][ T301] el1h_64_sync_handler+0x54/0x88
[ 18.368668][ T301] el1h_64_sync+0x68/0x6c
[ 18.368673][ T301] mtk_iommu_probe_device+0xf8/0x118 [mtk_iommu]
...
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/mtk_iommu.c",
"drivers/iommu/mtk_iommu_v1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c3c2734e28d7fac50228c4d2b8896e8695adf304",
"status": "affected",
"version": "77fbe028d5a3f7fc6060c4454ead9510533acd1e",
"versionType": "git"
},
{
"lessThan": "e9c63c0f73a1bbfd02624f5eae7e881df8b6830f",
"status": "affected",
"version": "18ea450ed1b60c1bb336f5efe874f61909ce7bec",
"versionType": "git"
},
{
"lessThan": "8837c2682b9b2eed83e6212bcf79850c593a6fee",
"status": "affected",
"version": "635319a4a7444ca97124d781cd96deb277ff4d40",
"versionType": "git"
},
{
"lessThan": "de78657e16f41417da9332f09c2d67d100096939",
"status": "affected",
"version": "635319a4a7444ca97124d781cd96deb277ff4d40",
"versionType": "git"
},
{
"status": "affected",
"version": "b7bf68272b6ae7c469854e2e054db1db1d158999",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/mtk_iommu.c",
"drivers/iommu/mtk_iommu_v1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Fix NULL pointer dereference when printing dev_name\n\nWhen larbdev is NULL (in the case I hit, the node is incorrectly set\niommus = \u003c\u0026iommu NUM\u003e), it will cause device_link_add() fail and\nkernel crashes when we try to print dev_name(larbdev).\n\nLet\u0027s fail the probe if a larbdev is NULL to avoid invalid inputs from\ndts.\n\nIt should work for normal correct setting and avoid the crash caused\nby my incorrect setting.\n\nError log:\n[ 18.189042][ T301] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n...\n[ 18.344519][ T301] pstate: a0400005 (NzCv daif +PAN -UAO)\n[ 18.345213][ T301] pc : mtk_iommu_probe_device+0xf8/0x118 [mtk_iommu]\n[ 18.346050][ T301] lr : mtk_iommu_probe_device+0xd0/0x118 [mtk_iommu]\n[ 18.346884][ T301] sp : ffffffc00a5635e0\n[ 18.347392][ T301] x29: ffffffc00a5635e0 x28: ffffffd44a46c1d8\n[ 18.348156][ T301] x27: ffffff80c39a8000 x26: ffffffd44a80cc38\n[ 18.348917][ T301] x25: 0000000000000000 x24: ffffffd44a80cc38\n[ 18.349677][ T301] x23: ffffffd44e4da4c6 x22: ffffffd44a80cc38\n[ 18.350438][ T301] x21: ffffff80cecd1880 x20: 0000000000000000\n[ 18.351198][ T301] x19: ffffff80c439f010 x18: ffffffc00a50d0c0\n[ 18.351959][ T301] x17: ffffffffffffffff x16: 0000000000000004\n[ 18.352719][ T301] x15: 0000000000000004 x14: ffffffd44eb5d420\n[ 18.353480][ T301] x13: 0000000000000ad2 x12: 0000000000000003\n[ 18.354241][ T301] x11: 00000000fffffad2 x10: c0000000fffffad2\n[ 18.355003][ T301] x9 : a0d288d8d7142d00 x8 : a0d288d8d7142d00\n[ 18.355763][ T301] x7 : ffffffd44c2bc640 x6 : 0000000000000000\n[ 18.356524][ T301] x5 : 0000000000000080 x4 : 0000000000000001\n[ 18.357284][ T301] x3 : 0000000000000000 x2 : 0000000000000005\n[ 18.358045][ T301] x1 : 0000000000000000 x0 : 0000000000000000\n[ 18.360208][ T301] Hardware name: MT6873 (DT)\n[ 18.360771][ T301] Call trace:\n[ 18.361168][ T301] dump_backtrace+0xf8/0x1f0\n[ 18.361737][ T301] dump_stack_lvl+0xa8/0x11c\n[ 18.362305][ T301] dump_stack+0x1c/0x2c\n[ 18.362816][ T301] mrdump_common_die+0x184/0x40c [mrdump]\n[ 18.363575][ T301] ipanic_die+0x24/0x38 [mrdump]\n[ 18.364230][ T301] atomic_notifier_call_chain+0x128/0x2b8\n[ 18.364937][ T301] die+0x16c/0x568\n[ 18.365394][ T301] __do_kernel_fault+0x1e8/0x214\n[ 18.365402][ T301] do_page_fault+0xb8/0x678\n[ 18.366934][ T301] do_translation_fault+0x48/0x64\n[ 18.368645][ T301] do_mem_abort+0x68/0x148\n[ 18.368652][ T301] el1_abort+0x40/0x64\n[ 18.368660][ T301] el1h_64_sync_handler+0x54/0x88\n[ 18.368668][ T301] el1h_64_sync+0x68/0x6c\n[ 18.368673][ T301] mtk_iommu_probe_device+0xf8/0x118 [mtk_iommu]\n..."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:40.498Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c3c2734e28d7fac50228c4d2b8896e8695adf304"
},
{
"url": "https://git.kernel.org/stable/c/e9c63c0f73a1bbfd02624f5eae7e881df8b6830f"
},
{
"url": "https://git.kernel.org/stable/c/8837c2682b9b2eed83e6212bcf79850c593a6fee"
},
{
"url": "https://git.kernel.org/stable/c/de78657e16f41417da9332f09c2d67d100096939"
}
],
"title": "iommu/mediatek: Fix NULL pointer dereference when printing dev_name",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49424",
"datePublished": "2025-02-26T02:12:46.209Z",
"dateReserved": "2025-02-26T02:08:31.569Z",
"dateUpdated": "2025-05-04T12:44:40.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49643 (GCVE-0-2022-49643)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ima: Fix a potential integer overflow in ima_appraise_measurement
When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be
negative, which may cause the integer overflow problem.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:55.240399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:48.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/integrity/ima/ima_appraise.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "388f3df7c3c8b7f2a32b9ae0a9b2f9f6ad3b1b77",
"status": "affected",
"version": "39b07096364a42c516415d5f841069e885234e61",
"versionType": "git"
},
{
"lessThan": "831e190175f10652be93b08436cc7bf2e62e4bb6",
"status": "affected",
"version": "39b07096364a42c516415d5f841069e885234e61",
"versionType": "git"
},
{
"lessThan": "c8d5d81940938b5f6c0f495ca9538e7740416f30",
"status": "affected",
"version": "39b07096364a42c516415d5f841069e885234e61",
"versionType": "git"
},
{
"lessThan": "640cea4c2839a821adfbb703b590a5928abe9286",
"status": "affected",
"version": "39b07096364a42c516415d5f841069e885234e61",
"versionType": "git"
},
{
"lessThan": "d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999",
"status": "affected",
"version": "39b07096364a42c516415d5f841069e885234e61",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/integrity/ima/ima_appraise.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.207",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix a potential integer overflow in ima_appraise_measurement\n\nWhen the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be\nnegative, which may cause the integer overflow problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:26.456Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/388f3df7c3c8b7f2a32b9ae0a9b2f9f6ad3b1b77"
},
{
"url": "https://git.kernel.org/stable/c/831e190175f10652be93b08436cc7bf2e62e4bb6"
},
{
"url": "https://git.kernel.org/stable/c/c8d5d81940938b5f6c0f495ca9538e7740416f30"
},
{
"url": "https://git.kernel.org/stable/c/640cea4c2839a821adfbb703b590a5928abe9286"
},
{
"url": "https://git.kernel.org/stable/c/d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999"
}
],
"title": "ima: Fix a potential integer overflow in ima_appraise_measurement",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49643",
"datePublished": "2025-02-26T02:23:49.658Z",
"dateReserved": "2025-02-26T02:21:30.431Z",
"dateUpdated": "2025-10-01T19:36:48.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49350 (GCVE-0-2022-49350)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: mdio: unexport __init-annotated mdio_bus_init()
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because the only in-tree call-site,
drivers/net/phy/phy_device.c is never compiled as modular.
(CONFIG_PHYLIB is boolean)
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 90eff9096c01ba90cdae504a6b95ee87fe2556a3 Version: 90eff9096c01ba90cdae504a6b95ee87fe2556a3 Version: 90eff9096c01ba90cdae504a6b95ee87fe2556a3 Version: 90eff9096c01ba90cdae504a6b95ee87fe2556a3 Version: 90eff9096c01ba90cdae504a6b95ee87fe2556a3 Version: 90eff9096c01ba90cdae504a6b95ee87fe2556a3 Version: 90eff9096c01ba90cdae504a6b95ee87fe2556a3 Version: 90eff9096c01ba90cdae504a6b95ee87fe2556a3 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/mdio_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ab64ec2c75683f30ccde9eaaf0761002f901aa12",
"status": "affected",
"version": "90eff9096c01ba90cdae504a6b95ee87fe2556a3",
"versionType": "git"
},
{
"lessThan": "5534bcd7c40299862237c4a8fd9c5031b3db1538",
"status": "affected",
"version": "90eff9096c01ba90cdae504a6b95ee87fe2556a3",
"versionType": "git"
},
{
"lessThan": "6a90a44d53428a3bf01bd80df9ba78b19959270c",
"status": "affected",
"version": "90eff9096c01ba90cdae504a6b95ee87fe2556a3",
"versionType": "git"
},
{
"lessThan": "7759c3222815b945a94b212bc0c6cdec475cfec2",
"status": "affected",
"version": "90eff9096c01ba90cdae504a6b95ee87fe2556a3",
"versionType": "git"
},
{
"lessThan": "59fa94cddf9eef8d8dae587373eed8b8f4eb11d7",
"status": "affected",
"version": "90eff9096c01ba90cdae504a6b95ee87fe2556a3",
"versionType": "git"
},
{
"lessThan": "f5c68137f1191ba3fcf6260ec71b30be2e2bf4c3",
"status": "affected",
"version": "90eff9096c01ba90cdae504a6b95ee87fe2556a3",
"versionType": "git"
},
{
"lessThan": "f2f0f8c18b60ca64ff50892ed899cf1c77864755",
"status": "affected",
"version": "90eff9096c01ba90cdae504a6b95ee87fe2556a3",
"versionType": "git"
},
{
"lessThan": "35b42dce619701f1300fb8498dae82c9bb1f0263",
"status": "affected",
"version": "90eff9096c01ba90cdae504a6b95ee87fe2556a3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/phy/mdio_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdio: unexport __init-annotated mdio_bus_init()\n\nEXPORT_SYMBOL and __init is a bad combination because the .init.text\nsection is freed up after the initialization. Hence, modules cannot\nuse symbols annotated __init. The access to a freed symbol may end up\nwith kernel panic.\n\nmodpost used to detect it, but it has been broken for a decade.\n\nRecently, I fixed modpost so it started to warn it again, then this\nshowed up in linux-next builds.\n\nThere are two ways to fix it:\n\n - Remove __init\n - Remove EXPORT_SYMBOL\n\nI chose the latter for this case because the only in-tree call-site,\ndrivers/net/phy/phy_device.c is never compiled as modular.\n(CONFIG_PHYLIB is boolean)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:51.230Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ab64ec2c75683f30ccde9eaaf0761002f901aa12"
},
{
"url": "https://git.kernel.org/stable/c/5534bcd7c40299862237c4a8fd9c5031b3db1538"
},
{
"url": "https://git.kernel.org/stable/c/6a90a44d53428a3bf01bd80df9ba78b19959270c"
},
{
"url": "https://git.kernel.org/stable/c/7759c3222815b945a94b212bc0c6cdec475cfec2"
},
{
"url": "https://git.kernel.org/stable/c/59fa94cddf9eef8d8dae587373eed8b8f4eb11d7"
},
{
"url": "https://git.kernel.org/stable/c/f5c68137f1191ba3fcf6260ec71b30be2e2bf4c3"
},
{
"url": "https://git.kernel.org/stable/c/f2f0f8c18b60ca64ff50892ed899cf1c77864755"
},
{
"url": "https://git.kernel.org/stable/c/35b42dce619701f1300fb8498dae82c9bb1f0263"
}
],
"title": "net: mdio: unexport __init-annotated mdio_bus_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49350",
"datePublished": "2025-02-26T02:11:03.514Z",
"dateReserved": "2025-02-26T02:08:31.544Z",
"dateUpdated": "2025-05-04T08:35:51.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49672 (GCVE-0-2022-49672)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: tun: unlink NAPI from device on destruction
Syzbot found a race between tun file and device destruction.
NAPIs live in struct tun_file which can get destroyed before
the netdev so we have to del them explicitly. The current
code is missing deleting the NAPI if the queue was detached
first.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 943170998b200190f99d3fe7e771437e2c51f319 Version: 943170998b200190f99d3fe7e771437e2c51f319 Version: 943170998b200190f99d3fe7e771437e2c51f319 Version: 943170998b200190f99d3fe7e771437e2c51f319 Version: 943170998b200190f99d3fe7e771437e2c51f319 Version: 943170998b200190f99d3fe7e771437e2c51f319 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/tun.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "82e729aee59acefe135fceffadcbc5b86dd4f1b9",
"status": "affected",
"version": "943170998b200190f99d3fe7e771437e2c51f319",
"versionType": "git"
},
{
"lessThan": "a8cf919022373c97a84fe596bbea544f909c485d",
"status": "affected",
"version": "943170998b200190f99d3fe7e771437e2c51f319",
"versionType": "git"
},
{
"lessThan": "bec1be0a745ab420718217e3e0d9542a75108989",
"status": "affected",
"version": "943170998b200190f99d3fe7e771437e2c51f319",
"versionType": "git"
},
{
"lessThan": "8145f77d38de4f88b8a69e1463f5c09ba189d77c",
"status": "affected",
"version": "943170998b200190f99d3fe7e771437e2c51f319",
"versionType": "git"
},
{
"lessThan": "8661d4b8faa2f7ee7a559969c0a7c57f077b1728",
"status": "affected",
"version": "943170998b200190f99d3fe7e771437e2c51f319",
"versionType": "git"
},
{
"lessThan": "3b9bc84d311104906d2b4995a9a02d7b7ddab2db",
"status": "affected",
"version": "943170998b200190f99d3fe7e771437e2c51f319",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/tun.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.251",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.204",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.251",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.204",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.129",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.53",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.10",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: unlink NAPI from device on destruction\n\nSyzbot found a race between tun file and device destruction.\nNAPIs live in struct tun_file which can get destroyed before\nthe netdev so we have to del them explicitly. The current\ncode is missing deleting the NAPI if the queue was detached\nfirst."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:01.207Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/82e729aee59acefe135fceffadcbc5b86dd4f1b9"
},
{
"url": "https://git.kernel.org/stable/c/a8cf919022373c97a84fe596bbea544f909c485d"
},
{
"url": "https://git.kernel.org/stable/c/bec1be0a745ab420718217e3e0d9542a75108989"
},
{
"url": "https://git.kernel.org/stable/c/8145f77d38de4f88b8a69e1463f5c09ba189d77c"
},
{
"url": "https://git.kernel.org/stable/c/8661d4b8faa2f7ee7a559969c0a7c57f077b1728"
},
{
"url": "https://git.kernel.org/stable/c/3b9bc84d311104906d2b4995a9a02d7b7ddab2db"
}
],
"title": "net: tun: unlink NAPI from device on destruction",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49672",
"datePublished": "2025-02-26T02:24:05.284Z",
"dateReserved": "2025-02-26T02:21:30.437Z",
"dateUpdated": "2025-05-04T08:43:01.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49287 (GCVE-0-2022-49287)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tpm: fix reference counting for struct tpm_chip
The following sequence of operations results in a refcount warning:
1. Open device /dev/tpmrm.
2. Remove module tpm_tis_spi.
3. Write a TPM command to the file descriptor opened at step 1.
------------[ cut here ]------------
WARNING: CPU: 3 PID: 1161 at lib/refcount.c:25 kobject_get+0xa0/0xa4
refcount_t: addition on 0; use-after-free.
Modules linked in: tpm_tis_spi tpm_tis_core tpm mdio_bcm_unimac brcmfmac
sha256_generic libsha256 sha256_arm hci_uart btbcm bluetooth cfg80211 vc4
brcmutil ecdh_generic ecc snd_soc_core crc32_arm_ce libaes
raspberrypi_hwmon ac97_bus snd_pcm_dmaengine bcm2711_thermal snd_pcm
snd_timer genet snd phy_generic soundcore [last unloaded: spi_bcm2835]
CPU: 3 PID: 1161 Comm: hold_open Not tainted 5.10.0ls-main-dirty #2
Hardware name: BCM2711
[<c0410c3c>] (unwind_backtrace) from [<c040b580>] (show_stack+0x10/0x14)
[<c040b580>] (show_stack) from [<c1092174>] (dump_stack+0xc4/0xd8)
[<c1092174>] (dump_stack) from [<c0445a30>] (__warn+0x104/0x108)
[<c0445a30>] (__warn) from [<c0445aa8>] (warn_slowpath_fmt+0x74/0xb8)
[<c0445aa8>] (warn_slowpath_fmt) from [<c08435d0>] (kobject_get+0xa0/0xa4)
[<c08435d0>] (kobject_get) from [<bf0a715c>] (tpm_try_get_ops+0x14/0x54 [tpm])
[<bf0a715c>] (tpm_try_get_ops [tpm]) from [<bf0a7d6c>] (tpm_common_write+0x38/0x60 [tpm])
[<bf0a7d6c>] (tpm_common_write [tpm]) from [<c05a7ac0>] (vfs_write+0xc4/0x3c0)
[<c05a7ac0>] (vfs_write) from [<c05a7ee4>] (ksys_write+0x58/0xcc)
[<c05a7ee4>] (ksys_write) from [<c04001a0>] (ret_fast_syscall+0x0/0x4c)
Exception stack(0xc226bfa8 to 0xc226bff0)
bfa0: 00000000 000105b4 00000003 beafe664 00000014 00000000
bfc0: 00000000 000105b4 000103f8 00000004 00000000 00000000 b6f9c000 beafe684
bfe0: 0000006c beafe648 0001056c b6eb6944
---[ end trace d4b8409def9b8b1f ]---
The reason for this warning is the attempt to get the chip->dev reference
in tpm_common_write() although the reference counter is already zero.
Since commit 8979b02aaf1d ("tpm: Fix reference count to main device") the
extra reference used to prevent a premature zero counter is never taken,
because the required TPM_CHIP_FLAG_TPM2 flag is never set.
Fix this by moving the TPM 2 character device handling from
tpm_chip_alloc() to tpm_add_char_device() which is called at a later point
in time when the flag has been set in case of TPM2.
Commit fdc915f7f719 ("tpm: expose spaces via a device link /dev/tpmrm<n>")
already introduced function tpm_devs_release() to release the extra
reference but did not implement the required put on chip->devs that results
in the call of this function.
Fix this by putting chip->devs in tpm_chip_unregister().
Finally move the new implementation for the TPM 2 handling into a new
function to avoid multiple checks for the TPM_CHIP_FLAG_TPM2 flag in the
good case and error cases.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66 Version: fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66 Version: fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66 Version: fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66 Version: fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66 Version: fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66 Version: fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66 Version: fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:16:50.967565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:34.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm-chip.c",
"drivers/char/tpm/tpm.h",
"drivers/char/tpm/tpm2-space.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "473a66f99cb8173c14138c5a5c69bfad04e8f9ac",
"status": "affected",
"version": "fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66",
"versionType": "git"
},
{
"lessThan": "cb64bd038beacb4331fe464a36c8b5481e8f51e2",
"status": "affected",
"version": "fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66",
"versionType": "git"
},
{
"lessThan": "a27ed2f3695baf15f9b34d2d7a1f9fc105539a81",
"status": "affected",
"version": "fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66",
"versionType": "git"
},
{
"lessThan": "290e05f346d1829e849662c97e42d5ad984f5258",
"status": "affected",
"version": "fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66",
"versionType": "git"
},
{
"lessThan": "662893b4f6bd466ff9e1cd454c44c26d32d554fe",
"status": "affected",
"version": "fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66",
"versionType": "git"
},
{
"lessThan": "2f928c0d5c02dbab49e8c19d98725c822f6fc409",
"status": "affected",
"version": "fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66",
"versionType": "git"
},
{
"lessThan": "6e7baf84149fb43950631415de231b3a41915aa3",
"status": "affected",
"version": "fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66",
"versionType": "git"
},
{
"lessThan": "7e0438f83dc769465ee663bb5dcf8cc154940712",
"status": "affected",
"version": "fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/tpm/tpm-chip.c",
"drivers/char/tpm/tpm.h",
"drivers/char/tpm/tpm2-space.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.1",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: fix reference counting for struct tpm_chip\n\nThe following sequence of operations results in a refcount warning:\n\n1. Open device /dev/tpmrm.\n2. Remove module tpm_tis_spi.\n3. Write a TPM command to the file descriptor opened at step 1.\n\n------------[ cut here ]------------\nWARNING: CPU: 3 PID: 1161 at lib/refcount.c:25 kobject_get+0xa0/0xa4\nrefcount_t: addition on 0; use-after-free.\nModules linked in: tpm_tis_spi tpm_tis_core tpm mdio_bcm_unimac brcmfmac\nsha256_generic libsha256 sha256_arm hci_uart btbcm bluetooth cfg80211 vc4\nbrcmutil ecdh_generic ecc snd_soc_core crc32_arm_ce libaes\nraspberrypi_hwmon ac97_bus snd_pcm_dmaengine bcm2711_thermal snd_pcm\nsnd_timer genet snd phy_generic soundcore [last unloaded: spi_bcm2835]\nCPU: 3 PID: 1161 Comm: hold_open Not tainted 5.10.0ls-main-dirty #2\nHardware name: BCM2711\n[\u003cc0410c3c\u003e] (unwind_backtrace) from [\u003cc040b580\u003e] (show_stack+0x10/0x14)\n[\u003cc040b580\u003e] (show_stack) from [\u003cc1092174\u003e] (dump_stack+0xc4/0xd8)\n[\u003cc1092174\u003e] (dump_stack) from [\u003cc0445a30\u003e] (__warn+0x104/0x108)\n[\u003cc0445a30\u003e] (__warn) from [\u003cc0445aa8\u003e] (warn_slowpath_fmt+0x74/0xb8)\n[\u003cc0445aa8\u003e] (warn_slowpath_fmt) from [\u003cc08435d0\u003e] (kobject_get+0xa0/0xa4)\n[\u003cc08435d0\u003e] (kobject_get) from [\u003cbf0a715c\u003e] (tpm_try_get_ops+0x14/0x54 [tpm])\n[\u003cbf0a715c\u003e] (tpm_try_get_ops [tpm]) from [\u003cbf0a7d6c\u003e] (tpm_common_write+0x38/0x60 [tpm])\n[\u003cbf0a7d6c\u003e] (tpm_common_write [tpm]) from [\u003cc05a7ac0\u003e] (vfs_write+0xc4/0x3c0)\n[\u003cc05a7ac0\u003e] (vfs_write) from [\u003cc05a7ee4\u003e] (ksys_write+0x58/0xcc)\n[\u003cc05a7ee4\u003e] (ksys_write) from [\u003cc04001a0\u003e] (ret_fast_syscall+0x0/0x4c)\nException stack(0xc226bfa8 to 0xc226bff0)\nbfa0: 00000000 000105b4 00000003 beafe664 00000014 00000000\nbfc0: 00000000 000105b4 000103f8 00000004 00000000 00000000 b6f9c000 beafe684\nbfe0: 0000006c beafe648 0001056c b6eb6944\n---[ end trace d4b8409def9b8b1f ]---\n\nThe reason for this warning is the attempt to get the chip-\u003edev reference\nin tpm_common_write() although the reference counter is already zero.\n\nSince commit 8979b02aaf1d (\"tpm: Fix reference count to main device\") the\nextra reference used to prevent a premature zero counter is never taken,\nbecause the required TPM_CHIP_FLAG_TPM2 flag is never set.\n\nFix this by moving the TPM 2 character device handling from\ntpm_chip_alloc() to tpm_add_char_device() which is called at a later point\nin time when the flag has been set in case of TPM2.\n\nCommit fdc915f7f719 (\"tpm: expose spaces via a device link /dev/tpmrm\u003cn\u003e\")\nalready introduced function tpm_devs_release() to release the extra\nreference but did not implement the required put on chip-\u003edevs that results\nin the call of this function.\n\nFix this by putting chip-\u003edevs in tpm_chip_unregister().\n\nFinally move the new implementation for the TPM 2 handling into a new\nfunction to avoid multiple checks for the TPM_CHIP_FLAG_TPM2 flag in the\ngood case and error cases."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:17.839Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/473a66f99cb8173c14138c5a5c69bfad04e8f9ac"
},
{
"url": "https://git.kernel.org/stable/c/cb64bd038beacb4331fe464a36c8b5481e8f51e2"
},
{
"url": "https://git.kernel.org/stable/c/a27ed2f3695baf15f9b34d2d7a1f9fc105539a81"
},
{
"url": "https://git.kernel.org/stable/c/290e05f346d1829e849662c97e42d5ad984f5258"
},
{
"url": "https://git.kernel.org/stable/c/662893b4f6bd466ff9e1cd454c44c26d32d554fe"
},
{
"url": "https://git.kernel.org/stable/c/2f928c0d5c02dbab49e8c19d98725c822f6fc409"
},
{
"url": "https://git.kernel.org/stable/c/6e7baf84149fb43950631415de231b3a41915aa3"
},
{
"url": "https://git.kernel.org/stable/c/7e0438f83dc769465ee663bb5dcf8cc154940712"
}
],
"title": "tpm: fix reference counting for struct tpm_chip",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49287",
"datePublished": "2025-02-26T01:56:26.059Z",
"dateReserved": "2025-02-26T01:49:39.302Z",
"dateUpdated": "2025-05-04T08:34:17.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49065 (GCVE-0-2022-49065)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix the svc_deferred_event trace class
Fix a NULL deref crash that occurs when an svc_rqst is deferred
while the sunrpc tracing subsystem is enabled. svc_revisit() sets
dr->xprt to NULL, so it can't be relied upon in the tracepoint to
provide the remote's address.
Unfortunately we can't revert the "svc_deferred_class" hunk in
commit ece200ddd54b ("sunrpc: Save remote presentation address in
svc_xprt for trace events") because there is now a specific check
of event format specifiers for unsafe dereferences. The warning
that check emits is:
event svc_defer_recv has unsafe dereference of argument 1
A "%pISpc" format specifier with a "struct sockaddr *" is indeed
flagged by this check.
Instead, take the brute-force approach used by the svcrdma_qp_error
tracepoint. Convert the dr::addr field into a presentation address
in the TP_fast_assign() arm of the trace event, and store that as
a string. This fix can be backported to -stable kernels.
In the meantime, commit c6ced22997ad ("tracing: Update print fmt
check to handle new __get_sockaddr() macro") is now in v5.18, so
this wonky fix can be replaced with __sockaddr() and friends
properly during the v5.19 merge window.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:49:41.900091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:06.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/trace/events/sunrpc.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "85ee17ca21cf92989e8c923e3ea4514c291e9d38",
"status": "affected",
"version": "ece200ddd54b9ce840cfee554fb812560c545c7d",
"versionType": "git"
},
{
"lessThan": "726ae7300fcc25fefa46d188cc07eb16dc908f9e",
"status": "affected",
"version": "ece200ddd54b9ce840cfee554fb812560c545c7d",
"versionType": "git"
},
{
"lessThan": "c2456f470eea3bd06574d988bf6089e7c3f4c5cc",
"status": "affected",
"version": "ece200ddd54b9ce840cfee554fb812560c545c7d",
"versionType": "git"
},
{
"lessThan": "4d5004451ab2218eab94a30e1841462c9316ba19",
"status": "affected",
"version": "ece200ddd54b9ce840cfee554fb812560c545c7d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/trace/events/sunrpc.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.112",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.35",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix the svc_deferred_event trace class\n\nFix a NULL deref crash that occurs when an svc_rqst is deferred\nwhile the sunrpc tracing subsystem is enabled. svc_revisit() sets\ndr-\u003exprt to NULL, so it can\u0027t be relied upon in the tracepoint to\nprovide the remote\u0027s address.\n\nUnfortunately we can\u0027t revert the \"svc_deferred_class\" hunk in\ncommit ece200ddd54b (\"sunrpc: Save remote presentation address in\nsvc_xprt for trace events\") because there is now a specific check\nof event format specifiers for unsafe dereferences. The warning\nthat check emits is:\n\n event svc_defer_recv has unsafe dereference of argument 1\n\nA \"%pISpc\" format specifier with a \"struct sockaddr *\" is indeed\nflagged by this check.\n\nInstead, take the brute-force approach used by the svcrdma_qp_error\ntracepoint. Convert the dr::addr field into a presentation address\nin the TP_fast_assign() arm of the trace event, and store that as\na string. This fix can be backported to -stable kernels.\n\nIn the meantime, commit c6ced22997ad (\"tracing: Update print fmt\ncheck to handle new __get_sockaddr() macro\") is now in v5.18, so\nthis wonky fix can be replaced with __sockaddr() and friends\nproperly during the v5.19 merge window."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:59.200Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/85ee17ca21cf92989e8c923e3ea4514c291e9d38"
},
{
"url": "https://git.kernel.org/stable/c/726ae7300fcc25fefa46d188cc07eb16dc908f9e"
},
{
"url": "https://git.kernel.org/stable/c/c2456f470eea3bd06574d988bf6089e7c3f4c5cc"
},
{
"url": "https://git.kernel.org/stable/c/4d5004451ab2218eab94a30e1841462c9316ba19"
}
],
"title": "SUNRPC: Fix the svc_deferred_event trace class",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49065",
"datePublished": "2025-02-26T01:54:33.881Z",
"dateReserved": "2025-02-26T01:49:39.244Z",
"dateUpdated": "2025-10-01T19:57:06.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49520 (GCVE-0-2022-49520)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
If a compat process tries to execute an unknown system call above the
__ARM_NR_COMPAT_END number, the kernel sends a SIGILL signal to the
offending process. Information about the error is printed to dmesg in
compat_arm_syscall() -> arm64_notify_die() -> arm64_force_sig_fault() ->
arm64_show_signal().
arm64_show_signal() interprets a non-zero value for
current->thread.fault_code as an exception syndrome and displays the
message associated with the ESR_ELx.EC field (bits 31:26).
current->thread.fault_code is set in compat_arm_syscall() ->
arm64_notify_die() with the bad syscall number instead of a valid ESR_ELx
value. This means that the ESR_ELx.EC field has the value that the user set
for the syscall number and the kernel can end up printing bogus exception
messages*. For example, for the syscall number 0x68000000, which evaluates
to ESR_ELx.EC value of 0x1A (ESR_ELx_EC_FPAC) the kernel prints this error:
[ 18.349161] syscall[300]: unhandled exception: ERET/ERETAA/ERETAB, ESR 0x68000000, Oops - bad compat syscall(2) in syscall[10000+50000]
[ 18.350639] CPU: 2 PID: 300 Comm: syscall Not tainted 5.18.0-rc1 #79
[ 18.351249] Hardware name: Pine64 RockPro64 v2.0 (DT)
[..]
which is misleading, as the bad compat syscall has nothing to do with
pointer authentication.
Stop arm64_show_signal() from printing exception syndrome information by
having compat_arm_syscall() set the ESR_ELx value to 0, as it has no
meaning for an invalid system call number. The example above now becomes:
[ 19.935275] syscall[301]: unhandled exception: Oops - bad compat syscall(2) in syscall[10000+50000]
[ 19.936124] CPU: 1 PID: 301 Comm: syscall Not tainted 5.18.0-rc1-00005-g7e08006d4102 #80
[ 19.936894] Hardware name: Pine64 RockPro64 v2.0 (DT)
[..]
which although shows less information because the syscall number,
wrongfully advertised as the ESR value, is missing, it is better than
showing plainly wrong information. The syscall number can be easily
obtained with strace.
*A 32-bit value above or equal to 0x8000_0000 is interpreted as a negative
integer in compat_arm_syscal() and the condition scno < __ARM_NR_COMPAT_END
evaluates to true; the syscall will exit to userspace in this case with the
ENOSYS error code instead of arm64_notify_die() being called.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/kernel/sys_compat.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "efd183d988b416fcdf6f7c298a17ced4859ca77d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ad97425d23af3c3b8d4f6a2bb666cb485087c007",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "621916afe8cd4f322eb12759b64a2f938d4e551d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "095e975f8150ccd7f852eb578c1cdbdd2f517c7a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3910ae71cb963fa2b68e684489d4fc3d105afda0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3fed9e551417b84038b15117732ea4505eee386b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/kernel/sys_compat.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall\n\nIf a compat process tries to execute an unknown system call above the\n__ARM_NR_COMPAT_END number, the kernel sends a SIGILL signal to the\noffending process. Information about the error is printed to dmesg in\ncompat_arm_syscall() -\u003e arm64_notify_die() -\u003e arm64_force_sig_fault() -\u003e\narm64_show_signal().\n\narm64_show_signal() interprets a non-zero value for\ncurrent-\u003ethread.fault_code as an exception syndrome and displays the\nmessage associated with the ESR_ELx.EC field (bits 31:26).\ncurrent-\u003ethread.fault_code is set in compat_arm_syscall() -\u003e\narm64_notify_die() with the bad syscall number instead of a valid ESR_ELx\nvalue. This means that the ESR_ELx.EC field has the value that the user set\nfor the syscall number and the kernel can end up printing bogus exception\nmessages*. For example, for the syscall number 0x68000000, which evaluates\nto ESR_ELx.EC value of 0x1A (ESR_ELx_EC_FPAC) the kernel prints this error:\n\n[ 18.349161] syscall[300]: unhandled exception: ERET/ERETAA/ERETAB, ESR 0x68000000, Oops - bad compat syscall(2) in syscall[10000+50000]\n[ 18.350639] CPU: 2 PID: 300 Comm: syscall Not tainted 5.18.0-rc1 #79\n[ 18.351249] Hardware name: Pine64 RockPro64 v2.0 (DT)\n[..]\n\nwhich is misleading, as the bad compat syscall has nothing to do with\npointer authentication.\n\nStop arm64_show_signal() from printing exception syndrome information by\nhaving compat_arm_syscall() set the ESR_ELx value to 0, as it has no\nmeaning for an invalid system call number. The example above now becomes:\n\n[ 19.935275] syscall[301]: unhandled exception: Oops - bad compat syscall(2) in syscall[10000+50000]\n[ 19.936124] CPU: 1 PID: 301 Comm: syscall Not tainted 5.18.0-rc1-00005-g7e08006d4102 #80\n[ 19.936894] Hardware name: Pine64 RockPro64 v2.0 (DT)\n[..]\n\nwhich although shows less information because the syscall number,\nwrongfully advertised as the ESR value, is missing, it is better than\nshowing plainly wrong information. The syscall number can be easily\nobtained with strace.\n\n*A 32-bit value above or equal to 0x8000_0000 is interpreted as a negative\ninteger in compat_arm_syscal() and the condition scno \u003c __ARM_NR_COMPAT_END\nevaluates to true; the syscall will exit to userspace in this case with the\nENOSYS error code instead of arm64_notify_die() being called."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:41.554Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/efd183d988b416fcdf6f7c298a17ced4859ca77d"
},
{
"url": "https://git.kernel.org/stable/c/ad97425d23af3c3b8d4f6a2bb666cb485087c007"
},
{
"url": "https://git.kernel.org/stable/c/621916afe8cd4f322eb12759b64a2f938d4e551d"
},
{
"url": "https://git.kernel.org/stable/c/095e975f8150ccd7f852eb578c1cdbdd2f517c7a"
},
{
"url": "https://git.kernel.org/stable/c/3910ae71cb963fa2b68e684489d4fc3d105afda0"
},
{
"url": "https://git.kernel.org/stable/c/3fed9e551417b84038b15117732ea4505eee386b"
}
],
"title": "arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49520",
"datePublished": "2025-02-26T02:13:46.336Z",
"dateReserved": "2025-02-26T02:08:31.588Z",
"dateUpdated": "2025-05-04T08:39:41.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49559 (GCVE-0-2022-49559)
Vulnerability from cvelistv5
Published
2025-02-26 02:14
Modified
2025-05-04 08:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2
Remove WARNs that sanity check that KVM never lets a triple fault for L2
escape and incorrectly end up in L1. In normal operation, the sanity
check is perfectly valid, but it incorrectly assumes that it's impossible
for userspace to induce KVM_REQ_TRIPLE_FAULT without bouncing through
KVM_RUN (which guarantees kvm_check_nested_state() will see and handle
the triple fault).
The WARN can currently be triggered if userspace injects a machine check
while L2 is active and CR4.MCE=0. And a future fix to allow save/restore
of KVM_REQ_TRIPLE_FAULT, e.g. so that a synthesized triple fault isn't
lost on migration, will make it trivially easy for userspace to trigger
the WARN.
Clearing KVM_REQ_TRIPLE_FAULT when forcibly leaving guest mode is
tempting, but wrong, especially if/when the request is saved/restored,
e.g. if userspace restores events (including a triple fault) and then
restores nested state (which may forcibly leave guest mode). Ignoring
the fact that KVM doesn't currently provide the necessary APIs, it's
userspace's responsibility to manage pending events during save/restore.
------------[ cut here ]------------
WARNING: CPU: 7 PID: 1399 at arch/x86/kvm/vmx/nested.c:4522 nested_vmx_vmexit+0x7fe/0xd90 [kvm_intel]
Modules linked in: kvm_intel kvm irqbypass
CPU: 7 PID: 1399 Comm: state_test Not tainted 5.17.0-rc3+ #808
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
RIP: 0010:nested_vmx_vmexit+0x7fe/0xd90 [kvm_intel]
Call Trace:
<TASK>
vmx_leave_nested+0x30/0x40 [kvm_intel]
vmx_set_nested_state+0xca/0x3e0 [kvm_intel]
kvm_arch_vcpu_ioctl+0xf49/0x13e0 [kvm]
kvm_vcpu_ioctl+0x4b9/0x660 [kvm]
__x64_sys_ioctl+0x83/0xb0
do_syscall_64+0x3b/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xae
</TASK>
---[ end trace 0000000000000000 ]---
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/svm/nested.c",
"arch/x86/kvm/vmx/nested.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8d3a2aa0976f57320ba89baf9d57fb158dd0cd0d",
"status": "affected",
"version": "cb6a32c2b8777ad31a02e585584d869251a790e3",
"versionType": "git"
},
{
"lessThan": "f476a59d5c86c02a79eef893c6da86735f2977ac",
"status": "affected",
"version": "cb6a32c2b8777ad31a02e585584d869251a790e3",
"versionType": "git"
},
{
"lessThan": "7de373c9b48229e428ecdb8fbde269c5a8617fd2",
"status": "affected",
"version": "cb6a32c2b8777ad31a02e585584d869251a790e3",
"versionType": "git"
},
{
"lessThan": "45846661d10422ce9e22da21f8277540b29eca22",
"status": "affected",
"version": "cb6a32c2b8777ad31a02e585584d869251a790e3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/svm/nested.c",
"arch/x86/kvm/vmx/nested.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.45",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.45",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.13",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Drop WARNs that assert a triple fault never \"escapes\" from L2\n\nRemove WARNs that sanity check that KVM never lets a triple fault for L2\nescape and incorrectly end up in L1. In normal operation, the sanity\ncheck is perfectly valid, but it incorrectly assumes that it\u0027s impossible\nfor userspace to induce KVM_REQ_TRIPLE_FAULT without bouncing through\nKVM_RUN (which guarantees kvm_check_nested_state() will see and handle\nthe triple fault).\n\nThe WARN can currently be triggered if userspace injects a machine check\nwhile L2 is active and CR4.MCE=0. And a future fix to allow save/restore\nof KVM_REQ_TRIPLE_FAULT, e.g. so that a synthesized triple fault isn\u0027t\nlost on migration, will make it trivially easy for userspace to trigger\nthe WARN.\n\nClearing KVM_REQ_TRIPLE_FAULT when forcibly leaving guest mode is\ntempting, but wrong, especially if/when the request is saved/restored,\ne.g. if userspace restores events (including a triple fault) and then\nrestores nested state (which may forcibly leave guest mode). Ignoring\nthe fact that KVM doesn\u0027t currently provide the necessary APIs, it\u0027s\nuserspace\u0027s responsibility to manage pending events during save/restore.\n\n ------------[ cut here ]------------\n WARNING: CPU: 7 PID: 1399 at arch/x86/kvm/vmx/nested.c:4522 nested_vmx_vmexit+0x7fe/0xd90 [kvm_intel]\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 7 PID: 1399 Comm: state_test Not tainted 5.17.0-rc3+ #808\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:nested_vmx_vmexit+0x7fe/0xd90 [kvm_intel]\n Call Trace:\n \u003cTASK\u003e\n vmx_leave_nested+0x30/0x40 [kvm_intel]\n vmx_set_nested_state+0xca/0x3e0 [kvm_intel]\n kvm_arch_vcpu_ioctl+0xf49/0x13e0 [kvm]\n kvm_vcpu_ioctl+0x4b9/0x660 [kvm]\n __x64_sys_ioctl+0x83/0xb0\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:32.768Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8d3a2aa0976f57320ba89baf9d57fb158dd0cd0d"
},
{
"url": "https://git.kernel.org/stable/c/f476a59d5c86c02a79eef893c6da86735f2977ac"
},
{
"url": "https://git.kernel.org/stable/c/7de373c9b48229e428ecdb8fbde269c5a8617fd2"
},
{
"url": "https://git.kernel.org/stable/c/45846661d10422ce9e22da21f8277540b29eca22"
}
],
"title": "KVM: x86: Drop WARNs that assert a triple fault never \"escapes\" from L2",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49559",
"datePublished": "2025-02-26T02:14:05.059Z",
"dateReserved": "2025-02-26T02:08:31.591Z",
"dateUpdated": "2025-05-04T08:40:32.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49354 (GCVE-0-2022-49354)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
of_find_device_by_node() takes reference, we should use put_device()
to release it when not need anymore.
Add missing put_device() to avoid refcount leak.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 43f01da0f2794b464ade2ffe1f780c69d7ce7b75 Version: 43f01da0f2794b464ade2ffe1f780c69d7ce7b75 Version: 43f01da0f2794b464ade2ffe1f780c69d7ce7b75 Version: 43f01da0f2794b464ade2ffe1f780c69d7ce7b75 Version: 43f01da0f2794b464ade2ffe1f780c69d7ce7b75 Version: 43f01da0f2794b464ade2ffe1f780c69d7ce7b75 Version: 43f01da0f2794b464ade2ffe1f780c69d7ce7b75 Version: 43f01da0f2794b464ade2ffe1f780c69d7ce7b75 Version: 43f01da0f2794b464ade2ffe1f780c69d7ce7b75 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:44.740231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:54.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/ata/pata_octeon_cf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7bd85c5ba1687daf54e3b6907673c3604b1e75cf",
"status": "affected",
"version": "43f01da0f2794b464ade2ffe1f780c69d7ce7b75",
"versionType": "git"
},
{
"lessThan": "a4d3e5f1d7d4f8b5e3834fec0f057a762c55806b",
"status": "affected",
"version": "43f01da0f2794b464ade2ffe1f780c69d7ce7b75",
"versionType": "git"
},
{
"lessThan": "8d8ad067b90f231b8fdb14acee673ca4012f6045",
"status": "affected",
"version": "43f01da0f2794b464ade2ffe1f780c69d7ce7b75",
"versionType": "git"
},
{
"lessThan": "d5a1e7f33c88780b279835d63665d7e38ccb671f",
"status": "affected",
"version": "43f01da0f2794b464ade2ffe1f780c69d7ce7b75",
"versionType": "git"
},
{
"lessThan": "19cb3ece14547cb1ca2021798aaf49a3f82643d1",
"status": "affected",
"version": "43f01da0f2794b464ade2ffe1f780c69d7ce7b75",
"versionType": "git"
},
{
"lessThan": "888312dc297a8a103f6371ef668c7e04f57a7679",
"status": "affected",
"version": "43f01da0f2794b464ade2ffe1f780c69d7ce7b75",
"versionType": "git"
},
{
"lessThan": "c9782e1b21bee4b783a64b2a91e7e71406c21a21",
"status": "affected",
"version": "43f01da0f2794b464ade2ffe1f780c69d7ce7b75",
"versionType": "git"
},
{
"lessThan": "fb2cb409b504bb3a69e65a17f3120328c8e50219",
"status": "affected",
"version": "43f01da0f2794b464ade2ffe1f780c69d7ce7b75",
"versionType": "git"
},
{
"lessThan": "10d6bdf532902be1d8aa5900b3c03c5671612aa2",
"status": "affected",
"version": "43f01da0f2794b464ade2ffe1f780c69d7ce7b75",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/ata/pata_octeon_cf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe\n\nof_find_device_by_node() takes reference, we should use put_device()\nto release it when not need anymore.\nAdd missing put_device() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:55.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7bd85c5ba1687daf54e3b6907673c3604b1e75cf"
},
{
"url": "https://git.kernel.org/stable/c/a4d3e5f1d7d4f8b5e3834fec0f057a762c55806b"
},
{
"url": "https://git.kernel.org/stable/c/8d8ad067b90f231b8fdb14acee673ca4012f6045"
},
{
"url": "https://git.kernel.org/stable/c/d5a1e7f33c88780b279835d63665d7e38ccb671f"
},
{
"url": "https://git.kernel.org/stable/c/19cb3ece14547cb1ca2021798aaf49a3f82643d1"
},
{
"url": "https://git.kernel.org/stable/c/888312dc297a8a103f6371ef668c7e04f57a7679"
},
{
"url": "https://git.kernel.org/stable/c/c9782e1b21bee4b783a64b2a91e7e71406c21a21"
},
{
"url": "https://git.kernel.org/stable/c/fb2cb409b504bb3a69e65a17f3120328c8e50219"
},
{
"url": "https://git.kernel.org/stable/c/10d6bdf532902be1d8aa5900b3c03c5671612aa2"
}
],
"title": "ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49354",
"datePublished": "2025-02-26T02:11:05.466Z",
"dateReserved": "2025-02-26T02:08:31.545Z",
"dateUpdated": "2025-10-01T19:46:54.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49345 (GCVE-0-2022-49345)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because the only in-tree call-site,
net/ipv4/xfrm4_policy.c is never compiled as modular.
(CONFIG_XFRM is boolean)
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 2f32b51b609faea1e40bb8c5bd305f1351740936 Version: 2f32b51b609faea1e40bb8c5bd305f1351740936 Version: 2f32b51b609faea1e40bb8c5bd305f1351740936 Version: 2f32b51b609faea1e40bb8c5bd305f1351740936 Version: 2f32b51b609faea1e40bb8c5bd305f1351740936 Version: 2f32b51b609faea1e40bb8c5bd305f1351740936 Version: 2f32b51b609faea1e40bb8c5bd305f1351740936 Version: 2f32b51b609faea1e40bb8c5bd305f1351740936 Version: 2f32b51b609faea1e40bb8c5bd305f1351740936 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/xfrm4_protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c58d82a1264813e69119c13e9804e2e60b664ad5",
"status": "affected",
"version": "2f32b51b609faea1e40bb8c5bd305f1351740936",
"versionType": "git"
},
{
"lessThan": "e53cd3814504b2cadaba4d5a8a07eeea9ddacd03",
"status": "affected",
"version": "2f32b51b609faea1e40bb8c5bd305f1351740936",
"versionType": "git"
},
{
"lessThan": "31f3c6a4dcd3260a386e62cef2d5b36e902600a1",
"status": "affected",
"version": "2f32b51b609faea1e40bb8c5bd305f1351740936",
"versionType": "git"
},
{
"lessThan": "ef6d2354de238b065d8799c80da4be9a6af18e39",
"status": "affected",
"version": "2f32b51b609faea1e40bb8c5bd305f1351740936",
"versionType": "git"
},
{
"lessThan": "be3884d5cd04ccd58294b83a02d70b7c5fca19d3",
"status": "affected",
"version": "2f32b51b609faea1e40bb8c5bd305f1351740936",
"versionType": "git"
},
{
"lessThan": "85a055c03691e51499123194a14a0c249cf33227",
"status": "affected",
"version": "2f32b51b609faea1e40bb8c5bd305f1351740936",
"versionType": "git"
},
{
"lessThan": "e04d59cfe0c0129df7aba7ef7bb17b96be2a64f2",
"status": "affected",
"version": "2f32b51b609faea1e40bb8c5bd305f1351740936",
"versionType": "git"
},
{
"lessThan": "2b253fbc9f7b5db18d716436bdcf8ecef09fd63d",
"status": "affected",
"version": "2f32b51b609faea1e40bb8c5bd305f1351740936",
"versionType": "git"
},
{
"lessThan": "4a388f08d8784af48f352193d2b72aaf167a57a1",
"status": "affected",
"version": "2f32b51b609faea1e40bb8c5bd305f1351740936",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/xfrm4_protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.15"
},
{
"lessThan": "3.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: xfrm: unexport __init-annotated xfrm4_protocol_init()\n\nEXPORT_SYMBOL and __init is a bad combination because the .init.text\nsection is freed up after the initialization. Hence, modules cannot\nuse symbols annotated __init. The access to a freed symbol may end up\nwith kernel panic.\n\nmodpost used to detect it, but it has been broken for a decade.\n\nRecently, I fixed modpost so it started to warn it again, then this\nshowed up in linux-next builds.\n\nThere are two ways to fix it:\n\n - Remove __init\n - Remove EXPORT_SYMBOL\n\nI chose the latter for this case because the only in-tree call-site,\nnet/ipv4/xfrm4_policy.c is never compiled as modular.\n(CONFIG_XFRM is boolean)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:44.901Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c58d82a1264813e69119c13e9804e2e60b664ad5"
},
{
"url": "https://git.kernel.org/stable/c/e53cd3814504b2cadaba4d5a8a07eeea9ddacd03"
},
{
"url": "https://git.kernel.org/stable/c/31f3c6a4dcd3260a386e62cef2d5b36e902600a1"
},
{
"url": "https://git.kernel.org/stable/c/ef6d2354de238b065d8799c80da4be9a6af18e39"
},
{
"url": "https://git.kernel.org/stable/c/be3884d5cd04ccd58294b83a02d70b7c5fca19d3"
},
{
"url": "https://git.kernel.org/stable/c/85a055c03691e51499123194a14a0c249cf33227"
},
{
"url": "https://git.kernel.org/stable/c/e04d59cfe0c0129df7aba7ef7bb17b96be2a64f2"
},
{
"url": "https://git.kernel.org/stable/c/2b253fbc9f7b5db18d716436bdcf8ecef09fd63d"
},
{
"url": "https://git.kernel.org/stable/c/4a388f08d8784af48f352193d2b72aaf167a57a1"
}
],
"title": "net: xfrm: unexport __init-annotated xfrm4_protocol_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49345",
"datePublished": "2025-02-26T02:11:00.976Z",
"dateReserved": "2025-02-26T02:08:31.542Z",
"dateUpdated": "2025-05-04T08:35:44.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49061 (GCVE-0-2022-49061)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
When using a fixed-link, the altr_tse_pcs driver crashes
due to null-pointer dereference as no phy_device is provided to
tse_pcs_fix_mac_speed function. Fix this by adding a check for
phy_dev before calling the tse_pcs_fix_mac_speed() function.
Also clean up the tse_pcs_fix_mac_speed function a bit. There is
no need to check for splitter_base and sgmii_adapter_base
because the driver will fail if these 2 variables are not
derived from the device tree.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:49:50.480131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:06.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/altr_tse_pcs.c",
"drivers/net/ethernet/stmicro/stmmac/altr_tse_pcs.h",
"drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7e59fdf9547c4f948d1d917ec7ffa5fb5ac53bdb",
"status": "affected",
"version": "fb3bbdb859891e6bc27fd1afb3a07319f82c2ee4",
"versionType": "git"
},
{
"lessThan": "08d5e3e954537931c8da7428034808d202e98299",
"status": "affected",
"version": "fb3bbdb859891e6bc27fd1afb3a07319f82c2ee4",
"versionType": "git"
},
{
"lessThan": "62a48383ebe2e159fd68425dd3e16d4c6bd6599a",
"status": "affected",
"version": "fb3bbdb859891e6bc27fd1afb3a07319f82c2ee4",
"versionType": "git"
},
{
"lessThan": "6c020f05253df04c3480b586fe188a3582740049",
"status": "affected",
"version": "fb3bbdb859891e6bc27fd1afb3a07319f82c2ee4",
"versionType": "git"
},
{
"lessThan": "a6aaa00324240967272b451bfa772547bd576ee6",
"status": "affected",
"version": "fb3bbdb859891e6bc27fd1afb3a07319f82c2ee4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/altr_tse_pcs.c",
"drivers/net/ethernet/stmicro/stmmac/altr_tse_pcs.h",
"drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.190",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.112",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.35",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link\n\nWhen using a fixed-link, the altr_tse_pcs driver crashes\ndue to null-pointer dereference as no phy_device is provided to\ntse_pcs_fix_mac_speed function. Fix this by adding a check for\nphy_dev before calling the tse_pcs_fix_mac_speed() function.\n\nAlso clean up the tse_pcs_fix_mac_speed function a bit. There is\nno need to check for splitter_base and sgmii_adapter_base\nbecause the driver will fail if these 2 variables are not\nderived from the device tree."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:54.310Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7e59fdf9547c4f948d1d917ec7ffa5fb5ac53bdb"
},
{
"url": "https://git.kernel.org/stable/c/08d5e3e954537931c8da7428034808d202e98299"
},
{
"url": "https://git.kernel.org/stable/c/62a48383ebe2e159fd68425dd3e16d4c6bd6599a"
},
{
"url": "https://git.kernel.org/stable/c/6c020f05253df04c3480b586fe188a3582740049"
},
{
"url": "https://git.kernel.org/stable/c/a6aaa00324240967272b451bfa772547bd576ee6"
}
],
"title": "net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49061",
"datePublished": "2025-02-26T01:54:31.142Z",
"dateReserved": "2025-02-26T01:49:39.243Z",
"dateUpdated": "2025-10-01T19:57:06.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49375 (GCVE-0-2022-49375)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rtc: mt6397: check return value after calling platform_get_resource()
It will cause null-ptr-deref if platform_get_resource() returns NULL,
we need check the return value.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: fc2979118f3f5193475cb53d5df7bdaa7e358a42 Version: fc2979118f3f5193475cb53d5df7bdaa7e358a42 Version: fc2979118f3f5193475cb53d5df7bdaa7e358a42 Version: fc2979118f3f5193475cb53d5df7bdaa7e358a42 Version: fc2979118f3f5193475cb53d5df7bdaa7e358a42 Version: fc2979118f3f5193475cb53d5df7bdaa7e358a42 Version: fc2979118f3f5193475cb53d5df7bdaa7e358a42 Version: fc2979118f3f5193475cb53d5df7bdaa7e358a42 Version: fc2979118f3f5193475cb53d5df7bdaa7e358a42 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:01.932196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:52.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/rtc/rtc-mt6397.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3867f0bbb94773d41e789257abec0d14f37da217",
"status": "affected",
"version": "fc2979118f3f5193475cb53d5df7bdaa7e358a42",
"versionType": "git"
},
{
"lessThan": "79fa3f5758d8712df0678df98161f948fc4370e5",
"status": "affected",
"version": "fc2979118f3f5193475cb53d5df7bdaa7e358a42",
"versionType": "git"
},
{
"lessThan": "6ecd4d5c28408df36a1a6f0b1973f633c949ac1f",
"status": "affected",
"version": "fc2979118f3f5193475cb53d5df7bdaa7e358a42",
"versionType": "git"
},
{
"lessThan": "d77f28c1bc9d3043a52069fe42e4a26fbf961ebd",
"status": "affected",
"version": "fc2979118f3f5193475cb53d5df7bdaa7e358a42",
"versionType": "git"
},
{
"lessThan": "82bfea344e8f7e9a0e0b1bf9af27552baa756620",
"status": "affected",
"version": "fc2979118f3f5193475cb53d5df7bdaa7e358a42",
"versionType": "git"
},
{
"lessThan": "865051de2d9eaa50630e055b73921ceaf3c4a7fc",
"status": "affected",
"version": "fc2979118f3f5193475cb53d5df7bdaa7e358a42",
"versionType": "git"
},
{
"lessThan": "58a729c55ce3a432eb827fdaa24c7909cd3b0a6b",
"status": "affected",
"version": "fc2979118f3f5193475cb53d5df7bdaa7e358a42",
"versionType": "git"
},
{
"lessThan": "da38e86d6cf6dd3bc65c602d998f357145aa1a0b",
"status": "affected",
"version": "fc2979118f3f5193475cb53d5df7bdaa7e358a42",
"versionType": "git"
},
{
"lessThan": "d3b43eb505bffb8e4cdf6800c15660c001553fe6",
"status": "affected",
"version": "fc2979118f3f5193475cb53d5df7bdaa7e358a42",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/rtc/rtc-mt6397.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: mt6397: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:20.654Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3867f0bbb94773d41e789257abec0d14f37da217"
},
{
"url": "https://git.kernel.org/stable/c/79fa3f5758d8712df0678df98161f948fc4370e5"
},
{
"url": "https://git.kernel.org/stable/c/6ecd4d5c28408df36a1a6f0b1973f633c949ac1f"
},
{
"url": "https://git.kernel.org/stable/c/d77f28c1bc9d3043a52069fe42e4a26fbf961ebd"
},
{
"url": "https://git.kernel.org/stable/c/82bfea344e8f7e9a0e0b1bf9af27552baa756620"
},
{
"url": "https://git.kernel.org/stable/c/865051de2d9eaa50630e055b73921ceaf3c4a7fc"
},
{
"url": "https://git.kernel.org/stable/c/58a729c55ce3a432eb827fdaa24c7909cd3b0a6b"
},
{
"url": "https://git.kernel.org/stable/c/da38e86d6cf6dd3bc65c602d998f357145aa1a0b"
},
{
"url": "https://git.kernel.org/stable/c/d3b43eb505bffb8e4cdf6800c15660c001553fe6"
}
],
"title": "rtc: mt6397: check return value after calling platform_get_resource()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49375",
"datePublished": "2025-02-26T02:11:15.627Z",
"dateReserved": "2025-02-26T02:08:31.557Z",
"dateUpdated": "2025-10-01T19:46:52.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49410 (GCVE-0-2022-49410)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix potential double free in create_var_ref()
In create_var_ref(), init_var_ref() is called to initialize the fields
of variable ref_field, which is allocated in the previous function call
to create_hist_field(). Function init_var_ref() allocates the
corresponding fields such as ref_field->system, but frees these fields
when the function encounters an error. The caller later calls
destroy_hist_field() to conduct error handling, which frees the fields
and the variable itself. This results in double free of the fields which
are already freed in the previous function.
Fix this by storing NULL to the corresponding fields when they are freed
in init_var_ref().
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 067fe038e70f6e64960d26a79c4df5f1413d0f13 Version: 067fe038e70f6e64960d26a79c4df5f1413d0f13 Version: 067fe038e70f6e64960d26a79c4df5f1413d0f13 Version: 067fe038e70f6e64960d26a79c4df5f1413d0f13 Version: 067fe038e70f6e64960d26a79c4df5f1413d0f13 Version: 067fe038e70f6e64960d26a79c4df5f1413d0f13 Version: 067fe038e70f6e64960d26a79c4df5f1413d0f13 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:12.408852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:50.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace_events_hist.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f8b383f83cb573152c577eca1ef101e89995b72a",
"status": "affected",
"version": "067fe038e70f6e64960d26a79c4df5f1413d0f13",
"versionType": "git"
},
{
"lessThan": "c27f744ceefadc7bbeb14233b6abc150ced617d2",
"status": "affected",
"version": "067fe038e70f6e64960d26a79c4df5f1413d0f13",
"versionType": "git"
},
{
"lessThan": "058cb6d86b9789377216c936506b346aaa1eb581",
"status": "affected",
"version": "067fe038e70f6e64960d26a79c4df5f1413d0f13",
"versionType": "git"
},
{
"lessThan": "37443b3508b8cce6832f8d25cb4550b2f7801f50",
"status": "affected",
"version": "067fe038e70f6e64960d26a79c4df5f1413d0f13",
"versionType": "git"
},
{
"lessThan": "4fdfb15e08598711dbf50daf56a33965232daf0e",
"status": "affected",
"version": "067fe038e70f6e64960d26a79c4df5f1413d0f13",
"versionType": "git"
},
{
"lessThan": "bd83ff3bbfb003832481c9bff999d12385f396ae",
"status": "affected",
"version": "067fe038e70f6e64960d26a79c4df5f1413d0f13",
"versionType": "git"
},
{
"lessThan": "99696a2592bca641eb88cc9a80c90e591afebd0f",
"status": "affected",
"version": "067fe038e70f6e64960d26a79c4df5f1413d0f13",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/trace_events_hist.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix potential double free in create_var_ref()\n\nIn create_var_ref(), init_var_ref() is called to initialize the fields\nof variable ref_field, which is allocated in the previous function call\nto create_hist_field(). Function init_var_ref() allocates the\ncorresponding fields such as ref_field-\u003esystem, but frees these fields\nwhen the function encounters an error. The caller later calls\ndestroy_hist_field() to conduct error handling, which frees the fields\nand the variable itself. This results in double free of the fields which\nare already freed in the previous function.\n\nFix this by storing NULL to the corresponding fields when they are freed\nin init_var_ref()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:04.855Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f8b383f83cb573152c577eca1ef101e89995b72a"
},
{
"url": "https://git.kernel.org/stable/c/c27f744ceefadc7bbeb14233b6abc150ced617d2"
},
{
"url": "https://git.kernel.org/stable/c/058cb6d86b9789377216c936506b346aaa1eb581"
},
{
"url": "https://git.kernel.org/stable/c/37443b3508b8cce6832f8d25cb4550b2f7801f50"
},
{
"url": "https://git.kernel.org/stable/c/4fdfb15e08598711dbf50daf56a33965232daf0e"
},
{
"url": "https://git.kernel.org/stable/c/bd83ff3bbfb003832481c9bff999d12385f396ae"
},
{
"url": "https://git.kernel.org/stable/c/99696a2592bca641eb88cc9a80c90e591afebd0f"
}
],
"title": "tracing: Fix potential double free in create_var_ref()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49410",
"datePublished": "2025-02-26T02:12:33.124Z",
"dateReserved": "2025-02-26T02:08:31.567Z",
"dateUpdated": "2025-10-01T19:46:50.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49200 (GCVE-0-2022-49200)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
Fix the following kernel oops in btmtksdio_interrrupt
[ 14.339134] btmtksdio_interrupt+0x28/0x54
[ 14.339139] process_sdio_pending_irqs+0x68/0x1a0
[ 14.339144] sdio_irq_work+0x40/0x70
[ 14.339154] process_one_work+0x184/0x39c
[ 14.339160] worker_thread+0x228/0x3e8
[ 14.339168] kthread+0x148/0x3ac
[ 14.339176] ret_from_fork+0x10/0x30
That happened because hdev->power_on is already called before
sdio_set_drvdata which btmtksdio_interrupt handler relies on is not
properly set up.
The details are shown as the below: hci_register_dev would run
queue_work(hdev->req_workqueue, &hdev->power_on) as WQ_HIGHPRI
workqueue_struct to complete the power-on sequeunce and thus hci_power_on
may run before sdio_set_drvdata is done in btmtksdio_probe.
The hci_dev_do_open in hci_power_on would initialize the device and enable
the interrupt and thus it is possible that btmtksdio_interrupt is being
called right before sdio_set_drvdata is filled out.
When btmtksdio_interrupt is being called and sdio_set_drvdata is not filled
, the kernel oops is going to happen because btmtksdio_interrupt access an
uninitialized pointer.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 9aebfd4a2200ab8075e44379c758bccefdc589bb Version: 9aebfd4a2200ab8075e44379c758bccefdc589bb Version: 9aebfd4a2200ab8075e44379c758bccefdc589bb Version: 9aebfd4a2200ab8075e44379c758bccefdc589bb Version: 9aebfd4a2200ab8075e44379c758bccefdc589bb Version: 9aebfd4a2200ab8075e44379c758bccefdc589bb |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btmtksdio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "874eca93966a786eace87fa6dfb206c2dd9519b1",
"status": "affected",
"version": "9aebfd4a2200ab8075e44379c758bccefdc589bb",
"versionType": "git"
},
{
"lessThan": "70a6cf749d9ff9f463490248322e5343199bc267",
"status": "affected",
"version": "9aebfd4a2200ab8075e44379c758bccefdc589bb",
"versionType": "git"
},
{
"lessThan": "770a97d3f34b801de1b04737b43e02c55118c41a",
"status": "affected",
"version": "9aebfd4a2200ab8075e44379c758bccefdc589bb",
"versionType": "git"
},
{
"lessThan": "4d3d1f2c35a19988d3c5f0ee86038b525e830840",
"status": "affected",
"version": "9aebfd4a2200ab8075e44379c758bccefdc589bb",
"versionType": "git"
},
{
"lessThan": "6d7be5afbb41c918d2f12f857f8c7efa50500be2",
"status": "affected",
"version": "9aebfd4a2200ab8075e44379c758bccefdc589bb",
"versionType": "git"
},
{
"lessThan": "b062a0b9c1dc1ff63094337dccfe1568d5b62023",
"status": "affected",
"version": "9aebfd4a2200ab8075e44379c758bccefdc589bb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btmtksdio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt\n\nFix the following kernel oops in btmtksdio_interrrupt\n\n[ 14.339134] btmtksdio_interrupt+0x28/0x54\n[ 14.339139] process_sdio_pending_irqs+0x68/0x1a0\n[ 14.339144] sdio_irq_work+0x40/0x70\n[ 14.339154] process_one_work+0x184/0x39c\n[ 14.339160] worker_thread+0x228/0x3e8\n[ 14.339168] kthread+0x148/0x3ac\n[ 14.339176] ret_from_fork+0x10/0x30\n\nThat happened because hdev-\u003epower_on is already called before\nsdio_set_drvdata which btmtksdio_interrupt handler relies on is not\nproperly set up.\n\nThe details are shown as the below: hci_register_dev would run\nqueue_work(hdev-\u003ereq_workqueue, \u0026hdev-\u003epower_on) as WQ_HIGHPRI\nworkqueue_struct to complete the power-on sequeunce and thus hci_power_on\nmay run before sdio_set_drvdata is done in btmtksdio_probe.\n\nThe hci_dev_do_open in hci_power_on would initialize the device and enable\nthe interrupt and thus it is possible that btmtksdio_interrupt is being\ncalled right before sdio_set_drvdata is filled out.\n\nWhen btmtksdio_interrupt is being called and sdio_set_drvdata is not filled\n, the kernel oops is going to happen because btmtksdio_interrupt access an\nuninitialized pointer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:13.272Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/874eca93966a786eace87fa6dfb206c2dd9519b1"
},
{
"url": "https://git.kernel.org/stable/c/70a6cf749d9ff9f463490248322e5343199bc267"
},
{
"url": "https://git.kernel.org/stable/c/770a97d3f34b801de1b04737b43e02c55118c41a"
},
{
"url": "https://git.kernel.org/stable/c/4d3d1f2c35a19988d3c5f0ee86038b525e830840"
},
{
"url": "https://git.kernel.org/stable/c/6d7be5afbb41c918d2f12f857f8c7efa50500be2"
},
{
"url": "https://git.kernel.org/stable/c/b062a0b9c1dc1ff63094337dccfe1568d5b62023"
}
],
"title": "Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49200",
"datePublished": "2025-02-26T01:55:42.758Z",
"dateReserved": "2025-02-26T01:49:39.291Z",
"dateUpdated": "2025-05-04T08:32:13.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49312 (GCVE-0-2022-49312)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8712: fix a potential memory leak in r871xu_drv_init()
In r871xu_drv_init(), if r8712_init_drv_sw() fails, then the memory
allocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not
properly released as there is no action will be performed by
r8712_usb_dvobj_deinit().
To properly release it, we should call r8712_free_io_queue() in
r8712_usb_dvobj_deinit().
Besides, in r871xu_dev_remove(), r8712_usb_dvobj_deinit() will be called
by r871x_dev_unload() under condition `padapter->bup` and
r8712_free_io_queue() is called by r8712_free_drv_sw().
However, r8712_usb_dvobj_deinit() does not rely on `padapter->bup` and
calling r8712_free_io_queue() in r8712_free_drv_sw() is negative for
better understading the code.
So I move r8712_usb_dvobj_deinit() into r871xu_dev_remove(), and remove
r8712_free_io_queue() from r8712_free_drv_sw().
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:14.240096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:57.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8712/os_intfs.c",
"drivers/staging/rtl8712/usb_intf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5a89a92efc342dd7c44b6056da87debc598f9c73",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8eb42d6d10f8fe509117859defddf9e72b4fa4d0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "205e039fead72e87ad2838f5e649a4c4834f648b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a2882b8baad068d21c99fb2ab5a85a2bdbd5b834",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7288ff561de650d4139fab80e9cb0da9b5b32434",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8712/os_intfs.c",
"drivers/staging/rtl8712/usb_intf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix a potential memory leak in r871xu_drv_init()\n\nIn r871xu_drv_init(), if r8712_init_drv_sw() fails, then the memory\nallocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not\nproperly released as there is no action will be performed by\nr8712_usb_dvobj_deinit().\nTo properly release it, we should call r8712_free_io_queue() in\nr8712_usb_dvobj_deinit().\n\nBesides, in r871xu_dev_remove(), r8712_usb_dvobj_deinit() will be called\nby r871x_dev_unload() under condition `padapter-\u003ebup` and\nr8712_free_io_queue() is called by r8712_free_drv_sw().\nHowever, r8712_usb_dvobj_deinit() does not rely on `padapter-\u003ebup` and\ncalling r8712_free_io_queue() in r8712_free_drv_sw() is negative for\nbetter understading the code.\nSo I move r8712_usb_dvobj_deinit() into r871xu_dev_remove(), and remove\nr8712_free_io_queue() from r8712_free_drv_sw()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:57.641Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a89a92efc342dd7c44b6056da87debc598f9c73"
},
{
"url": "https://git.kernel.org/stable/c/8eb42d6d10f8fe509117859defddf9e72b4fa4d0"
},
{
"url": "https://git.kernel.org/stable/c/205e039fead72e87ad2838f5e649a4c4834f648b"
},
{
"url": "https://git.kernel.org/stable/c/a2882b8baad068d21c99fb2ab5a85a2bdbd5b834"
},
{
"url": "https://git.kernel.org/stable/c/7288ff561de650d4139fab80e9cb0da9b5b32434"
}
],
"title": "staging: rtl8712: fix a potential memory leak in r871xu_drv_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49312",
"datePublished": "2025-02-26T02:10:41.627Z",
"dateReserved": "2025-02-26T02:08:31.536Z",
"dateUpdated": "2025-10-01T19:46:57.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49665 (GCVE-0-2022-49665)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource
Unlike release_mem_region(), a call to release_resource() does not
free the resource, so it has to be freed explicitly to avoid a memory
leak.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/thinkpad_acpi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3884bf75fa044c73e843d95dd71a424e80ebb095",
"status": "affected",
"version": "455cd867b85b53fd3602345f9b8a8facc551adc9",
"versionType": "git"
},
{
"lessThan": "d2f33f0c3ad7b0d5262d9b986f1353265fad7a08",
"status": "affected",
"version": "455cd867b85b53fd3602345f9b8a8facc551adc9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/thinkpad_acpi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.10",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource\n\nUnlike release_mem_region(), a call to release_resource() does not\nfree the resource, so it has to be freed explicitly to avoid a memory\nleak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:52.227Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3884bf75fa044c73e843d95dd71a424e80ebb095"
},
{
"url": "https://git.kernel.org/stable/c/d2f33f0c3ad7b0d5262d9b986f1353265fad7a08"
}
],
"title": "platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49665",
"datePublished": "2025-02-26T02:24:00.496Z",
"dateReserved": "2025-02-26T02:21:30.436Z",
"dateUpdated": "2025-05-04T08:42:52.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49627 (GCVE-0-2022-49627)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 20:17
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ima: Fix potential memory leak in ima_init_crypto()
On failure to allocate the SHA1 tfm, IMA fails to initialize and exits
without freeing the ima_algo_array. Add the missing kfree() for
ima_algo_array to avoid the potential memory leak.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:08:43.524429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:17:06.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/integrity/ima/ima_crypto.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c1d9702ceb4a091da6bee380627596d1fba09274",
"status": "affected",
"version": "6d94809af6b0830c4dfcad661535a5939bcb8a7d",
"versionType": "git"
},
{
"lessThan": "601ae26aa2802a4c10c94d7388a99eabdbefab2b",
"status": "affected",
"version": "6d94809af6b0830c4dfcad661535a5939bcb8a7d",
"versionType": "git"
},
{
"lessThan": "830de9667b3ada0a75a3f098dfc7159709fe397b",
"status": "affected",
"version": "6d94809af6b0830c4dfcad661535a5939bcb8a7d",
"versionType": "git"
},
{
"lessThan": "067d2521874135267e681c19d42761c601d503d6",
"status": "affected",
"version": "6d94809af6b0830c4dfcad661535a5939bcb8a7d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/integrity/ima/ima_crypto.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.56",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.132",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.56",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.13",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix potential memory leak in ima_init_crypto()\n\nOn failure to allocate the SHA1 tfm, IMA fails to initialize and exits\nwithout freeing the ima_algo_array. Add the missing kfree() for\nima_algo_array to avoid the potential memory leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:06.659Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c1d9702ceb4a091da6bee380627596d1fba09274"
},
{
"url": "https://git.kernel.org/stable/c/601ae26aa2802a4c10c94d7388a99eabdbefab2b"
},
{
"url": "https://git.kernel.org/stable/c/830de9667b3ada0a75a3f098dfc7159709fe397b"
},
{
"url": "https://git.kernel.org/stable/c/067d2521874135267e681c19d42761c601d503d6"
}
],
"title": "ima: Fix potential memory leak in ima_init_crypto()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49627",
"datePublished": "2025-02-26T02:23:41.763Z",
"dateReserved": "2025-02-26T02:21:30.421Z",
"dateUpdated": "2025-10-01T20:17:06.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49291 (GCVE-0-2022-49291)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
Currently we have neither proper check nor protection against the
concurrent calls of PCM hw_params and hw_free ioctls, which may result
in a UAF. Since the existing PCM stream lock can't be used for
protecting the whole ioctl operations, we need a new mutex to protect
those racy calls.
This patch introduced a new mutex, runtime->buffer_mutex, and applies
it to both hw_params and hw_free ioctl code paths. Along with it, the
both functions are slightly modified (the mmap_count check is moved
into the state-check block) for code simplicity.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:58:45.856077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:29.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/sound/pcm.h",
"sound/core/pcm.c",
"sound/core/pcm_native.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a42aa926843acca96c0dfbde2e835b8137f2f092",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9cb6c40a6ebe4a0cfc9d6a181958211682cffea9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fbeb492694ce0441053de57699e1e2b7bc148a69",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0f6947f5f5208f6ebd4d76a82a4757e2839a23f8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "33061d0fba51d2bf70a2ef9645f703c33fe8e438",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0090c13cbbdffd7da079ac56f80373a9a1be0bf8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1bbf82d9f961414d6c76a08f7f843ea068e0ab7b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "92ee3c60ec9fe64404dc035e7c41277d74aa26cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/sound/pcm.h",
"sound/core/pcm.c",
"sound/core/pcm_native.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.243",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix races among concurrent hw_params and hw_free calls\n\nCurrently we have neither proper check nor protection against the\nconcurrent calls of PCM hw_params and hw_free ioctls, which may result\nin a UAF. Since the existing PCM stream lock can\u0027t be used for\nprotecting the whole ioctl operations, we need a new mutex to protect\nthose racy calls.\n\nThis patch introduced a new mutex, runtime-\u003ebuffer_mutex, and applies\nit to both hw_params and hw_free ioctl code paths. Along with it, the\nboth functions are slightly modified (the mmap_count check is moved\ninto the state-check block) for code simplicity."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:22.432Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a42aa926843acca96c0dfbde2e835b8137f2f092"
},
{
"url": "https://git.kernel.org/stable/c/9cb6c40a6ebe4a0cfc9d6a181958211682cffea9"
},
{
"url": "https://git.kernel.org/stable/c/fbeb492694ce0441053de57699e1e2b7bc148a69"
},
{
"url": "https://git.kernel.org/stable/c/0f6947f5f5208f6ebd4d76a82a4757e2839a23f8"
},
{
"url": "https://git.kernel.org/stable/c/33061d0fba51d2bf70a2ef9645f703c33fe8e438"
},
{
"url": "https://git.kernel.org/stable/c/0090c13cbbdffd7da079ac56f80373a9a1be0bf8"
},
{
"url": "https://git.kernel.org/stable/c/1bbf82d9f961414d6c76a08f7f843ea068e0ab7b"
},
{
"url": "https://git.kernel.org/stable/c/92ee3c60ec9fe64404dc035e7c41277d74aa26cb"
}
],
"title": "ALSA: pcm: Fix races among concurrent hw_params and hw_free calls",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49291",
"datePublished": "2025-02-26T01:56:27.986Z",
"dateReserved": "2025-02-26T01:49:39.302Z",
"dateUpdated": "2025-05-04T08:34:22.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49512 (GCVE-0-2022-49512)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: denali: Use managed device resources
All of the resources used by this driver has managed interfaces, so use
them. Otherwise we will get the following splat:
[ 4.472703] denali-nand-pci 0000:00:05.0: timeout while waiting for irq 0x1000
[ 4.474071] denali-nand-pci: probe of 0000:00:05.0 failed with error -5
[ 4.473538] nand: No NAND device found
[ 4.474068] BUG: unable to handle page fault for address: ffffc90005000410
[ 4.475169] #PF: supervisor write access in kernel mode
[ 4.475579] #PF: error_code(0x0002) - not-present page
[ 4.478362] RIP: 0010:iowrite32+0x9/0x50
[ 4.486068] Call Trace:
[ 4.486269] <IRQ>
[ 4.486443] denali_isr+0x15b/0x300 [denali]
[ 4.486788] ? denali_direct_write+0x50/0x50 [denali]
[ 4.487189] __handle_irq_event_percpu+0x161/0x3b0
[ 4.487571] handle_irq_event+0x7d/0x1b0
[ 4.487884] handle_fasteoi_irq+0x2b0/0x770
[ 4.488219] __common_interrupt+0xc8/0x1b0
[ 4.488549] common_interrupt+0x9a/0xc0
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mtd/nand/raw/denali_pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3c68daf4a368cd9e63ae5a2145c9e4a6f838c166",
"status": "affected",
"version": "93db446a424cee9387b532995e6b516667079555",
"versionType": "git"
},
{
"lessThan": "3830dbdfb9a4aec680e43ed80b9f23db7a88eac9",
"status": "affected",
"version": "93db446a424cee9387b532995e6b516667079555",
"versionType": "git"
},
{
"lessThan": "87149cf9186201a63f0e0b93d9fa93d480bcb771",
"status": "affected",
"version": "93db446a424cee9387b532995e6b516667079555",
"versionType": "git"
},
{
"lessThan": "efea1dd176edd17c8252051b7de6957f06efc394",
"status": "affected",
"version": "93db446a424cee9387b532995e6b516667079555",
"versionType": "git"
},
{
"lessThan": "3a745b51cddafade99aaea1b93aad31e9614e230",
"status": "affected",
"version": "93db446a424cee9387b532995e6b516667079555",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mtd/nand/raw/denali_pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: denali: Use managed device resources\n\nAll of the resources used by this driver has managed interfaces, so use\nthem. Otherwise we will get the following splat:\n\n[ 4.472703] denali-nand-pci 0000:00:05.0: timeout while waiting for irq 0x1000\n[ 4.474071] denali-nand-pci: probe of 0000:00:05.0 failed with error -5\n[ 4.473538] nand: No NAND device found\n[ 4.474068] BUG: unable to handle page fault for address: ffffc90005000410\n[ 4.475169] #PF: supervisor write access in kernel mode\n[ 4.475579] #PF: error_code(0x0002) - not-present page\n[ 4.478362] RIP: 0010:iowrite32+0x9/0x50\n[ 4.486068] Call Trace:\n[ 4.486269] \u003cIRQ\u003e\n[ 4.486443] denali_isr+0x15b/0x300 [denali]\n[ 4.486788] ? denali_direct_write+0x50/0x50 [denali]\n[ 4.487189] __handle_irq_event_percpu+0x161/0x3b0\n[ 4.487571] handle_irq_event+0x7d/0x1b0\n[ 4.487884] handle_fasteoi_irq+0x2b0/0x770\n[ 4.488219] __common_interrupt+0xc8/0x1b0\n[ 4.488549] common_interrupt+0x9a/0xc0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:31.928Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c68daf4a368cd9e63ae5a2145c9e4a6f838c166"
},
{
"url": "https://git.kernel.org/stable/c/3830dbdfb9a4aec680e43ed80b9f23db7a88eac9"
},
{
"url": "https://git.kernel.org/stable/c/87149cf9186201a63f0e0b93d9fa93d480bcb771"
},
{
"url": "https://git.kernel.org/stable/c/efea1dd176edd17c8252051b7de6957f06efc394"
},
{
"url": "https://git.kernel.org/stable/c/3a745b51cddafade99aaea1b93aad31e9614e230"
}
],
"title": "mtd: rawnand: denali: Use managed device resources",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49512",
"datePublished": "2025-02-26T02:13:42.128Z",
"dateReserved": "2025-02-26T02:08:31.587Z",
"dateUpdated": "2025-05-04T08:39:31.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49100 (GCVE-0-2022-49100)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
virtio_console: eliminate anonymous module_init & module_exit
Eliminate anonymous module_init() and module_exit(), which can lead to
confusion or ambiguity when reading System.map, crashes/oops/bugs,
or an initcall_debug log.
Give each of these init and exit functions unique driver-specific
names to eliminate the anonymous names.
Example 1: (System.map)
ffffffff832fc78c t init
ffffffff832fc79e t init
ffffffff832fc8f8 t init
Example 2: (initcall_debug log)
calling init+0x0/0x12 @ 1
initcall init+0x0/0x12 returned 0 after 15 usecs
calling init+0x0/0x60 @ 1
initcall init+0x0/0x60 returned 0 after 2 usecs
calling init+0x0/0x9a @ 1
initcall init+0x0/0x9a returned 0 after 74 usecs
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/virtio_console.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "93e3d88321d2274fa4e26b006e19cc10fec331c2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7deaddb704713608e0ae559e27185581b9af71a0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0f3d824bd70a1303464d5e93ee3e7afe7832fe89",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3504b0a177208eda85bf472bbf7c9aa77d2b8343",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c69b442125bf009fce26e15aa5616caf8a3673c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "44c2d5fbe7b2bd1f8cb114d608a591a73a5d4ae6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3fd5dee7404ce40c79cba468bb2510115639d975",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "71612aee09ecea3475f8751dc841d75a011b1fd0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fefb8a2a941338d871e2d83fbd65fbfa068857bd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/virtio_console.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_console: eliminate anonymous module_init \u0026 module_exit\n\nEliminate anonymous module_init() and module_exit(), which can lead to\nconfusion or ambiguity when reading System.map, crashes/oops/bugs,\nor an initcall_debug log.\n\nGive each of these init and exit functions unique driver-specific\nnames to eliminate the anonymous names.\n\nExample 1: (System.map)\n ffffffff832fc78c t init\n ffffffff832fc79e t init\n ffffffff832fc8f8 t init\n\nExample 2: (initcall_debug log)\n calling init+0x0/0x12 @ 1\n initcall init+0x0/0x12 returned 0 after 15 usecs\n calling init+0x0/0x60 @ 1\n initcall init+0x0/0x60 returned 0 after 2 usecs\n calling init+0x0/0x9a @ 1\n initcall init+0x0/0x9a returned 0 after 74 usecs"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:53.050Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/93e3d88321d2274fa4e26b006e19cc10fec331c2"
},
{
"url": "https://git.kernel.org/stable/c/7deaddb704713608e0ae559e27185581b9af71a0"
},
{
"url": "https://git.kernel.org/stable/c/0f3d824bd70a1303464d5e93ee3e7afe7832fe89"
},
{
"url": "https://git.kernel.org/stable/c/3504b0a177208eda85bf472bbf7c9aa77d2b8343"
},
{
"url": "https://git.kernel.org/stable/c/c69b442125bf009fce26e15aa5616caf8a3673c3"
},
{
"url": "https://git.kernel.org/stable/c/44c2d5fbe7b2bd1f8cb114d608a591a73a5d4ae6"
},
{
"url": "https://git.kernel.org/stable/c/3fd5dee7404ce40c79cba468bb2510115639d975"
},
{
"url": "https://git.kernel.org/stable/c/71612aee09ecea3475f8751dc841d75a011b1fd0"
},
{
"url": "https://git.kernel.org/stable/c/fefb8a2a941338d871e2d83fbd65fbfa068857bd"
}
],
"title": "virtio_console: eliminate anonymous module_init \u0026 module_exit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49100",
"datePublished": "2025-02-26T01:54:51.044Z",
"dateReserved": "2025-02-26T01:49:39.250Z",
"dateUpdated": "2025-05-04T08:29:53.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49339 (GCVE-0-2022-49339)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: unexport __init-annotated seg6_hmac_init()
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because the caller (net/ipv6/seg6.c)
and the callee (net/ipv6/seg6_hmac.c) belong to the same module.
It seems an internal function call in ipv6.ko.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c Version: bf355b8d2c30a289232042cacc1cfaea4923936c |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6_hmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "64aef8efe96c1616142c4476a05731306fc4494e",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "ab8b2c2de273ec1d698a18e399896a6febb5cda0",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "317260b3eb6384a05a8af212308fa50f3b2e8290",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "5d9c1b081ad28c852a97e10dd75412546497694a",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "1084716f76c8045eadf92a9d9a62641f3c8d8c90",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "3e6de5037148c5a93a436b1e8d2edad3dac11755",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "9ba4416b831eeb4d185e88e73488d1d21288e63a",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
},
{
"lessThan": "5801f064e35181c71857a80ff18af4dbec3c5f5c",
"status": "affected",
"version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6_hmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: unexport __init-annotated seg6_hmac_init()\n\nEXPORT_SYMBOL and __init is a bad combination because the .init.text\nsection is freed up after the initialization. Hence, modules cannot\nuse symbols annotated __init. The access to a freed symbol may end up\nwith kernel panic.\n\nmodpost used to detect it, but it has been broken for a decade.\n\nRecently, I fixed modpost so it started to warn it again, then this\nshowed up in linux-next builds.\n\nThere are two ways to fix it:\n\n - Remove __init\n - Remove EXPORT_SYMBOL\n\nI chose the latter for this case because the caller (net/ipv6/seg6.c)\nand the callee (net/ipv6/seg6_hmac.c) belong to the same module.\nIt seems an internal function call in ipv6.ko."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:37.695Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/64aef8efe96c1616142c4476a05731306fc4494e"
},
{
"url": "https://git.kernel.org/stable/c/ab8b2c2de273ec1d698a18e399896a6febb5cda0"
},
{
"url": "https://git.kernel.org/stable/c/317260b3eb6384a05a8af212308fa50f3b2e8290"
},
{
"url": "https://git.kernel.org/stable/c/5d9c1b081ad28c852a97e10dd75412546497694a"
},
{
"url": "https://git.kernel.org/stable/c/1084716f76c8045eadf92a9d9a62641f3c8d8c90"
},
{
"url": "https://git.kernel.org/stable/c/3e6de5037148c5a93a436b1e8d2edad3dac11755"
},
{
"url": "https://git.kernel.org/stable/c/9ba4416b831eeb4d185e88e73488d1d21288e63a"
},
{
"url": "https://git.kernel.org/stable/c/5801f064e35181c71857a80ff18af4dbec3c5f5c"
}
],
"title": "net: ipv6: unexport __init-annotated seg6_hmac_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49339",
"datePublished": "2025-02-26T02:10:56.704Z",
"dateReserved": "2025-02-26T02:08:31.541Z",
"dateUpdated": "2025-05-04T08:35:37.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49262 (GCVE-0-2022-49262)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: octeontx2 - remove CONFIG_DM_CRYPT check
No issues were found while using the driver with dm-crypt enabled. So
CONFIG_DM_CRYPT check in the driver can be removed.
This also fixes the NULL pointer dereference in driver release if
CONFIG_DM_CRYPT is enabled.
...
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
...
Call trace:
crypto_unregister_alg+0x68/0xfc
crypto_unregister_skciphers+0x44/0x60
otx2_cpt_crypto_exit+0x100/0x1a0
otx2_cptvf_remove+0xf8/0x200
pci_device_remove+0x3c/0xd4
__device_release_driver+0x188/0x234
device_release_driver+0x2c/0x4c
...
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e6374086f249295121384bfaa7cdcc8d461146f0",
"status": "affected",
"version": "6f03f0e8b6c8a82d8e740ff3a87ed407ad423243",
"versionType": "git"
},
{
"lessThan": "a462214866eebbca87e13ff6d73092b1c4895624",
"status": "affected",
"version": "6f03f0e8b6c8a82d8e740ff3a87ed407ad423243",
"versionType": "git"
},
{
"lessThan": "a1bf728f3388ac3a2c2dffa57e25622e90b9f6f2",
"status": "affected",
"version": "6f03f0e8b6c8a82d8e740ff3a87ed407ad423243",
"versionType": "git"
},
{
"lessThan": "2d841af23ae8f398c85dd1ff2dc24b5ec8ba4569",
"status": "affected",
"version": "6f03f0e8b6c8a82d8e740ff3a87ed407ad423243",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: octeontx2 - remove CONFIG_DM_CRYPT check\n\nNo issues were found while using the driver with dm-crypt enabled. So\nCONFIG_DM_CRYPT check in the driver can be removed.\n\nThis also fixes the NULL pointer dereference in driver release if\nCONFIG_DM_CRYPT is enabled.\n\n...\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n...\nCall trace:\n crypto_unregister_alg+0x68/0xfc\n crypto_unregister_skciphers+0x44/0x60\n otx2_cpt_crypto_exit+0x100/0x1a0\n otx2_cptvf_remove+0xf8/0x200\n pci_device_remove+0x3c/0xd4\n __device_release_driver+0x188/0x234\n device_release_driver+0x2c/0x4c\n..."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:37.249Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e6374086f249295121384bfaa7cdcc8d461146f0"
},
{
"url": "https://git.kernel.org/stable/c/a462214866eebbca87e13ff6d73092b1c4895624"
},
{
"url": "https://git.kernel.org/stable/c/a1bf728f3388ac3a2c2dffa57e25622e90b9f6f2"
},
{
"url": "https://git.kernel.org/stable/c/2d841af23ae8f398c85dd1ff2dc24b5ec8ba4569"
}
],
"title": "crypto: octeontx2 - remove CONFIG_DM_CRYPT check",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49262",
"datePublished": "2025-02-26T01:56:13.566Z",
"dateReserved": "2025-02-26T01:49:39.296Z",
"dateUpdated": "2025-05-04T08:33:37.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49498 (GCVE-0-2022-49498)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: Check for null pointer of pointer substream before dereferencing it
Pointer substream is being dereferenced on the assignment of pointer card
before substream is being null checked with the macro PCM_RUNTIME_CHECK.
Although PCM_RUNTIME_CHECK calls BUG_ON, it still is useful to perform the
the pointer check before card is assigned.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 95b30a4312545f2dde9db12bf6a425f35d5a0d77 Version: d4cfb30fce03093ad944e0b44bd8f40bdad5330e Version: d4cfb30fce03093ad944e0b44bd8f40bdad5330e Version: d4cfb30fce03093ad944e0b44bd8f40bdad5330e Version: d4cfb30fce03093ad944e0b44bd8f40bdad5330e Version: d4cfb30fce03093ad944e0b44bd8f40bdad5330e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:38:39.304232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:43.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/core/pcm_memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b2421a196cb0911ea95aec1050a0b830464c8fa6",
"status": "affected",
"version": "95b30a4312545f2dde9db12bf6a425f35d5a0d77",
"versionType": "git"
},
{
"lessThan": "f2c68c52898f623fe84518da4606538d193b0cca",
"status": "affected",
"version": "d4cfb30fce03093ad944e0b44bd8f40bdad5330e",
"versionType": "git"
},
{
"lessThan": "7784d22f81a29df2ec57ca90d54f93a35cbcd1a2",
"status": "affected",
"version": "d4cfb30fce03093ad944e0b44bd8f40bdad5330e",
"versionType": "git"
},
{
"lessThan": "1f2e28857be1e5c7db39bbc221332215fc5467e3",
"status": "affected",
"version": "d4cfb30fce03093ad944e0b44bd8f40bdad5330e",
"versionType": "git"
},
{
"lessThan": "b41ef7ad9238c22aa2e142f5ce4ce1a1a0d48123",
"status": "affected",
"version": "d4cfb30fce03093ad944e0b44bd8f40bdad5330e",
"versionType": "git"
},
{
"lessThan": "011b559be832194f992f73d6c0d5485f5925a10b",
"status": "affected",
"version": "d4cfb30fce03093ad944e0b44bd8f40bdad5330e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/core/pcm_memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Check for null pointer of pointer substream before dereferencing it\n\nPointer substream is being dereferenced on the assignment of pointer card\nbefore substream is being null checked with the macro PCM_RUNTIME_CHECK.\nAlthough PCM_RUNTIME_CHECK calls BUG_ON, it still is useful to perform the\nthe pointer check before card is assigned."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:12.994Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b2421a196cb0911ea95aec1050a0b830464c8fa6"
},
{
"url": "https://git.kernel.org/stable/c/f2c68c52898f623fe84518da4606538d193b0cca"
},
{
"url": "https://git.kernel.org/stable/c/7784d22f81a29df2ec57ca90d54f93a35cbcd1a2"
},
{
"url": "https://git.kernel.org/stable/c/1f2e28857be1e5c7db39bbc221332215fc5467e3"
},
{
"url": "https://git.kernel.org/stable/c/b41ef7ad9238c22aa2e142f5ce4ce1a1a0d48123"
},
{
"url": "https://git.kernel.org/stable/c/011b559be832194f992f73d6c0d5485f5925a10b"
}
],
"title": "ALSA: pcm: Check for null pointer of pointer substream before dereferencing it",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49498",
"datePublished": "2025-02-26T02:13:32.895Z",
"dateReserved": "2025-02-26T02:08:31.586Z",
"dateUpdated": "2025-10-01T19:46:43.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49688 (GCVE-0-2022-49688)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 12:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix dynamic root getattr
The recent patch to make afs_getattr consult the server didn't account
for the pseudo-inodes employed by the dynamic root-type afs superblock
not having a volume or a server to access, and thus an oops occurs if
such a directory is stat'd.
Fix this by checking to see if the vnode->volume pointer actually points
anywhere before following it in afs_getattr().
This can be tested by stat'ing a directory in /afs. It may be
sufficient just to do "ls /afs" and the oops looks something like:
BUG: kernel NULL pointer dereference, address: 0000000000000020
...
RIP: 0010:afs_getattr+0x8b/0x14b
...
Call Trace:
<TASK>
vfs_statx+0x79/0xf5
vfs_fstatat+0x49/0x62
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: b76ea7c06b24dcf97ea3379b6957d5b99c346ea0 Version: dba1941f5bc3de6b460685155b89ae1182824fc8 Version: 61a4cc41e5c1b77d05a12798f8032050aa75f3c8 Version: 94bf8bfb009fad247d02f12e4c443411c8445412 Version: 2aeb8c86d49967552394d5e723f87454cb53f501 Version: 2aeb8c86d49967552394d5e723f87454cb53f501 Version: 9e655a8b874d7c56e02938ddb221b16e293793df |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/afs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "65c24caf1b9f5b08397c6e805ec24ebc390c6e4d",
"status": "affected",
"version": "b76ea7c06b24dcf97ea3379b6957d5b99c346ea0",
"versionType": "git"
},
{
"lessThan": "e3a232e5767051483ffad4cef7d0a89d292a192b",
"status": "affected",
"version": "dba1941f5bc3de6b460685155b89ae1182824fc8",
"versionType": "git"
},
{
"lessThan": "7b564e3254b7db5fbfbf11a824627a6c31b932b4",
"status": "affected",
"version": "61a4cc41e5c1b77d05a12798f8032050aa75f3c8",
"versionType": "git"
},
{
"lessThan": "2b2bba96526f25f2eba74ecadb031de2e05a83ce",
"status": "affected",
"version": "94bf8bfb009fad247d02f12e4c443411c8445412",
"versionType": "git"
},
{
"lessThan": "7844ceada44eca740d31beb3d97b8511b1ca0a9b",
"status": "affected",
"version": "2aeb8c86d49967552394d5e723f87454cb53f501",
"versionType": "git"
},
{
"lessThan": "cb78d1b5efffe4cf97e16766329dd7358aed3deb",
"status": "affected",
"version": "2aeb8c86d49967552394d5e723f87454cb53f501",
"versionType": "git"
},
{
"status": "affected",
"version": "9e655a8b874d7c56e02938ddb221b16e293793df",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/afs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.250",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.250",
"versionStartIncluding": "4.19.245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.202",
"versionStartIncluding": "5.4.196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "5.10.118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "5.15.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix dynamic root getattr\n\nThe recent patch to make afs_getattr consult the server didn\u0027t account\nfor the pseudo-inodes employed by the dynamic root-type afs superblock\nnot having a volume or a server to access, and thus an oops occurs if\nsuch a directory is stat\u0027d.\n\nFix this by checking to see if the vnode-\u003evolume pointer actually points\nanywhere before following it in afs_getattr().\n\nThis can be tested by stat\u0027ing a directory in /afs. It may be\nsufficient just to do \"ls /afs\" and the oops looks something like:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000020\n ...\n RIP: 0010:afs_getattr+0x8b/0x14b\n ...\n Call Trace:\n \u003cTASK\u003e\n vfs_statx+0x79/0xf5\n vfs_fstatat+0x49/0x62"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:45:07.501Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/65c24caf1b9f5b08397c6e805ec24ebc390c6e4d"
},
{
"url": "https://git.kernel.org/stable/c/e3a232e5767051483ffad4cef7d0a89d292a192b"
},
{
"url": "https://git.kernel.org/stable/c/7b564e3254b7db5fbfbf11a824627a6c31b932b4"
},
{
"url": "https://git.kernel.org/stable/c/2b2bba96526f25f2eba74ecadb031de2e05a83ce"
},
{
"url": "https://git.kernel.org/stable/c/7844ceada44eca740d31beb3d97b8511b1ca0a9b"
},
{
"url": "https://git.kernel.org/stable/c/cb78d1b5efffe4cf97e16766329dd7358aed3deb"
}
],
"title": "afs: Fix dynamic root getattr",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49688",
"datePublished": "2025-02-26T02:24:13.686Z",
"dateReserved": "2025-02-26T02:21:30.442Z",
"dateUpdated": "2025-05-04T12:45:07.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2977 (GCVE-0-2022-2977)
Vulnerability from cvelistv5
Published
2022-09-14 00:00
Modified
2024-08-03 00:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Linux kernel |
Version: Linux kernel versions prior to 5.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230214-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel versions prior to 5.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230214-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2977",
"datePublished": "2022-09-14T00:00:00",
"dateReserved": "2022-08-24T00:00:00",
"dateUpdated": "2024-08-03T00:52:59.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49241 (GCVE-0-2022-49241)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
This function only calls of_node_put() in the regular path.
And it will cause refcount leak in error path.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:45:45.814796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:02.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/atmel/sam9x5_wm8731.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "90ac679aa6a01841da90ec5a4aaa4b5e0badddf0",
"status": "affected",
"version": "fdbcb3cba54b29a37dfe42acdc0e72c543e0807d",
"versionType": "git"
},
{
"lessThan": "f589063b585ac6dd2081bde6c145411cf48d8d92",
"status": "affected",
"version": "fdbcb3cba54b29a37dfe42acdc0e72c543e0807d",
"versionType": "git"
},
{
"lessThan": "14228225091a0854b1de23e5b4fe8bdeeca9683b",
"status": "affected",
"version": "fdbcb3cba54b29a37dfe42acdc0e72c543e0807d",
"versionType": "git"
},
{
"lessThan": "f43ad5dc43240289f4cf13c16cc506f4f7087931",
"status": "affected",
"version": "fdbcb3cba54b29a37dfe42acdc0e72c543e0807d",
"versionType": "git"
},
{
"lessThan": "740dc3e846537c3743da98bf106f376023fd085c",
"status": "affected",
"version": "fdbcb3cba54b29a37dfe42acdc0e72c543e0807d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/atmel/sam9x5_wm8731.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:10.074Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/90ac679aa6a01841da90ec5a4aaa4b5e0badddf0"
},
{
"url": "https://git.kernel.org/stable/c/f589063b585ac6dd2081bde6c145411cf48d8d92"
},
{
"url": "https://git.kernel.org/stable/c/14228225091a0854b1de23e5b4fe8bdeeca9683b"
},
{
"url": "https://git.kernel.org/stable/c/f43ad5dc43240289f4cf13c16cc506f4f7087931"
},
{
"url": "https://git.kernel.org/stable/c/740dc3e846537c3743da98bf106f376023fd085c"
}
],
"title": "ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49241",
"datePublished": "2025-02-26T01:56:03.303Z",
"dateReserved": "2025-02-26T01:49:39.294Z",
"dateUpdated": "2025-10-01T19:47:02.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49487 (GCVE-0-2022-49487)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe()
It will cause null-ptr-deref when using 'res', if platform_get_resource()
returns NULL, so move using 'res' after devm_ioremap_resource() that
will check it to avoid null-ptr-deref.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:39:03.321140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:44.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mtd/nand/raw/intel-nand-controller.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e5b1e419cdb6dd8709eb05ed34039a3ded8e6003",
"status": "affected",
"version": "0b1039f016e8a37c779a4aee362cb2100ebb1cfd",
"versionType": "git"
},
{
"lessThan": "daa5166450b447415aeeaac0199e445bae7bd0f2",
"status": "affected",
"version": "0b1039f016e8a37c779a4aee362cb2100ebb1cfd",
"versionType": "git"
},
{
"lessThan": "f8e262eb7575a4a2412f30f7a1b293875aceba80",
"status": "affected",
"version": "0b1039f016e8a37c779a4aee362cb2100ebb1cfd",
"versionType": "git"
},
{
"lessThan": "ddf66aefd685fd46500b9917333e1b1e118276dc",
"status": "affected",
"version": "0b1039f016e8a37c779a4aee362cb2100ebb1cfd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mtd/nand/raw/intel-nand-controller.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe()\n\nIt will cause null-ptr-deref when using \u0027res\u0027, if platform_get_resource()\nreturns NULL, so move using \u0027res\u0027 after devm_ioremap_resource() that\nwill check it to avoid null-ptr-deref."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:38:57.616Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e5b1e419cdb6dd8709eb05ed34039a3ded8e6003"
},
{
"url": "https://git.kernel.org/stable/c/daa5166450b447415aeeaac0199e445bae7bd0f2"
},
{
"url": "https://git.kernel.org/stable/c/f8e262eb7575a4a2412f30f7a1b293875aceba80"
},
{
"url": "https://git.kernel.org/stable/c/ddf66aefd685fd46500b9917333e1b1e118276dc"
}
],
"title": "mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49487",
"datePublished": "2025-02-26T02:13:25.464Z",
"dateReserved": "2025-02-26T02:08:31.583Z",
"dateUpdated": "2025-10-01T19:46:44.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2201 (GCVE-0-2024-2201)
Vulnerability from cvelistv5
Published
2024-12-19 20:28
Modified
2025-01-09 16:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T18:51:54.984364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T16:40:32.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xen",
"vendor": "Xen",
"versions": [
{
"status": "affected",
"version": "See advisory \"x86: Native Branch History Injection\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1423",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T20:29:32.134Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/155143"
},
{
"url": "https://github.com/vusec/inspectre-gadget?tab=readme-ov-file"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/09/15"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/05/07/7"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-456.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QKNCPX7CJUK4I6BRGABAUQK2DMQZUCA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5OK6MH75S7YWD34EWW7QIZTS627RIE3/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYAZ7P6YFJ2E3FHKAGIKHWS46KYMMTZH/"
},
{
"url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/branch-history-injection.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2024-2201",
"x_generator": {
"engine": "VINCE 3.0.11",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2201"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-2201",
"datePublished": "2024-12-19T20:28:31.596Z",
"dateReserved": "2024-03-05T19:12:39.649Z",
"dateUpdated": "2025-01-09T16:40:32.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49060 (GCVE-0-2022-49060)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
dev_name() was called with dev.parent as argument but without to
NULL-check it before.
Solve this by checking the pointer before the call to dev_name().
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:49:56.005527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:06.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/smc/smc_pnet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a05f5e26cb8bb4d07e0595545fcad1bb406f0085",
"status": "affected",
"version": "af5f60c7e3d593c2fa31b9a62c16eae75f074de3",
"versionType": "git"
},
{
"lessThan": "35b91e49bc80ca944a8679c3b139ddaf2f8eea0f",
"status": "affected",
"version": "af5f60c7e3d593c2fa31b9a62c16eae75f074de3",
"versionType": "git"
},
{
"lessThan": "3a523807f01455fe9a0c1a433f27cd4411ee400f",
"status": "affected",
"version": "af5f60c7e3d593c2fa31b9a62c16eae75f074de3",
"versionType": "git"
},
{
"lessThan": "22025513ced3d599ee8b24169141c95cf2467a4a",
"status": "affected",
"version": "af5f60c7e3d593c2fa31b9a62c16eae75f074de3",
"versionType": "git"
},
{
"lessThan": "d22f4f977236f97e01255a80bca2ea93a8094fc8",
"status": "affected",
"version": "af5f60c7e3d593c2fa31b9a62c16eae75f074de3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/smc/smc_pnet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.190",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.112",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.35",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix NULL pointer dereference in smc_pnet_find_ib()\n\ndev_name() was called with dev.parent as argument but without to\nNULL-check it before.\nSolve this by checking the pointer before the call to dev_name()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:53.160Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a05f5e26cb8bb4d07e0595545fcad1bb406f0085"
},
{
"url": "https://git.kernel.org/stable/c/35b91e49bc80ca944a8679c3b139ddaf2f8eea0f"
},
{
"url": "https://git.kernel.org/stable/c/3a523807f01455fe9a0c1a433f27cd4411ee400f"
},
{
"url": "https://git.kernel.org/stable/c/22025513ced3d599ee8b24169141c95cf2467a4a"
},
{
"url": "https://git.kernel.org/stable/c/d22f4f977236f97e01255a80bca2ea93a8094fc8"
}
],
"title": "net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49060",
"datePublished": "2025-02-26T01:54:30.482Z",
"dateReserved": "2025-02-26T01:49:39.243Z",
"dateUpdated": "2025-10-01T19:57:06.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0168 (GCVE-0-2022-0168)
Vulnerability from cvelistv5
Published
2022-08-26 17:25
Modified
2024-08-02 23:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - - NULL Pointer Dereference
Summary
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037386"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects v5.4\u20135.12, v5.13-rc+HEAD"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service (DOS) issue was found in the Linux kernel\u2019s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 - NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T17:25:46",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037386"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0168",
"datePublished": "2022-08-26T17:25:46",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49247 (GCVE-0-2022-49247)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
If the callback 'start_streaming' fails, then all
queued buffers in the driver should be returned with
state 'VB2_BUF_STATE_QUEUED'. Currently, they are
returned with 'VB2_BUF_STATE_ERROR' which is wrong.
Fix this. This also fixes the warning:
[ 65.583633] WARNING: CPU: 5 PID: 593 at drivers/media/common/videobuf2/videobuf2-core.c:1612 vb2_start_streaming+0xd4/0x160 [videobuf2_common]
[ 65.585027] Modules linked in: snd_usb_audio snd_hwdep snd_usbmidi_lib snd_rawmidi snd_soc_hdmi_codec dw_hdmi_i2s_audio saa7115 stk1160 videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev mc crct10dif_ce panfrost snd_soc_simple_card snd_soc_audio_graph_card snd_soc_spdif_tx snd_soc_simple_card_utils gpu_sched phy_rockchip_pcie snd_soc_rockchip_i2s rockchipdrm analogix_dp dw_mipi_dsi dw_hdmi cec drm_kms_helper drm rtc_rk808 rockchip_saradc industrialio_triggered_buffer kfifo_buf rockchip_thermal pcie_rockchip_host ip_tables x_tables ipv6
[ 65.589383] CPU: 5 PID: 593 Comm: v4l2src0:src Tainted: G W 5.16.0-rc4-62408-g32447129cb30-dirty #14
[ 65.590293] Hardware name: Radxa ROCK Pi 4B (DT)
[ 65.590696] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 65.591304] pc : vb2_start_streaming+0xd4/0x160 [videobuf2_common]
[ 65.591850] lr : vb2_start_streaming+0x6c/0x160 [videobuf2_common]
[ 65.592395] sp : ffff800012bc3ad0
[ 65.592685] x29: ffff800012bc3ad0 x28: 0000000000000000 x27: ffff800012bc3cd8
[ 65.593312] x26: 0000000000000000 x25: ffff00000d8a7800 x24: 0000000040045612
[ 65.593938] x23: ffff800011323000 x22: ffff800012bc3cd8 x21: ffff00000908a8b0
[ 65.594562] x20: ffff00000908a8c8 x19: 00000000fffffff4 x18: ffffffffffffffff
[ 65.595188] x17: 000000040044ffff x16: 00400034b5503510 x15: ffff800011323f78
[ 65.595813] x14: ffff000013163886 x13: ffff000013163885 x12: 00000000000002ce
[ 65.596439] x11: 0000000000000028 x10: 0000000000000001 x9 : 0000000000000228
[ 65.597064] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff726c5e78
[ 65.597690] x5 : ffff800012bc3990 x4 : 0000000000000000 x3 : ffff000009a34880
[ 65.598315] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007cd99f0
[ 65.598940] Call trace:
[ 65.599155] vb2_start_streaming+0xd4/0x160 [videobuf2_common]
[ 65.599672] vb2_core_streamon+0x17c/0x1a8 [videobuf2_common]
[ 65.600179] vb2_streamon+0x54/0x88 [videobuf2_v4l2]
[ 65.600619] vb2_ioctl_streamon+0x54/0x60 [videobuf2_v4l2]
[ 65.601103] v4l_streamon+0x3c/0x50 [videodev]
[ 65.601521] __video_do_ioctl+0x1a4/0x428 [videodev]
[ 65.601977] video_usercopy+0x320/0x828 [videodev]
[ 65.602419] video_ioctl2+0x3c/0x58 [videodev]
[ 65.602830] v4l2_ioctl+0x60/0x90 [videodev]
[ 65.603227] __arm64_sys_ioctl+0xa8/0xe0
[ 65.603576] invoke_syscall+0x54/0x118
[ 65.603911] el0_svc_common.constprop.3+0x84/0x100
[ 65.604332] do_el0_svc+0x34/0xa0
[ 65.604625] el0_svc+0x1c/0x50
[ 65.604897] el0t_64_sync_handler+0x88/0xb0
[ 65.605264] el0t_64_sync+0x16c/0x170
[ 65.605587] ---[ end trace 578e0ba07742170d ]---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 8ac456495a33d9466076fea94594181ceefb76d9 Version: 8ac456495a33d9466076fea94594181ceefb76d9 Version: 8ac456495a33d9466076fea94594181ceefb76d9 Version: 8ac456495a33d9466076fea94594181ceefb76d9 Version: 8ac456495a33d9466076fea94594181ceefb76d9 Version: 8ac456495a33d9466076fea94594181ceefb76d9 Version: 8ac456495a33d9466076fea94594181ceefb76d9 Version: 8ac456495a33d9466076fea94594181ceefb76d9 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/stk1160/stk1160-core.c",
"drivers/media/usb/stk1160/stk1160-v4l.c",
"drivers/media/usb/stk1160/stk1160.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "03054f22d5abd80ad89547512c2bfbfb2714d3ed",
"status": "affected",
"version": "8ac456495a33d9466076fea94594181ceefb76d9",
"versionType": "git"
},
{
"lessThan": "f04a520a422222fc921bf035dc67414c500a286a",
"status": "affected",
"version": "8ac456495a33d9466076fea94594181ceefb76d9",
"versionType": "git"
},
{
"lessThan": "3cc050df73e3d973f1870a8dc0e177e77670bc7f",
"status": "affected",
"version": "8ac456495a33d9466076fea94594181ceefb76d9",
"versionType": "git"
},
{
"lessThan": "4d68603cc4382174bc1e7d532e10675c48c6b257",
"status": "affected",
"version": "8ac456495a33d9466076fea94594181ceefb76d9",
"versionType": "git"
},
{
"lessThan": "a09e9882800fdfc5aab93f77c3f0132071d2191b",
"status": "affected",
"version": "8ac456495a33d9466076fea94594181ceefb76d9",
"versionType": "git"
},
{
"lessThan": "2874122ca4ca74adec72d6d6bf8828228ec20f15",
"status": "affected",
"version": "8ac456495a33d9466076fea94594181ceefb76d9",
"versionType": "git"
},
{
"lessThan": "f66e6fd1488d26229f11d86616de1b658c70fa8a",
"status": "affected",
"version": "8ac456495a33d9466076fea94594181ceefb76d9",
"versionType": "git"
},
{
"lessThan": "fbe04b49a54e31f4321d632270207f0e6304cd16",
"status": "affected",
"version": "8ac456495a33d9466076fea94594181ceefb76d9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/stk1160/stk1160-core.c",
"drivers/media/usb/stk1160/stk1160-v4l.c",
"drivers/media/usb/stk1160/stk1160.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED\n\nIf the callback \u0027start_streaming\u0027 fails, then all\nqueued buffers in the driver should be returned with\nstate \u0027VB2_BUF_STATE_QUEUED\u0027. Currently, they are\nreturned with \u0027VB2_BUF_STATE_ERROR\u0027 which is wrong.\nFix this. This also fixes the warning:\n\n[ 65.583633] WARNING: CPU: 5 PID: 593 at drivers/media/common/videobuf2/videobuf2-core.c:1612 vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[ 65.585027] Modules linked in: snd_usb_audio snd_hwdep snd_usbmidi_lib snd_rawmidi snd_soc_hdmi_codec dw_hdmi_i2s_audio saa7115 stk1160 videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev mc crct10dif_ce panfrost snd_soc_simple_card snd_soc_audio_graph_card snd_soc_spdif_tx snd_soc_simple_card_utils gpu_sched phy_rockchip_pcie snd_soc_rockchip_i2s rockchipdrm analogix_dp dw_mipi_dsi dw_hdmi cec drm_kms_helper drm rtc_rk808 rockchip_saradc industrialio_triggered_buffer kfifo_buf rockchip_thermal pcie_rockchip_host ip_tables x_tables ipv6\n[ 65.589383] CPU: 5 PID: 593 Comm: v4l2src0:src Tainted: G W 5.16.0-rc4-62408-g32447129cb30-dirty #14\n[ 65.590293] Hardware name: Radxa ROCK Pi 4B (DT)\n[ 65.590696] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 65.591304] pc : vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[ 65.591850] lr : vb2_start_streaming+0x6c/0x160 [videobuf2_common]\n[ 65.592395] sp : ffff800012bc3ad0\n[ 65.592685] x29: ffff800012bc3ad0 x28: 0000000000000000 x27: ffff800012bc3cd8\n[ 65.593312] x26: 0000000000000000 x25: ffff00000d8a7800 x24: 0000000040045612\n[ 65.593938] x23: ffff800011323000 x22: ffff800012bc3cd8 x21: ffff00000908a8b0\n[ 65.594562] x20: ffff00000908a8c8 x19: 00000000fffffff4 x18: ffffffffffffffff\n[ 65.595188] x17: 000000040044ffff x16: 00400034b5503510 x15: ffff800011323f78\n[ 65.595813] x14: ffff000013163886 x13: ffff000013163885 x12: 00000000000002ce\n[ 65.596439] x11: 0000000000000028 x10: 0000000000000001 x9 : 0000000000000228\n[ 65.597064] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff726c5e78\n[ 65.597690] x5 : ffff800012bc3990 x4 : 0000000000000000 x3 : ffff000009a34880\n[ 65.598315] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007cd99f0\n[ 65.598940] Call trace:\n[ 65.599155] vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[ 65.599672] vb2_core_streamon+0x17c/0x1a8 [videobuf2_common]\n[ 65.600179] vb2_streamon+0x54/0x88 [videobuf2_v4l2]\n[ 65.600619] vb2_ioctl_streamon+0x54/0x60 [videobuf2_v4l2]\n[ 65.601103] v4l_streamon+0x3c/0x50 [videodev]\n[ 65.601521] __video_do_ioctl+0x1a4/0x428 [videodev]\n[ 65.601977] video_usercopy+0x320/0x828 [videodev]\n[ 65.602419] video_ioctl2+0x3c/0x58 [videodev]\n[ 65.602830] v4l2_ioctl+0x60/0x90 [videodev]\n[ 65.603227] __arm64_sys_ioctl+0xa8/0xe0\n[ 65.603576] invoke_syscall+0x54/0x118\n[ 65.603911] el0_svc_common.constprop.3+0x84/0x100\n[ 65.604332] do_el0_svc+0x34/0xa0\n[ 65.604625] el0_svc+0x1c/0x50\n[ 65.604897] el0t_64_sync_handler+0x88/0xb0\n[ 65.605264] el0t_64_sync+0x16c/0x170\n[ 65.605587] ---[ end trace 578e0ba07742170d ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:17.999Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/03054f22d5abd80ad89547512c2bfbfb2714d3ed"
},
{
"url": "https://git.kernel.org/stable/c/f04a520a422222fc921bf035dc67414c500a286a"
},
{
"url": "https://git.kernel.org/stable/c/3cc050df73e3d973f1870a8dc0e177e77670bc7f"
},
{
"url": "https://git.kernel.org/stable/c/4d68603cc4382174bc1e7d532e10675c48c6b257"
},
{
"url": "https://git.kernel.org/stable/c/a09e9882800fdfc5aab93f77c3f0132071d2191b"
},
{
"url": "https://git.kernel.org/stable/c/2874122ca4ca74adec72d6d6bf8828228ec20f15"
},
{
"url": "https://git.kernel.org/stable/c/f66e6fd1488d26229f11d86616de1b658c70fa8a"
},
{
"url": "https://git.kernel.org/stable/c/fbe04b49a54e31f4321d632270207f0e6304cd16"
}
],
"title": "media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49247",
"datePublished": "2025-02-26T01:56:06.224Z",
"dateReserved": "2025-02-26T01:49:39.295Z",
"dateUpdated": "2025-05-04T08:33:17.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49277 (GCVE-0-2022-49277)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jffs2: fix memory leak in jffs2_do_mount_fs
If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error,
we can observe the following kmemleak report:
--------------------------------------------
unreferenced object 0xffff88811b25a640 (size 64):
comm "mount", pid 691, jiffies 4294957728 (age 71.952s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffffa493be24>] kmem_cache_alloc_trace+0x584/0x880
[<ffffffffa5423a06>] jffs2_sum_init+0x86/0x130
[<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0
[<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30
[<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0
[...]
unreferenced object 0xffff88812c760000 (size 65536):
comm "mount", pid 691, jiffies 4294957728 (age 71.952s)
hex dump (first 32 bytes):
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
backtrace:
[<ffffffffa493a449>] __kmalloc+0x6b9/0x910
[<ffffffffa5423a57>] jffs2_sum_init+0xd7/0x130
[<ffffffffa5400e58>] jffs2_do_mount_fs+0x798/0xac0
[<ffffffffa540acf3>] jffs2_do_fill_super+0x383/0xc30
[<ffffffffa540c00a>] jffs2_fill_super+0x2ea/0x4c0
[...]
--------------------------------------------
This is because the resources allocated in jffs2_sum_init() are not
released. Call jffs2_sum_exit() to release these resources to solve
the problem.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 Version: e631ddba588783edd521c5a89f7b2902772fb691 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:45:30.429397Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:01.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jffs2/build.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2a9d8184458562e6bf2f40d0e677fc85e2dd3834",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "9a0f6610c7daedd2eace430beeb08a8b7ac80699",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "dbe0d0521eaa6a3d235517319266c539bb5c5112",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "0978e9af4559a171ac7a74a1b3ef21804b0a0fa9",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "607d3aab7349f18e0d9dba4100d09d16fe27caca",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "4392e8aeebc5a4f8073620bccba7de1b1f6d7c88",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "5f34310d1376ca5b2ed798258def2c2ab3cc6699",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "c94128470e6fe53d9bd9d16d2d3271813f9d37af",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "d051cef784de4d54835f6b6836d98a8f6935772c",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jffs2/build.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.15"
},
{
"lessThan": "2.6.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix memory leak in jffs2_do_mount_fs\n\nIf jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error,\nwe can observe the following kmemleak report:\n\n--------------------------------------------\nunreferenced object 0xffff88811b25a640 (size 64):\n comm \"mount\", pid 691, jiffies 4294957728 (age 71.952s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffffa493be24\u003e] kmem_cache_alloc_trace+0x584/0x880\n [\u003cffffffffa5423a06\u003e] jffs2_sum_init+0x86/0x130\n [\u003cffffffffa5400e58\u003e] jffs2_do_mount_fs+0x798/0xac0\n [\u003cffffffffa540acf3\u003e] jffs2_do_fill_super+0x383/0xc30\n [\u003cffffffffa540c00a\u003e] jffs2_fill_super+0x2ea/0x4c0\n [...]\nunreferenced object 0xffff88812c760000 (size 65536):\n comm \"mount\", pid 691, jiffies 4294957728 (age 71.952s)\n hex dump (first 32 bytes):\n bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................\n bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................\n backtrace:\n [\u003cffffffffa493a449\u003e] __kmalloc+0x6b9/0x910\n [\u003cffffffffa5423a57\u003e] jffs2_sum_init+0xd7/0x130\n [\u003cffffffffa5400e58\u003e] jffs2_do_mount_fs+0x798/0xac0\n [\u003cffffffffa540acf3\u003e] jffs2_do_fill_super+0x383/0xc30\n [\u003cffffffffa540c00a\u003e] jffs2_fill_super+0x2ea/0x4c0\n [...]\n--------------------------------------------\n\nThis is because the resources allocated in jffs2_sum_init() are not\nreleased. Call jffs2_sum_exit() to release these resources to solve\nthe problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:00.836Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2a9d8184458562e6bf2f40d0e677fc85e2dd3834"
},
{
"url": "https://git.kernel.org/stable/c/9a0f6610c7daedd2eace430beeb08a8b7ac80699"
},
{
"url": "https://git.kernel.org/stable/c/dbe0d0521eaa6a3d235517319266c539bb5c5112"
},
{
"url": "https://git.kernel.org/stable/c/0978e9af4559a171ac7a74a1b3ef21804b0a0fa9"
},
{
"url": "https://git.kernel.org/stable/c/607d3aab7349f18e0d9dba4100d09d16fe27caca"
},
{
"url": "https://git.kernel.org/stable/c/4392e8aeebc5a4f8073620bccba7de1b1f6d7c88"
},
{
"url": "https://git.kernel.org/stable/c/5f34310d1376ca5b2ed798258def2c2ab3cc6699"
},
{
"url": "https://git.kernel.org/stable/c/c94128470e6fe53d9bd9d16d2d3271813f9d37af"
},
{
"url": "https://git.kernel.org/stable/c/d051cef784de4d54835f6b6836d98a8f6935772c"
}
],
"title": "jffs2: fix memory leak in jffs2_do_mount_fs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49277",
"datePublished": "2025-02-26T01:56:21.037Z",
"dateReserved": "2025-02-26T01:49:39.298Z",
"dateUpdated": "2025-10-01T19:47:01.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49176 (GCVE-0-2022-49176)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bfq: fix use-after-free in bfq_dispatch_request
KASAN reports a use-after-free report when doing normal scsi-mq test
[69832.239032] ==================================================================
[69832.241810] BUG: KASAN: use-after-free in bfq_dispatch_request+0x1045/0x44b0
[69832.243267] Read of size 8 at addr ffff88802622ba88 by task kworker/3:1H/155
[69832.244656]
[69832.245007] CPU: 3 PID: 155 Comm: kworker/3:1H Not tainted 5.10.0-10295-g576c6382529e #8
[69832.246626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[69832.249069] Workqueue: kblockd blk_mq_run_work_fn
[69832.250022] Call Trace:
[69832.250541] dump_stack+0x9b/0xce
[69832.251232] ? bfq_dispatch_request+0x1045/0x44b0
[69832.252243] print_address_description.constprop.6+0x3e/0x60
[69832.253381] ? __cpuidle_text_end+0x5/0x5
[69832.254211] ? vprintk_func+0x6b/0x120
[69832.254994] ? bfq_dispatch_request+0x1045/0x44b0
[69832.255952] ? bfq_dispatch_request+0x1045/0x44b0
[69832.256914] kasan_report.cold.9+0x22/0x3a
[69832.257753] ? bfq_dispatch_request+0x1045/0x44b0
[69832.258755] check_memory_region+0x1c1/0x1e0
[69832.260248] bfq_dispatch_request+0x1045/0x44b0
[69832.261181] ? bfq_bfqq_expire+0x2440/0x2440
[69832.262032] ? blk_mq_delay_run_hw_queues+0xf9/0x170
[69832.263022] __blk_mq_do_dispatch_sched+0x52f/0x830
[69832.264011] ? blk_mq_sched_request_inserted+0x100/0x100
[69832.265101] __blk_mq_sched_dispatch_requests+0x398/0x4f0
[69832.266206] ? blk_mq_do_dispatch_ctx+0x570/0x570
[69832.267147] ? __switch_to+0x5f4/0xee0
[69832.267898] blk_mq_sched_dispatch_requests+0xdf/0x140
[69832.268946] __blk_mq_run_hw_queue+0xc0/0x270
[69832.269840] blk_mq_run_work_fn+0x51/0x60
[69832.278170] process_one_work+0x6d4/0xfe0
[69832.278984] worker_thread+0x91/0xc80
[69832.279726] ? __kthread_parkme+0xb0/0x110
[69832.280554] ? process_one_work+0xfe0/0xfe0
[69832.281414] kthread+0x32d/0x3f0
[69832.282082] ? kthread_park+0x170/0x170
[69832.282849] ret_from_fork+0x1f/0x30
[69832.283573]
[69832.283886] Allocated by task 7725:
[69832.284599] kasan_save_stack+0x19/0x40
[69832.285385] __kasan_kmalloc.constprop.2+0xc1/0xd0
[69832.286350] kmem_cache_alloc_node+0x13f/0x460
[69832.287237] bfq_get_queue+0x3d4/0x1140
[69832.287993] bfq_get_bfqq_handle_split+0x103/0x510
[69832.289015] bfq_init_rq+0x337/0x2d50
[69832.289749] bfq_insert_requests+0x304/0x4e10
[69832.290634] blk_mq_sched_insert_requests+0x13e/0x390
[69832.291629] blk_mq_flush_plug_list+0x4b4/0x760
[69832.292538] blk_flush_plug_list+0x2c5/0x480
[69832.293392] io_schedule_prepare+0xb2/0xd0
[69832.294209] io_schedule_timeout+0x13/0x80
[69832.295014] wait_for_common_io.constprop.1+0x13c/0x270
[69832.296137] submit_bio_wait+0x103/0x1a0
[69832.296932] blkdev_issue_discard+0xe6/0x160
[69832.297794] blk_ioctl_discard+0x219/0x290
[69832.298614] blkdev_common_ioctl+0x50a/0x1750
[69832.304715] blkdev_ioctl+0x470/0x600
[69832.305474] block_ioctl+0xde/0x120
[69832.306232] vfs_ioctl+0x6c/0xc0
[69832.306877] __se_sys_ioctl+0x90/0xa0
[69832.307629] do_syscall_64+0x2d/0x40
[69832.308362] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[69832.309382]
[69832.309701] Freed by task 155:
[69832.310328] kasan_save_stack+0x19/0x40
[69832.311121] kasan_set_track+0x1c/0x30
[69832.311868] kasan_set_free_info+0x1b/0x30
[69832.312699] __kasan_slab_free+0x111/0x160
[69832.313524] kmem_cache_free+0x94/0x460
[69832.314367] bfq_put_queue+0x582/0x940
[69832.315112] __bfq_bfqd_reset_in_service+0x166/0x1d0
[69832.317275] bfq_bfqq_expire+0xb27/0x2440
[69832.318084] bfq_dispatch_request+0x697/0x44b0
[69832.318991] __blk_mq_do_dispatch_sched+0x52f/0x830
[69832.319984] __blk_mq_sched_dispatch_requests+0x398/0x4f0
[69832.321087] blk_mq_sched_dispatch_requests+0xdf/0x140
[69832.322225] __blk_mq_run_hw_queue+0xc0/0x270
[69832.323114] blk_mq_run_work_fn+0x51/0x6
---truncated---
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 Version: aee69d78dec0ffdf82e35d57c626e80dddc314d5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:17:06.859094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:34.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/bfq-iosched.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "74e610b5ee0d95e751280567100509eb11517efa",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "5117c9ff4c2ebae0f5c2c262d42a25a8fbc086e6",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "df6e00b1a53c57dca82c63b5ecbcad5452231bc7",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "080665e2c3cbfc68359b9a348a3546ed9b908e7a",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "5687958bf18f84384d809f521210d0f5deed03b0",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "40b4ba0030e0b02cbacd424ebb9f4c8b0976c786",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
},
{
"lessThan": "ab552fcb17cc9e4afe0e4ac4df95fc7b30e8490a",
"status": "affected",
"version": "aee69d78dec0ffdf82e35d57c626e80dddc314d5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/bfq-iosched.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbfq: fix use-after-free in bfq_dispatch_request\n\nKASAN reports a use-after-free report when doing normal scsi-mq test\n\n[69832.239032] ==================================================================\n[69832.241810] BUG: KASAN: use-after-free in bfq_dispatch_request+0x1045/0x44b0\n[69832.243267] Read of size 8 at addr ffff88802622ba88 by task kworker/3:1H/155\n[69832.244656]\n[69832.245007] CPU: 3 PID: 155 Comm: kworker/3:1H Not tainted 5.10.0-10295-g576c6382529e #8\n[69832.246626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[69832.249069] Workqueue: kblockd blk_mq_run_work_fn\n[69832.250022] Call Trace:\n[69832.250541] dump_stack+0x9b/0xce\n[69832.251232] ? bfq_dispatch_request+0x1045/0x44b0\n[69832.252243] print_address_description.constprop.6+0x3e/0x60\n[69832.253381] ? __cpuidle_text_end+0x5/0x5\n[69832.254211] ? vprintk_func+0x6b/0x120\n[69832.254994] ? bfq_dispatch_request+0x1045/0x44b0\n[69832.255952] ? bfq_dispatch_request+0x1045/0x44b0\n[69832.256914] kasan_report.cold.9+0x22/0x3a\n[69832.257753] ? bfq_dispatch_request+0x1045/0x44b0\n[69832.258755] check_memory_region+0x1c1/0x1e0\n[69832.260248] bfq_dispatch_request+0x1045/0x44b0\n[69832.261181] ? bfq_bfqq_expire+0x2440/0x2440\n[69832.262032] ? blk_mq_delay_run_hw_queues+0xf9/0x170\n[69832.263022] __blk_mq_do_dispatch_sched+0x52f/0x830\n[69832.264011] ? blk_mq_sched_request_inserted+0x100/0x100\n[69832.265101] __blk_mq_sched_dispatch_requests+0x398/0x4f0\n[69832.266206] ? blk_mq_do_dispatch_ctx+0x570/0x570\n[69832.267147] ? __switch_to+0x5f4/0xee0\n[69832.267898] blk_mq_sched_dispatch_requests+0xdf/0x140\n[69832.268946] __blk_mq_run_hw_queue+0xc0/0x270\n[69832.269840] blk_mq_run_work_fn+0x51/0x60\n[69832.278170] process_one_work+0x6d4/0xfe0\n[69832.278984] worker_thread+0x91/0xc80\n[69832.279726] ? __kthread_parkme+0xb0/0x110\n[69832.280554] ? process_one_work+0xfe0/0xfe0\n[69832.281414] kthread+0x32d/0x3f0\n[69832.282082] ? kthread_park+0x170/0x170\n[69832.282849] ret_from_fork+0x1f/0x30\n[69832.283573]\n[69832.283886] Allocated by task 7725:\n[69832.284599] kasan_save_stack+0x19/0x40\n[69832.285385] __kasan_kmalloc.constprop.2+0xc1/0xd0\n[69832.286350] kmem_cache_alloc_node+0x13f/0x460\n[69832.287237] bfq_get_queue+0x3d4/0x1140\n[69832.287993] bfq_get_bfqq_handle_split+0x103/0x510\n[69832.289015] bfq_init_rq+0x337/0x2d50\n[69832.289749] bfq_insert_requests+0x304/0x4e10\n[69832.290634] blk_mq_sched_insert_requests+0x13e/0x390\n[69832.291629] blk_mq_flush_plug_list+0x4b4/0x760\n[69832.292538] blk_flush_plug_list+0x2c5/0x480\n[69832.293392] io_schedule_prepare+0xb2/0xd0\n[69832.294209] io_schedule_timeout+0x13/0x80\n[69832.295014] wait_for_common_io.constprop.1+0x13c/0x270\n[69832.296137] submit_bio_wait+0x103/0x1a0\n[69832.296932] blkdev_issue_discard+0xe6/0x160\n[69832.297794] blk_ioctl_discard+0x219/0x290\n[69832.298614] blkdev_common_ioctl+0x50a/0x1750\n[69832.304715] blkdev_ioctl+0x470/0x600\n[69832.305474] block_ioctl+0xde/0x120\n[69832.306232] vfs_ioctl+0x6c/0xc0\n[69832.306877] __se_sys_ioctl+0x90/0xa0\n[69832.307629] do_syscall_64+0x2d/0x40\n[69832.308362] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n[69832.309382]\n[69832.309701] Freed by task 155:\n[69832.310328] kasan_save_stack+0x19/0x40\n[69832.311121] kasan_set_track+0x1c/0x30\n[69832.311868] kasan_set_free_info+0x1b/0x30\n[69832.312699] __kasan_slab_free+0x111/0x160\n[69832.313524] kmem_cache_free+0x94/0x460\n[69832.314367] bfq_put_queue+0x582/0x940\n[69832.315112] __bfq_bfqd_reset_in_service+0x166/0x1d0\n[69832.317275] bfq_bfqq_expire+0xb27/0x2440\n[69832.318084] bfq_dispatch_request+0x697/0x44b0\n[69832.318991] __blk_mq_do_dispatch_sched+0x52f/0x830\n[69832.319984] __blk_mq_sched_dispatch_requests+0x398/0x4f0\n[69832.321087] blk_mq_sched_dispatch_requests+0xdf/0x140\n[69832.322225] __blk_mq_run_hw_queue+0xc0/0x270\n[69832.323114] blk_mq_run_work_fn+0x51/0x6\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:38.713Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/74e610b5ee0d95e751280567100509eb11517efa"
},
{
"url": "https://git.kernel.org/stable/c/5117c9ff4c2ebae0f5c2c262d42a25a8fbc086e6"
},
{
"url": "https://git.kernel.org/stable/c/df6e00b1a53c57dca82c63b5ecbcad5452231bc7"
},
{
"url": "https://git.kernel.org/stable/c/080665e2c3cbfc68359b9a348a3546ed9b908e7a"
},
{
"url": "https://git.kernel.org/stable/c/5687958bf18f84384d809f521210d0f5deed03b0"
},
{
"url": "https://git.kernel.org/stable/c/40b4ba0030e0b02cbacd424ebb9f4c8b0976c786"
},
{
"url": "https://git.kernel.org/stable/c/ab552fcb17cc9e4afe0e4ac4df95fc7b30e8490a"
}
],
"title": "bfq: fix use-after-free in bfq_dispatch_request",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49176",
"datePublished": "2025-02-26T01:55:30.586Z",
"dateReserved": "2025-02-26T01:49:39.280Z",
"dateUpdated": "2025-05-04T08:31:38.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57996 (GCVE-0-2024-57996)
Vulnerability from cvelistv5
Published
2025-02-27 02:07
Modified
2025-11-03 19:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net_sched: sch_sfq: don't allow 1 packet limit
The current implementation does not work correctly with a limit of
1. iproute2 actually checks for this and this patch adds the check in
kernel as well.
This fixes the following syzkaller reported crash:
UBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6
index 65535 is out of range for type 'struct sfq_head[128]'
CPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x125/0x19f lib/dump_stack.c:120
ubsan_epilogue lib/ubsan.c:148 [inline]
__ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347
sfq_link net/sched/sch_sfq.c:210 [inline]
sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238
sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500
sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525
qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026
tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319
qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026
dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296
netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]
dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362
__dev_close_many+0x214/0x350 net/core/dev.c:1468
dev_close_many+0x207/0x510 net/core/dev.c:1506
unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738
unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695
unregister_netdevice include/linux/netdevice.h:2893 [inline]
__tun_detach+0x6b6/0x1600 drivers/net/tun.c:689
tun_detach drivers/net/tun.c:705 [inline]
tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640
__fput+0x203/0x840 fs/file_table.c:280
task_work_run+0x129/0x1b0 kernel/task_work.c:185
exit_task_work include/linux/task_work.h:33 [inline]
do_exit+0x5ce/0x2200 kernel/exit.c:931
do_group_exit+0x144/0x310 kernel/exit.c:1046
__do_sys_exit_group kernel/exit.c:1057 [inline]
__se_sys_exit_group kernel/exit.c:1055 [inline]
__x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055
do_syscall_64+0x6c/0xd0
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fe5e7b52479
Code: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.
RSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0
R13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270
The crash can be also be reproduced with the following (with a tc
recompiled to allow for sfq limits of 1):
tc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s
../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1
ifconfig dummy0 up
ping -I dummy0 -f -c2 -W0.1 8.8.8.8
sleep 1
Scenario that triggers the crash:
* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1
* TBF dequeues: it peeks from SFQ which moves the packet to the
gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so
it schedules itself for later.
* the second packet is sent and TBF tries to queues it to SFQ. qdisc
qlen is now 2 and because the SFQ limit is 1 the packet is dropped
by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,
however q->tail is not NULL.
At this point, assuming no more packets are queued, when sch_dequeue
runs again it will decrement the qlen for the current empty slot
causing an underflow and the subsequent out of bounds access.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:33:07.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_sfq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e12f6013d0a69660e8b99bfe381b9546ae667328",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1e6d9d87626cf89eeffb4d943db12cb5b10bf961",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1b562b7f9231432da40d12e19786c1bd7df653a7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "35d0137305ae2f97260a9047f445bd4434bd6cc7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "833e9a1c27b82024db7ff5038a51651f48f05e5e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7d8947f2153ee9c5ab4cb17861a11cc45f30e8c4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7fefc294204f10a3405f175f4ac2be16d63f135e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "10685681bafce6febb39770f3387621bf5d67d0b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_sfq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.239",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.186",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"version": "6.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.297",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.239",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.186",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.129",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.76",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.13",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13.2",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:42:44.697Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e12f6013d0a69660e8b99bfe381b9546ae667328"
},
{
"url": "https://git.kernel.org/stable/c/1e6d9d87626cf89eeffb4d943db12cb5b10bf961"
},
{
"url": "https://git.kernel.org/stable/c/1b562b7f9231432da40d12e19786c1bd7df653a7"
},
{
"url": "https://git.kernel.org/stable/c/35d0137305ae2f97260a9047f445bd4434bd6cc7"
},
{
"url": "https://git.kernel.org/stable/c/833e9a1c27b82024db7ff5038a51651f48f05e5e"
},
{
"url": "https://git.kernel.org/stable/c/7d8947f2153ee9c5ab4cb17861a11cc45f30e8c4"
},
{
"url": "https://git.kernel.org/stable/c/7fefc294204f10a3405f175f4ac2be16d63f135e"
},
{
"url": "https://git.kernel.org/stable/c/10685681bafce6febb39770f3387621bf5d67d0b"
}
],
"title": "net_sched: sch_sfq: don\u0027t allow 1 packet limit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-57996",
"datePublished": "2025-02-27T02:07:16.765Z",
"dateReserved": "2025-02-27T02:04:28.914Z",
"dateUpdated": "2025-11-03T19:33:07.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49545 (GCVE-0-2022-49545)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Cancel pending work at closing a MIDI substream
At closing a USB MIDI output substream, there might be still a pending
work, which would eventually access the rawmidi runtime object that is
being released. For fixing the race, make sure to cancel the pending
work at closing.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/usb/midi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "40bdb5ec957aca5c5c1924602bef6b0ab18e22d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "11868ca21585561659c2575b0d6508ef8e9c4291",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5e5fe2b6065541c6216a7a003b0cddf386be0d2d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "517dcef4d2dda0132648f1e4c079ed17bba4d1a4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0125de38122f0f66bf61336158d12a1aabfe6425",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/usb/midi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Cancel pending work at closing a MIDI substream\n\nAt closing a USB MIDI output substream, there might be still a pending\nwork, which would eventually access the rawmidi runtime object that is\nbeing released. For fixing the race, make sure to cancel the pending\nwork at closing."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:14.387Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/40bdb5ec957aca5c5c1924602bef6b0ab18e22d3"
},
{
"url": "https://git.kernel.org/stable/c/11868ca21585561659c2575b0d6508ef8e9c4291"
},
{
"url": "https://git.kernel.org/stable/c/5e5fe2b6065541c6216a7a003b0cddf386be0d2d"
},
{
"url": "https://git.kernel.org/stable/c/517dcef4d2dda0132648f1e4c079ed17bba4d1a4"
},
{
"url": "https://git.kernel.org/stable/c/0125de38122f0f66bf61336158d12a1aabfe6425"
}
],
"title": "ALSA: usb-audio: Cancel pending work at closing a MIDI substream",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49545",
"datePublished": "2025-02-26T02:13:58.363Z",
"dateReserved": "2025-02-26T02:08:31.590Z",
"dateUpdated": "2025-05-04T08:40:14.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49343 (GCVE-0-2022-49343)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid cycles in directory h-tree
A maliciously corrupted filesystem can contain cycles in the h-tree
stored inside a directory. That can easily lead to the kernel corrupting
tree nodes that were already verified under its hands while doing a node
split and consequently accessing unallocated memory. Fix the problem by
verifying traversed block numbers are unique.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "24b8206fec1db21d7e82f21f0b2ff5e5672cf5b3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b3ad9ff6f06c1dc6abf7437691c88ca3d6da3ac0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e157c8f87e8fac112d6c955e69a60cdb9bc80a60",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ff4cafa51762da3824881a9000ca421d4b78b138",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3a3ce941645407cd0b0b7f01ad9e2ea3770f46cc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d5a16a6df2c16eaf4de04948553ef0089dee463f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6084240bfc44bf265ab6ae7d96980469b05be0f1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3ba733f879c2a88910744647e41edeefbc0d92b2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid cycles in directory h-tree\n\nA maliciously corrupted filesystem can contain cycles in the h-tree\nstored inside a directory. That can easily lead to the kernel corrupting\ntree nodes that were already verified under its hands while doing a node\nsplit and consequently accessing unallocated memory. Fix the problem by\nverifying traversed block numbers are unique."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:42.522Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/24b8206fec1db21d7e82f21f0b2ff5e5672cf5b3"
},
{
"url": "https://git.kernel.org/stable/c/b3ad9ff6f06c1dc6abf7437691c88ca3d6da3ac0"
},
{
"url": "https://git.kernel.org/stable/c/e157c8f87e8fac112d6c955e69a60cdb9bc80a60"
},
{
"url": "https://git.kernel.org/stable/c/ff4cafa51762da3824881a9000ca421d4b78b138"
},
{
"url": "https://git.kernel.org/stable/c/3a3ce941645407cd0b0b7f01ad9e2ea3770f46cc"
},
{
"url": "https://git.kernel.org/stable/c/d5a16a6df2c16eaf4de04948553ef0089dee463f"
},
{
"url": "https://git.kernel.org/stable/c/6084240bfc44bf265ab6ae7d96980469b05be0f1"
},
{
"url": "https://git.kernel.org/stable/c/3ba733f879c2a88910744647e41edeefbc0d92b2"
}
],
"title": "ext4: avoid cycles in directory h-tree",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49343",
"datePublished": "2025-02-26T02:10:59.970Z",
"dateReserved": "2025-02-26T02:08:31.542Z",
"dateUpdated": "2025-05-04T08:35:42.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49581 (GCVE-0-2022-49581)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-05-04 08:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
be2net: Fix buffer overflow in be_get_module_eeprom
be_cmd_read_port_transceiver_data assumes that it is given a buffer that
is at least PAGE_DATA_LEN long, or twice that if the module supports SFF
8472. However, this is not always the case.
Fix this by passing the desired offset and length to
be_cmd_read_port_transceiver_data so that we only copy the bytes once.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e36edd9d26cf257511548edaf2b7a56eb4fed854 Version: e36edd9d26cf257511548edaf2b7a56eb4fed854 Version: e36edd9d26cf257511548edaf2b7a56eb4fed854 Version: e36edd9d26cf257511548edaf2b7a56eb4fed854 Version: e36edd9d26cf257511548edaf2b7a56eb4fed854 Version: e36edd9d26cf257511548edaf2b7a56eb4fed854 Version: e36edd9d26cf257511548edaf2b7a56eb4fed854 Version: e36edd9d26cf257511548edaf2b7a56eb4fed854 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/emulex/benet/be_cmds.c",
"drivers/net/ethernet/emulex/benet/be_cmds.h",
"drivers/net/ethernet/emulex/benet/be_ethtool.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a5a8fc0679a8fd58d47aa2ebcfc5742631f753f9",
"status": "affected",
"version": "e36edd9d26cf257511548edaf2b7a56eb4fed854",
"versionType": "git"
},
{
"lessThan": "fe4473fc7940f14c4a12db873b9729134c212654",
"status": "affected",
"version": "e36edd9d26cf257511548edaf2b7a56eb4fed854",
"versionType": "git"
},
{
"lessThan": "8ff4f9df73e5c551a72ee6034886c17e8de6596d",
"status": "affected",
"version": "e36edd9d26cf257511548edaf2b7a56eb4fed854",
"versionType": "git"
},
{
"lessThan": "a8569f76df7ec5b4b51155c57523a0b356db5741",
"status": "affected",
"version": "e36edd9d26cf257511548edaf2b7a56eb4fed854",
"versionType": "git"
},
{
"lessThan": "665cbe91de2f7c97c51ca8fce39aae26477c1948",
"status": "affected",
"version": "e36edd9d26cf257511548edaf2b7a56eb4fed854",
"versionType": "git"
},
{
"lessThan": "aba8ff847f4f927ad7a1a1ee4a9f29989a1a728f",
"status": "affected",
"version": "e36edd9d26cf257511548edaf2b7a56eb4fed854",
"versionType": "git"
},
{
"lessThan": "18043da94c023f3ef09c15017bdb04e8f695ef10",
"status": "affected",
"version": "e36edd9d26cf257511548edaf2b7a56eb4fed854",
"versionType": "git"
},
{
"lessThan": "d7241f679a59cfe27f92cb5c6272cb429fb1f7ec",
"status": "affected",
"version": "e36edd9d26cf257511548edaf2b7a56eb4fed854",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/emulex/benet/be_cmds.c",
"drivers/net/ethernet/emulex/benet/be_cmds.h",
"drivers/net/ethernet/emulex/benet/be_ethtool.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.325",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.290",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.254",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.208",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.325",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.290",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.254",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.208",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.134",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: Fix buffer overflow in be_get_module_eeprom\n\nbe_cmd_read_port_transceiver_data assumes that it is given a buffer that\nis at least PAGE_DATA_LEN long, or twice that if the module supports SFF\n8472. However, this is not always the case.\n\nFix this by passing the desired offset and length to\nbe_cmd_read_port_transceiver_data so that we only copy the bytes once."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:41:06.565Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a5a8fc0679a8fd58d47aa2ebcfc5742631f753f9"
},
{
"url": "https://git.kernel.org/stable/c/fe4473fc7940f14c4a12db873b9729134c212654"
},
{
"url": "https://git.kernel.org/stable/c/8ff4f9df73e5c551a72ee6034886c17e8de6596d"
},
{
"url": "https://git.kernel.org/stable/c/a8569f76df7ec5b4b51155c57523a0b356db5741"
},
{
"url": "https://git.kernel.org/stable/c/665cbe91de2f7c97c51ca8fce39aae26477c1948"
},
{
"url": "https://git.kernel.org/stable/c/aba8ff847f4f927ad7a1a1ee4a9f29989a1a728f"
},
{
"url": "https://git.kernel.org/stable/c/18043da94c023f3ef09c15017bdb04e8f695ef10"
},
{
"url": "https://git.kernel.org/stable/c/d7241f679a59cfe27f92cb5c6272cb429fb1f7ec"
}
],
"title": "be2net: Fix buffer overflow in be_get_module_eeprom",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49581",
"datePublished": "2025-02-26T02:23:19.148Z",
"dateReserved": "2025-02-26T02:21:30.412Z",
"dateUpdated": "2025-05-04T08:41:06.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49305 (GCVE-0-2022-49305)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
There is a deadlock in ieee80211_beacons_stop(), which is shown below:
(Thread 1) | (Thread 2)
| ieee80211_send_beacon()
ieee80211_beacons_stop() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | ieee80211_send_beacon_cb()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold ieee->beacon_lock in position (1) of thread 1 and use
del_timer_sync() to wait timer to stop, but timer handler
also need ieee->beacon_lock in position (2) of thread 2.
As a result, ieee80211_beacons_stop() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_irqsave(), which could let timer handler to obtain
the needed lock.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:29.816182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:58.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b465bb2ebf666116c1ac745cb80c65154dc0d27e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1fbe033c52480f7954c057510040fa6286c4ea25",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "66f769762f65d957f688f3258755c6ec410bf710",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "042915c1bfedd684c1d98a841794ee203200571a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ffc9cab7243f8151be37966301307bfd3cda2db3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b34cb54923a6e5ddefbaf358c85c922c6ab456e2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "806c7b53414934ba2a39449b31fd1a038e500273",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()\n\nThere is a deadlock in ieee80211_beacons_stop(), which is shown below:\n\n (Thread 1) | (Thread 2)\n | ieee80211_send_beacon()\nieee80211_beacons_stop() | mod_timer()\n spin_lock_irqsave() //(1) | (wait a time)\n ... | ieee80211_send_beacon_cb()\n del_timer_sync() | spin_lock_irqsave() //(2)\n (wait timer to stop) | ...\n\nWe hold ieee-\u003ebeacon_lock in position (1) of thread 1 and use\ndel_timer_sync() to wait timer to stop, but timer handler\nalso need ieee-\u003ebeacon_lock in position (2) of thread 2.\nAs a result, ieee80211_beacons_stop() will block forever.\n\nThis patch extracts del_timer_sync() from the protection of\nspin_lock_irqsave(), which could let timer handler to obtain\nthe needed lock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:43.932Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b465bb2ebf666116c1ac745cb80c65154dc0d27e"
},
{
"url": "https://git.kernel.org/stable/c/1fbe033c52480f7954c057510040fa6286c4ea25"
},
{
"url": "https://git.kernel.org/stable/c/66f769762f65d957f688f3258755c6ec410bf710"
},
{
"url": "https://git.kernel.org/stable/c/042915c1bfedd684c1d98a841794ee203200571a"
},
{
"url": "https://git.kernel.org/stable/c/ffc9cab7243f8151be37966301307bfd3cda2db3"
},
{
"url": "https://git.kernel.org/stable/c/b34cb54923a6e5ddefbaf358c85c922c6ab456e2"
},
{
"url": "https://git.kernel.org/stable/c/806c7b53414934ba2a39449b31fd1a038e500273"
}
],
"title": "drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49305",
"datePublished": "2025-02-26T02:10:38.212Z",
"dateReserved": "2025-02-26T02:08:31.535Z",
"dateUpdated": "2025-10-01T19:46:58.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49268 (GCVE-0-2022-49268)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
Do not call snd_dma_free_pages() when snd_dma_alloc_pages() returns
-ENOMEM because it leads to a NULL pointer dereference bug.
The dmesg says:
[ T1387] sof-audio-pci-intel-tgl 0000:00:1f.3: error: memory alloc failed: -12
[ T1387] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ T1387] #PF: supervisor read access in kernel mode
[ T1387] #PF: error_code(0x0000) - not-present page
[ T1387] PGD 0 P4D 0
[ T1387] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ T1387] CPU: 6 PID: 1387 Comm: alsa-sink-HDA A Tainted: G W 5.17.0-rc4-superb-owl-00055-g80d47f5de5e3
[ T1387] Hardware name: HP HP Laptop 14s-dq2xxx/87FD, BIOS F.15 09/15/2021
[ T1387] RIP: 0010:dma_free_noncontiguous+0x37/0x80
[ T1387] Code: [... snip ...]
[ T1387] RSP: 0000:ffffc90002b87770 EFLAGS: 00010246
[ T1387] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ T1387] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888101db30d0
[ T1387] RBP: 00000000fffffff4 R08: 0000000000000000 R09: 0000000000000000
[ T1387] R10: 0000000000000000 R11: ffffc90002b874d0 R12: 0000000000000001
[ T1387] R13: 0000000000058000 R14: ffff888105260c68 R15: ffff888105260828
[ T1387] FS: 00007f42e2ffd640(0000) GS:ffff888466b80000(0000) knlGS:0000000000000000
[ T1387] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ T1387] CR2: 0000000000000000 CR3: 000000014acf0003 CR4: 0000000000770ee0
[ T1387] PKRU: 55555554
[ T1387] Call Trace:
[ T1387] <TASK>
[ T1387] cl_stream_prepare+0x10a/0x120 [snd_sof_intel_hda_common 146addf995b9279ae7f509621078cccbe4f875e1]
[... snip ...]
[ T1387] </TASK>
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d16046ffa6de040bf580a64d5f4d0aa18258a854 Version: d16046ffa6de040bf580a64d5f4d0aa18258a854 Version: d16046ffa6de040bf580a64d5f4d0aa18258a854 Version: d16046ffa6de040bf580a64d5f4d0aa18258a854 Version: d16046ffa6de040bf580a64d5f4d0aa18258a854 Version: d16046ffa6de040bf580a64d5f4d0aa18258a854 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/sof/intel/hda-loader.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "01df5f7627f1624d6bb0b8c0870a569b32adfbf8",
"status": "affected",
"version": "d16046ffa6de040bf580a64d5f4d0aa18258a854",
"versionType": "git"
},
{
"lessThan": "0c307349fe060971625b856c92f0361b8ea9a120",
"status": "affected",
"version": "d16046ffa6de040bf580a64d5f4d0aa18258a854",
"versionType": "git"
},
{
"lessThan": "b6094744e261083d3790c3def770ebf5060d383b",
"status": "affected",
"version": "d16046ffa6de040bf580a64d5f4d0aa18258a854",
"versionType": "git"
},
{
"lessThan": "09eca322d4118dc26570ca6100fa34e59e5a5143",
"status": "affected",
"version": "d16046ffa6de040bf580a64d5f4d0aa18258a854",
"versionType": "git"
},
{
"lessThan": "67f7bd9ff9079c1ee2de58e024fb582905c74c16",
"status": "affected",
"version": "d16046ffa6de040bf580a64d5f4d0aa18258a854",
"versionType": "git"
},
{
"lessThan": "b7fb0ae09009d076964afe4c1a2bde1ee2bd88a9",
"status": "affected",
"version": "d16046ffa6de040bf580a64d5f4d0aa18258a854",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/sof/intel/hda-loader.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM\n\nDo not call snd_dma_free_pages() when snd_dma_alloc_pages() returns\n-ENOMEM because it leads to a NULL pointer dereference bug.\n\nThe dmesg says:\n\n [ T1387] sof-audio-pci-intel-tgl 0000:00:1f.3: error: memory alloc failed: -12\n [ T1387] BUG: kernel NULL pointer dereference, address: 0000000000000000\n [ T1387] #PF: supervisor read access in kernel mode\n [ T1387] #PF: error_code(0x0000) - not-present page\n [ T1387] PGD 0 P4D 0\n [ T1387] Oops: 0000 [#1] PREEMPT SMP NOPTI\n [ T1387] CPU: 6 PID: 1387 Comm: alsa-sink-HDA A Tainted: G W 5.17.0-rc4-superb-owl-00055-g80d47f5de5e3\n [ T1387] Hardware name: HP HP Laptop 14s-dq2xxx/87FD, BIOS F.15 09/15/2021\n [ T1387] RIP: 0010:dma_free_noncontiguous+0x37/0x80\n [ T1387] Code: [... snip ...]\n [ T1387] RSP: 0000:ffffc90002b87770 EFLAGS: 00010246\n [ T1387] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n [ T1387] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888101db30d0\n [ T1387] RBP: 00000000fffffff4 R08: 0000000000000000 R09: 0000000000000000\n [ T1387] R10: 0000000000000000 R11: ffffc90002b874d0 R12: 0000000000000001\n [ T1387] R13: 0000000000058000 R14: ffff888105260c68 R15: ffff888105260828\n [ T1387] FS: 00007f42e2ffd640(0000) GS:ffff888466b80000(0000) knlGS:0000000000000000\n [ T1387] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ T1387] CR2: 0000000000000000 CR3: 000000014acf0003 CR4: 0000000000770ee0\n [ T1387] PKRU: 55555554\n [ T1387] Call Trace:\n [ T1387] \u003cTASK\u003e\n [ T1387] cl_stream_prepare+0x10a/0x120 [snd_sof_intel_hda_common 146addf995b9279ae7f509621078cccbe4f875e1]\n [... snip ...]\n [ T1387] \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:44.684Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/01df5f7627f1624d6bb0b8c0870a569b32adfbf8"
},
{
"url": "https://git.kernel.org/stable/c/0c307349fe060971625b856c92f0361b8ea9a120"
},
{
"url": "https://git.kernel.org/stable/c/b6094744e261083d3790c3def770ebf5060d383b"
},
{
"url": "https://git.kernel.org/stable/c/09eca322d4118dc26570ca6100fa34e59e5a5143"
},
{
"url": "https://git.kernel.org/stable/c/67f7bd9ff9079c1ee2de58e024fb582905c74c16"
},
{
"url": "https://git.kernel.org/stable/c/b7fb0ae09009d076964afe4c1a2bde1ee2bd88a9"
}
],
"title": "ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49268",
"datePublished": "2025-02-26T01:56:16.713Z",
"dateReserved": "2025-02-26T01:49:39.297Z",
"dateUpdated": "2025-05-04T08:33:44.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49357 (GCVE-0-2022-49357)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-05-04 08:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
efi: Do not import certificates from UEFI Secure Boot for T2 Macs
On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables
at early boot to load UEFI Secure Boot certificates, a page fault occurs
in Apple firmware code and EFI runtime services are disabled with the
following logs:
[Firmware Bug]: Page fault caused by firmware at PA: 0xffffb1edc0068000
WARNING: CPU: 3 PID: 104 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x50/0xf0
(Removed some logs from here)
Call Trace:
<TASK>
page_fault_oops+0x4f/0x2c0
? search_bpf_extables+0x6b/0x80
? search_module_extables+0x50/0x80
? search_exception_tables+0x5b/0x60
kernelmode_fixup_or_oops+0x9e/0x110
__bad_area_nosemaphore+0x155/0x190
bad_area_nosemaphore+0x16/0x20
do_kern_addr_fault+0x8c/0xa0
exc_page_fault+0xd8/0x180
asm_exc_page_fault+0x1e/0x30
(Removed some logs from here)
? __efi_call+0x28/0x30
? switch_mm+0x20/0x30
? efi_call_rts+0x19a/0x8e0
? process_one_work+0x222/0x3f0
? worker_thread+0x4a/0x3d0
? kthread+0x17a/0x1a0
? process_one_work+0x3f0/0x3f0
? set_kthread_struct+0x40/0x40
? ret_from_fork+0x22/0x30
</TASK>
---[ end trace 1f82023595a5927f ]---
efi: Froze efi_rts_wq and disabled EFI Runtime Services
integrity: Couldn't get size: 0x8000000000000015
integrity: MODSIGN: Couldn't get UEFI db list
efi: EFI Runtime Services are disabled!
integrity: Couldn't get size: 0x8000000000000015
integrity: Couldn't get UEFI dbx list
integrity: Couldn't get size: 0x8000000000000015
integrity: Couldn't get mokx list
integrity: Couldn't get size: 0x80000000
So we avoid reading these UEFI variables and thus prevent the crash.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 15ea0e1e3e185040bed6119f815096f2e4326242 Version: 15ea0e1e3e185040bed6119f815096f2e4326242 Version: 15ea0e1e3e185040bed6119f815096f2e4326242 Version: 15ea0e1e3e185040bed6119f815096f2e4326242 Version: 15ea0e1e3e185040bed6119f815096f2e4326242 Version: 15ea0e1e3e185040bed6119f815096f2e4326242 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/integrity/platform_certs/keyring_handler.h",
"security/integrity/platform_certs/load_uefi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b1cda6dd2c44771f042d65f0d17bec322ef99a0a",
"status": "affected",
"version": "15ea0e1e3e185040bed6119f815096f2e4326242",
"versionType": "git"
},
{
"lessThan": "c072cab98bac11f6ef9db640fb51834d9552e2e6",
"status": "affected",
"version": "15ea0e1e3e185040bed6119f815096f2e4326242",
"versionType": "git"
},
{
"lessThan": "65237307f88f5200782ae7f243bdd385e37cde5d",
"status": "affected",
"version": "15ea0e1e3e185040bed6119f815096f2e4326242",
"versionType": "git"
},
{
"lessThan": "b34786b25d75f9c119696e6bdf3827f54ae3601b",
"status": "affected",
"version": "15ea0e1e3e185040bed6119f815096f2e4326242",
"versionType": "git"
},
{
"lessThan": "1f7264f0510f519b4e4f575a8f0579ea65e7592e",
"status": "affected",
"version": "15ea0e1e3e185040bed6119f815096f2e4326242",
"versionType": "git"
},
{
"lessThan": "155ca952c7ca19aa32ecfb7373a32bbc2e1ec6eb",
"status": "affected",
"version": "15ea0e1e3e185040bed6119f815096f2e4326242",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/integrity/platform_certs/keyring_handler.h",
"security/integrity/platform_certs/load_uefi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: Do not import certificates from UEFI Secure Boot for T2 Macs\n\nOn Apple T2 Macs, when Linux attempts to read the db and dbx efi variables\nat early boot to load UEFI Secure Boot certificates, a page fault occurs\nin Apple firmware code and EFI runtime services are disabled with the\nfollowing logs:\n\n[Firmware Bug]: Page fault caused by firmware at PA: 0xffffb1edc0068000\nWARNING: CPU: 3 PID: 104 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x50/0xf0\n(Removed some logs from here)\nCall Trace:\n \u003cTASK\u003e\n page_fault_oops+0x4f/0x2c0\n ? search_bpf_extables+0x6b/0x80\n ? search_module_extables+0x50/0x80\n ? search_exception_tables+0x5b/0x60\n kernelmode_fixup_or_oops+0x9e/0x110\n __bad_area_nosemaphore+0x155/0x190\n bad_area_nosemaphore+0x16/0x20\n do_kern_addr_fault+0x8c/0xa0\n exc_page_fault+0xd8/0x180\n asm_exc_page_fault+0x1e/0x30\n(Removed some logs from here)\n ? __efi_call+0x28/0x30\n ? switch_mm+0x20/0x30\n ? efi_call_rts+0x19a/0x8e0\n ? process_one_work+0x222/0x3f0\n ? worker_thread+0x4a/0x3d0\n ? kthread+0x17a/0x1a0\n ? process_one_work+0x3f0/0x3f0\n ? set_kthread_struct+0x40/0x40\n ? ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n---[ end trace 1f82023595a5927f ]---\nefi: Froze efi_rts_wq and disabled EFI Runtime Services\nintegrity: Couldn\u0027t get size: 0x8000000000000015\nintegrity: MODSIGN: Couldn\u0027t get UEFI db list\nefi: EFI Runtime Services are disabled!\nintegrity: Couldn\u0027t get size: 0x8000000000000015\nintegrity: Couldn\u0027t get UEFI dbx list\nintegrity: Couldn\u0027t get size: 0x8000000000000015\nintegrity: Couldn\u0027t get mokx list\nintegrity: Couldn\u0027t get size: 0x80000000\n\nSo we avoid reading these UEFI variables and thus prevent the crash."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:35:58.200Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b1cda6dd2c44771f042d65f0d17bec322ef99a0a"
},
{
"url": "https://git.kernel.org/stable/c/c072cab98bac11f6ef9db640fb51834d9552e2e6"
},
{
"url": "https://git.kernel.org/stable/c/65237307f88f5200782ae7f243bdd385e37cde5d"
},
{
"url": "https://git.kernel.org/stable/c/b34786b25d75f9c119696e6bdf3827f54ae3601b"
},
{
"url": "https://git.kernel.org/stable/c/1f7264f0510f519b4e4f575a8f0579ea65e7592e"
},
{
"url": "https://git.kernel.org/stable/c/155ca952c7ca19aa32ecfb7373a32bbc2e1ec6eb"
}
],
"title": "efi: Do not import certificates from UEFI Secure Boot for T2 Macs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49357",
"datePublished": "2025-02-26T02:11:06.931Z",
"dateReserved": "2025-02-26T02:08:31.546Z",
"dateUpdated": "2025-05-04T08:35:58.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49400 (GCVE-0-2022-49400)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
md: Don't set mddev private to NULL in raid0 pers->free
In normal stop process, it does like this:
do_md_stop
|
__md_stop (pers->free(); mddev->private=NULL)
|
md_free (free mddev)
__md_stop sets mddev->private to NULL after pers->free. The raid device
will be stopped and mddev memory is free. But in reshape, it doesn't
free the mddev and mddev will still be used in new raid.
In reshape, it first sets mddev->private to new_pers and then runs
old_pers->free(). Now raid0 sets mddev->private to NULL in raid0_free.
The new raid can't work anymore. It will panic when dereference
mddev->private because of NULL pointer dereference.
It can panic like this:
[63010.814972] kernel BUG at drivers/md/raid10.c:928!
[63010.819778] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[63010.825011] CPU: 3 PID: 44437 Comm: md0_resync Kdump: loaded Not tainted 5.14.0-86.el9.x86_64 #1
[63010.833789] Hardware name: Dell Inc. PowerEdge R6415/07YXFK, BIOS 1.15.0 09/11/2020
[63010.841440] RIP: 0010:raise_barrier+0x161/0x170 [raid10]
[63010.865508] RSP: 0018:ffffc312408bbc10 EFLAGS: 00010246
[63010.870734] RAX: 0000000000000000 RBX: ffffa00bf7d39800 RCX: 0000000000000000
[63010.877866] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffa00bf7d39800
[63010.884999] RBP: 0000000000000000 R08: fffffa4945e74400 R09: 0000000000000000
[63010.892132] R10: ffffa00eed02f798 R11: 0000000000000000 R12: ffffa00bbc435200
[63010.899266] R13: ffffa00bf7d39800 R14: 0000000000000400 R15: 0000000000000003
[63010.906399] FS: 0000000000000000(0000) GS:ffffa00eed000000(0000) knlGS:0000000000000000
[63010.914485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[63010.920229] CR2: 00007f5cfbe99828 CR3: 0000000105efe000 CR4: 00000000003506e0
[63010.927363] Call Trace:
[63010.929822] ? bio_reset+0xe/0x40
[63010.933144] ? raid10_alloc_init_r10buf+0x60/0xa0 [raid10]
[63010.938629] raid10_sync_request+0x756/0x1610 [raid10]
[63010.943770] md_do_sync.cold+0x3e4/0x94c
[63010.947698] md_thread+0xab/0x160
[63010.951024] ? md_write_inc+0x50/0x50
[63010.954688] kthread+0x149/0x170
[63010.957923] ? set_kthread_struct+0x40/0x40
[63010.962107] ret_from_fork+0x22/0x30
Removing the code that sets mddev->private to NULL in raid0 can fix
problem.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:25.016328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:50.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/raid0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f63fd1e0e0fc158023cc67ea6a07e278019061ba",
"status": "affected",
"version": "00e3d58f50a875343124bcf5a9637520a492b0d1",
"versionType": "git"
},
{
"lessThan": "b7a51df785031cc49caf1c59766ca89cfa97b54b",
"status": "affected",
"version": "0c031fd37f69deb0cd8c43bbfcfccd62ebd7e952",
"versionType": "git"
},
{
"lessThan": "7da3454a65f8a56e65dfb44fa0ccac08cbc2f5a1",
"status": "affected",
"version": "0c031fd37f69deb0cd8c43bbfcfccd62ebd7e952",
"versionType": "git"
},
{
"lessThan": "0f2571ad7a30ff6b33cde142439f9378669f8b4f",
"status": "affected",
"version": "0c031fd37f69deb0cd8c43bbfcfccd62ebd7e952",
"versionType": "git"
},
{
"status": "affected",
"version": "92053ae0398a58c6914e807d5e070297ba8cfe88",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/raid0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\u0027t set mddev private to NULL in raid0 pers-\u003efree\n\nIn normal stop process, it does like this:\n do_md_stop\n |\n __md_stop (pers-\u003efree(); mddev-\u003eprivate=NULL)\n |\n md_free (free mddev)\n__md_stop sets mddev-\u003eprivate to NULL after pers-\u003efree. The raid device\nwill be stopped and mddev memory is free. But in reshape, it doesn\u0027t\nfree the mddev and mddev will still be used in new raid.\n\nIn reshape, it first sets mddev-\u003eprivate to new_pers and then runs\nold_pers-\u003efree(). Now raid0 sets mddev-\u003eprivate to NULL in raid0_free.\nThe new raid can\u0027t work anymore. It will panic when dereference\nmddev-\u003eprivate because of NULL pointer dereference.\n\nIt can panic like this:\n[63010.814972] kernel BUG at drivers/md/raid10.c:928!\n[63010.819778] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[63010.825011] CPU: 3 PID: 44437 Comm: md0_resync Kdump: loaded Not tainted 5.14.0-86.el9.x86_64 #1\n[63010.833789] Hardware name: Dell Inc. PowerEdge R6415/07YXFK, BIOS 1.15.0 09/11/2020\n[63010.841440] RIP: 0010:raise_barrier+0x161/0x170 [raid10]\n[63010.865508] RSP: 0018:ffffc312408bbc10 EFLAGS: 00010246\n[63010.870734] RAX: 0000000000000000 RBX: ffffa00bf7d39800 RCX: 0000000000000000\n[63010.877866] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffa00bf7d39800\n[63010.884999] RBP: 0000000000000000 R08: fffffa4945e74400 R09: 0000000000000000\n[63010.892132] R10: ffffa00eed02f798 R11: 0000000000000000 R12: ffffa00bbc435200\n[63010.899266] R13: ffffa00bf7d39800 R14: 0000000000000400 R15: 0000000000000003\n[63010.906399] FS: 0000000000000000(0000) GS:ffffa00eed000000(0000) knlGS:0000000000000000\n[63010.914485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[63010.920229] CR2: 00007f5cfbe99828 CR3: 0000000105efe000 CR4: 00000000003506e0\n[63010.927363] Call Trace:\n[63010.929822] ? bio_reset+0xe/0x40\n[63010.933144] ? raid10_alloc_init_r10buf+0x60/0xa0 [raid10]\n[63010.938629] raid10_sync_request+0x756/0x1610 [raid10]\n[63010.943770] md_do_sync.cold+0x3e4/0x94c\n[63010.947698] md_thread+0xab/0x160\n[63010.951024] ? md_write_inc+0x50/0x50\n[63010.954688] kthread+0x149/0x170\n[63010.957923] ? set_kthread_struct+0x40/0x40\n[63010.962107] ret_from_fork+0x22/0x30\n\nRemoving the code that sets mddev-\u003eprivate to NULL in raid0 can fix\nproblem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:44:38.073Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f63fd1e0e0fc158023cc67ea6a07e278019061ba"
},
{
"url": "https://git.kernel.org/stable/c/b7a51df785031cc49caf1c59766ca89cfa97b54b"
},
{
"url": "https://git.kernel.org/stable/c/7da3454a65f8a56e65dfb44fa0ccac08cbc2f5a1"
},
{
"url": "https://git.kernel.org/stable/c/0f2571ad7a30ff6b33cde142439f9378669f8b4f"
}
],
"title": "md: Don\u0027t set mddev private to NULL in raid0 pers-\u003efree",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49400",
"datePublished": "2025-02-26T02:12:28.139Z",
"dateReserved": "2025-02-26T02:08:31.564Z",
"dateUpdated": "2025-10-01T19:46:50.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49724 (GCVE-0-2022-49724)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: goldfish: Fix free_irq() on remove
Pass the correct dev_id to free_irq() to fix this splat when the driver
is unbound:
WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq
Trying to free already-free IRQ 65
Call Trace:
warn_slowpath_fmt
free_irq
goldfish_tty_remove
platform_remove
device_remove
device_release_driver_internal
device_driver_detach
unbind_store
drv_attr_store
...
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 465893e18878e119d8d0255439fad8debbd646fd Version: 465893e18878e119d8d0255439fad8debbd646fd Version: 465893e18878e119d8d0255439fad8debbd646fd Version: 465893e18878e119d8d0255439fad8debbd646fd Version: 465893e18878e119d8d0255439fad8debbd646fd Version: 465893e18878e119d8d0255439fad8debbd646fd Version: 465893e18878e119d8d0255439fad8debbd646fd |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/goldfish.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c4b0b8edccb0cfb15a8cecf4161e0571d3daac64",
"status": "affected",
"version": "465893e18878e119d8d0255439fad8debbd646fd",
"versionType": "git"
},
{
"lessThan": "c83a1d40dc624070a203eb383ef9fb60eb634136",
"status": "affected",
"version": "465893e18878e119d8d0255439fad8debbd646fd",
"versionType": "git"
},
{
"lessThan": "f7183c76d500324b8b5bd0af5e663cfa57b7b836",
"status": "affected",
"version": "465893e18878e119d8d0255439fad8debbd646fd",
"versionType": "git"
},
{
"lessThan": "65ca4db68b6819244df9024aea4be55edf8af1ef",
"status": "affected",
"version": "465893e18878e119d8d0255439fad8debbd646fd",
"versionType": "git"
},
{
"lessThan": "fb15e79cacddfbc62264e6e807bde50ad688e988",
"status": "affected",
"version": "465893e18878e119d8d0255439fad8debbd646fd",
"versionType": "git"
},
{
"lessThan": "a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8",
"status": "affected",
"version": "465893e18878e119d8d0255439fad8debbd646fd",
"versionType": "git"
},
{
"lessThan": "499e13aac6c762e1e828172b0f0f5275651d6512",
"status": "affected",
"version": "465893e18878e119d8d0255439fad8debbd646fd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/goldfish.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.285",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.249",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"versionStartIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: goldfish: Fix free_irq() on remove\n\nPass the correct dev_id to free_irq() to fix this splat when the driver\nis unbound:\n\n WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq\n Trying to free already-free IRQ 65\n Call Trace:\n warn_slowpath_fmt\n free_irq\n goldfish_tty_remove\n platform_remove\n device_remove\n device_release_driver_internal\n device_driver_detach\n unbind_store\n drv_attr_store\n ..."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:44:07.784Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c4b0b8edccb0cfb15a8cecf4161e0571d3daac64"
},
{
"url": "https://git.kernel.org/stable/c/c83a1d40dc624070a203eb383ef9fb60eb634136"
},
{
"url": "https://git.kernel.org/stable/c/f7183c76d500324b8b5bd0af5e663cfa57b7b836"
},
{
"url": "https://git.kernel.org/stable/c/65ca4db68b6819244df9024aea4be55edf8af1ef"
},
{
"url": "https://git.kernel.org/stable/c/fb15e79cacddfbc62264e6e807bde50ad688e988"
},
{
"url": "https://git.kernel.org/stable/c/a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8"
},
{
"url": "https://git.kernel.org/stable/c/499e13aac6c762e1e828172b0f0f5275651d6512"
}
],
"title": "tty: goldfish: Fix free_irq() on remove",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49724",
"datePublished": "2025-02-26T02:24:36.699Z",
"dateReserved": "2025-02-26T02:21:30.447Z",
"dateUpdated": "2025-05-04T08:44:07.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49376 (GCVE-0-2022-49376)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: sd: Fix potential NULL pointer dereference
If sd_probe() sees an early error before sdkp->device is initialized,
sd_zbc_release_disk() is called. This causes a NULL pointer dereference
when sd_is_zoned() is called inside that function. Avoid this by removing
the call to sd_zbc_release_disk() in sd_probe() error path.
This change is safe and does not result in zone information memory leakage
because the zone information for a zoned disk is allocated only when
sd_revalidate_disk() is called, at which point sdkp->disk_dev is fully set,
resulting in sd_disk_release() being called when needed to cleanup a disk
zone information using sd_zbc_release_disk().
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:58.424102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:52.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/sd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c1f0187025905e9981000d44a92e159468b561a8",
"status": "affected",
"version": "89d9475610771b5e5fe1879075f0fc9ba6e3755f",
"versionType": "git"
},
{
"lessThan": "0fcb0b131cc90c8f523a293d84c58d0c7273c96f",
"status": "affected",
"version": "89d9475610771b5e5fe1879075f0fc9ba6e3755f",
"versionType": "git"
},
{
"lessThan": "78f8e96df06e2d04d82d4071c299b59d28744f47",
"status": "affected",
"version": "89d9475610771b5e5fe1879075f0fc9ba6e3755f",
"versionType": "git"
},
{
"lessThan": "3733439593ad12f7b54ae35c273ea6f15d692de3",
"status": "affected",
"version": "89d9475610771b5e5fe1879075f0fc9ba6e3755f",
"versionType": "git"
},
{
"lessThan": "05fbde3a77a4f1d62e4c4428f384288c1f1a0be5",
"status": "affected",
"version": "89d9475610771b5e5fe1879075f0fc9ba6e3755f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/sd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sd: Fix potential NULL pointer dereference\n\nIf sd_probe() sees an early error before sdkp-\u003edevice is initialized,\nsd_zbc_release_disk() is called. This causes a NULL pointer dereference\nwhen sd_is_zoned() is called inside that function. Avoid this by removing\nthe call to sd_zbc_release_disk() in sd_probe() error path.\n\nThis change is safe and does not result in zone information memory leakage\nbecause the zone information for a zoned disk is allocated only when\nsd_revalidate_disk() is called, at which point sdkp-\u003edisk_dev is fully set,\nresulting in sd_disk_release() being called when needed to cleanup a disk\nzone information using sd_zbc_release_disk()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:22.066Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c1f0187025905e9981000d44a92e159468b561a8"
},
{
"url": "https://git.kernel.org/stable/c/0fcb0b131cc90c8f523a293d84c58d0c7273c96f"
},
{
"url": "https://git.kernel.org/stable/c/78f8e96df06e2d04d82d4071c299b59d28744f47"
},
{
"url": "https://git.kernel.org/stable/c/3733439593ad12f7b54ae35c273ea6f15d692de3"
},
{
"url": "https://git.kernel.org/stable/c/05fbde3a77a4f1d62e4c4428f384288c1f1a0be5"
}
],
"title": "scsi: sd: Fix potential NULL pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49376",
"datePublished": "2025-02-26T02:11:16.118Z",
"dateReserved": "2025-02-26T02:08:31.558Z",
"dateUpdated": "2025-10-01T19:46:52.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49206 (GCVE-0-2022-49206)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
In case the second xa_insert() fails, the obj_event is not released. Fix
the error unwind flow to free that memory to avoid a memory leak.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 7597385371425febdaa8c6a1da3625d4ffff16f5 Version: 7597385371425febdaa8c6a1da3625d4ffff16f5 Version: 7597385371425febdaa8c6a1da3625d4ffff16f5 Version: 7597385371425febdaa8c6a1da3625d4ffff16f5 Version: 7597385371425febdaa8c6a1da3625d4ffff16f5 Version: 7597385371425febdaa8c6a1da3625d4ffff16f5 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:47:07.712082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:56:58.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/mlx5/devx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0174a89663a5ef83617da15bf24c0af2f62b6c7f",
"status": "affected",
"version": "7597385371425febdaa8c6a1da3625d4ffff16f5",
"versionType": "git"
},
{
"lessThan": "c98d903ff9e79c210beddea4e6bc15ac38e25aa5",
"status": "affected",
"version": "7597385371425febdaa8c6a1da3625d4ffff16f5",
"versionType": "git"
},
{
"lessThan": "8dd392e352d3269938fea32061a74655a613f929",
"status": "affected",
"version": "7597385371425febdaa8c6a1da3625d4ffff16f5",
"versionType": "git"
},
{
"lessThan": "d66498507801fd9a20307a15a0814a0a016c3cde",
"status": "affected",
"version": "7597385371425febdaa8c6a1da3625d4ffff16f5",
"versionType": "git"
},
{
"lessThan": "414b4e8738484379f18d6c4e780787c80dbf8a2c",
"status": "affected",
"version": "7597385371425febdaa8c6a1da3625d4ffff16f5",
"versionType": "git"
},
{
"lessThan": "087f9c3f2309ed183f7e4b85ae57121d8663224d",
"status": "affected",
"version": "7597385371425febdaa8c6a1da3625d4ffff16f5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/mlx5/devx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix memory leak in error flow for subscribe event routine\n\nIn case the second xa_insert() fails, the obj_event is not released. Fix\nthe error unwind flow to free that memory to avoid a memory leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:32:21.031Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0174a89663a5ef83617da15bf24c0af2f62b6c7f"
},
{
"url": "https://git.kernel.org/stable/c/c98d903ff9e79c210beddea4e6bc15ac38e25aa5"
},
{
"url": "https://git.kernel.org/stable/c/8dd392e352d3269938fea32061a74655a613f929"
},
{
"url": "https://git.kernel.org/stable/c/d66498507801fd9a20307a15a0814a0a016c3cde"
},
{
"url": "https://git.kernel.org/stable/c/414b4e8738484379f18d6c4e780787c80dbf8a2c"
},
{
"url": "https://git.kernel.org/stable/c/087f9c3f2309ed183f7e4b85ae57121d8663224d"
}
],
"title": "RDMA/mlx5: Fix memory leak in error flow for subscribe event routine",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49206",
"datePublished": "2025-02-26T01:55:45.685Z",
"dateReserved": "2025-02-26T01:49:39.291Z",
"dateUpdated": "2025-10-01T19:56:58.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49148 (GCVE-0-2022-49148)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: Free the page array when watch_queue is dismantled
Commit 7ea1a0124b6d ("watch_queue: Free the alloc bitmap when the
watch_queue is torn down") took care of the bitmap, but not the page
array.
BUG: memory leak
unreferenced object 0xffff88810d9bc140 (size 32):
comm "syz-executor335", pid 3603, jiffies 4294946994 (age 12.840s)
hex dump (first 32 bytes):
40 a7 40 04 00 ea ff ff 00 00 00 00 00 00 00 00 @.@.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
kmalloc_array include/linux/slab.h:621 [inline]
kcalloc include/linux/slab.h:652 [inline]
watch_queue_set_size+0x12f/0x2e0 kernel/watch_queue.c:251
pipe_ioctl+0x82/0x140 fs/pipe.c:632
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:47:50.624778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:01.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/watch_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7169f60110915c8b53bffd43741fa020a75eb87a",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "4913daecd04addb41bc96a9175a885e1c19862a8",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "3963a5d1ff75585bddf0c3a918566a6be09d7520",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "375cd2536494cfbcdda84ae8b3e35bf19d0250b9",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
},
{
"lessThan": "b490207017ba237d97b735b2aa66dc241ccd18f5",
"status": "affected",
"version": "c73be61cede5882f9605a852414db559c0ebedfd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/watch_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: Free the page array when watch_queue is dismantled\n\nCommit 7ea1a0124b6d (\"watch_queue: Free the alloc bitmap when the\nwatch_queue is torn down\") took care of the bitmap, but not the page\narray.\n\n BUG: memory leak\n unreferenced object 0xffff88810d9bc140 (size 32):\n comm \"syz-executor335\", pid 3603, jiffies 4294946994 (age 12.840s)\n hex dump (first 32 bytes):\n 40 a7 40 04 00 ea ff ff 00 00 00 00 00 00 00 00 @.@.............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n kmalloc_array include/linux/slab.h:621 [inline]\n kcalloc include/linux/slab.h:652 [inline]\n watch_queue_set_size+0x12f/0x2e0 kernel/watch_queue.c:251\n pipe_ioctl+0x82/0x140 fs/pipe.c:632\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0xfc/0x140 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:00.333Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7169f60110915c8b53bffd43741fa020a75eb87a"
},
{
"url": "https://git.kernel.org/stable/c/4913daecd04addb41bc96a9175a885e1c19862a8"
},
{
"url": "https://git.kernel.org/stable/c/3963a5d1ff75585bddf0c3a918566a6be09d7520"
},
{
"url": "https://git.kernel.org/stable/c/375cd2536494cfbcdda84ae8b3e35bf19d0250b9"
},
{
"url": "https://git.kernel.org/stable/c/b490207017ba237d97b735b2aa66dc241ccd18f5"
}
],
"title": "watch_queue: Free the page array when watch_queue is dismantled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49148",
"datePublished": "2025-02-26T01:55:15.872Z",
"dateReserved": "2025-02-26T01:49:39.273Z",
"dateUpdated": "2025-10-01T19:57:01.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49656 (GCVE-0-2022-49656)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
of_find_compatible_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: d850f3e5d2966e5c9eb55f66181cee960737e04c Version: d850f3e5d2966e5c9eb55f66181cee960737e04c Version: d850f3e5d2966e5c9eb55f66181cee960737e04c Version: d850f3e5d2966e5c9eb55f66181cee960737e04c Version: d850f3e5d2966e5c9eb55f66181cee960737e04c Version: d850f3e5d2966e5c9eb55f66181cee960737e04c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:33:34.909146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:48.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-meson/platsmp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2e1bcd33478ef44e63a45457055060b5fe4118ad",
"status": "affected",
"version": "d850f3e5d2966e5c9eb55f66181cee960737e04c",
"versionType": "git"
},
{
"lessThan": "3cf8ece9113242c10f83c7675ea4f4f67959ee43",
"status": "affected",
"version": "d850f3e5d2966e5c9eb55f66181cee960737e04c",
"versionType": "git"
},
{
"lessThan": "3d90607e7e6afa89768b0aaa915b58bd2b849276",
"status": "affected",
"version": "d850f3e5d2966e5c9eb55f66181cee960737e04c",
"versionType": "git"
},
{
"lessThan": "7208101ded1e9dcc52c8f0f8b16474211c871c1a",
"status": "affected",
"version": "d850f3e5d2966e5c9eb55f66181cee960737e04c",
"versionType": "git"
},
{
"lessThan": "c5fbf4f74c94fd60d5e9bf9f7f8268c3601562ca",
"status": "affected",
"version": "d850f3e5d2966e5c9eb55f66181cee960737e04c",
"versionType": "git"
},
{
"lessThan": "34d2cd3fccced12b958b8848e3eff0ee4296764c",
"status": "affected",
"version": "d850f3e5d2966e5c9eb55f66181cee960737e04c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-meson/platsmp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.252",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.205",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.252",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.205",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.130",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.54",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.11",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: meson: Fix refcount leak in meson_smp_prepare_cpus\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:42:41.892Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2e1bcd33478ef44e63a45457055060b5fe4118ad"
},
{
"url": "https://git.kernel.org/stable/c/3cf8ece9113242c10f83c7675ea4f4f67959ee43"
},
{
"url": "https://git.kernel.org/stable/c/3d90607e7e6afa89768b0aaa915b58bd2b849276"
},
{
"url": "https://git.kernel.org/stable/c/7208101ded1e9dcc52c8f0f8b16474211c871c1a"
},
{
"url": "https://git.kernel.org/stable/c/c5fbf4f74c94fd60d5e9bf9f7f8268c3601562ca"
},
{
"url": "https://git.kernel.org/stable/c/34d2cd3fccced12b958b8848e3eff0ee4296764c"
}
],
"title": "ARM: meson: Fix refcount leak in meson_smp_prepare_cpus",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49656",
"datePublished": "2025-02-26T02:23:55.949Z",
"dateReserved": "2025-02-26T02:21:30.434Z",
"dateUpdated": "2025-10-01T19:36:48.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49113 (GCVE-0-2022-49113)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/secvar: fix refcount leak in format_show()
Refcount leak will happen when format_show returns failure in multiple
cases. Unified management of of_node_put can fix this problem.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:48:55.588675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:04.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/kernel/secvar-sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "02222bf4f0a27f6eba66d1f597cdb5daadd51829",
"status": "affected",
"version": "bd5d9c743d38f67d64ea1b512a461f6b5a5f6bec",
"versionType": "git"
},
{
"lessThan": "2a71e3ecd829a82013cf095c55068c61d991e885",
"status": "affected",
"version": "bd5d9c743d38f67d64ea1b512a461f6b5a5f6bec",
"versionType": "git"
},
{
"lessThan": "c105ffb6b9744158e37e9f81f0f38861951d1c1f",
"status": "affected",
"version": "bd5d9c743d38f67d64ea1b512a461f6b5a5f6bec",
"versionType": "git"
},
{
"lessThan": "d05e4265d33af60b39606c20c731e3e719bfe3d6",
"status": "affected",
"version": "bd5d9c743d38f67d64ea1b512a461f6b5a5f6bec",
"versionType": "git"
},
{
"lessThan": "d601fd24e6964967f115f036a840f4f28488f63f",
"status": "affected",
"version": "bd5d9c743d38f67d64ea1b512a461f6b5a5f6bec",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/kernel/secvar-sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/secvar: fix refcount leak in format_show()\n\nRefcount leak will happen when format_show returns failure in multiple\ncases. Unified management of of_node_put can fix this problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T12:58:37.778Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/02222bf4f0a27f6eba66d1f597cdb5daadd51829"
},
{
"url": "https://git.kernel.org/stable/c/2a71e3ecd829a82013cf095c55068c61d991e885"
},
{
"url": "https://git.kernel.org/stable/c/c105ffb6b9744158e37e9f81f0f38861951d1c1f"
},
{
"url": "https://git.kernel.org/stable/c/d05e4265d33af60b39606c20c731e3e719bfe3d6"
},
{
"url": "https://git.kernel.org/stable/c/d601fd24e6964967f115f036a840f4f28488f63f"
}
],
"title": "powerpc/secvar: fix refcount leak in format_show()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49113",
"datePublished": "2025-02-26T01:54:57.663Z",
"dateReserved": "2025-02-26T01:49:39.262Z",
"dateUpdated": "2025-10-01T19:57:04.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49701 (GCVE-0-2022-49701)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-05-04 08:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: ibmvfc: Allocate/free queue resource only during probe/remove
Currently, the sub-queues and event pool resources are allocated/freed for
every CRQ connection event such as reset and LPM. This exposes the driver
to a couple issues. First the inefficiency of freeing and reallocating
memory that can simply be resued after being sanitized. Further, a system
under memory pressue runs the risk of allocation failures that could result
in a crippled driver. Finally, there is a race window where command
submission/compeletion can try to pull/return elements from/to an event
pool that is being deleted or already has been deleted due to the lack of
host state around freeing/allocating resources. The following is an example
of list corruption following a live partition migration (LPM):
Oops: Exception in kernel mode, sig: 5 [#1]
LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
Modules linked in: vfat fat isofs cdrom ext4 mbcache jbd2 nft_counter nft_compat nf_tables nfnetlink rpadlpar_io rpaphp xsk_diag nfsv3 nfs_acl nfs lockd grace fscache netfs rfkill bonding tls sunrpc pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc scsi_transport_fc ibmveth vmx_crypto dm_multipath dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse
CPU: 0 PID: 2108 Comm: ibmvfc_0 Kdump: loaded Not tainted 5.14.0-70.9.1.el9_0.ppc64le #1
NIP: c0000000007c4bb0 LR: c0000000007c4bac CTR: 00000000005b9a10
REGS: c00000025c10b760 TRAP: 0700 Not tainted (5.14.0-70.9.1.el9_0.ppc64le)
MSR: 800000000282b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 2800028f XER: 0000000f
CFAR: c0000000001f55bc IRQMASK: 0
GPR00: c0000000007c4bac c00000025c10ba00 c000000002a47c00 000000000000004e
GPR04: c0000031e3006f88 c0000031e308bd00 c00000025c10b768 0000000000000027
GPR08: 0000000000000000 c0000031e3009dc0 00000031e0eb0000 0000000000000000
GPR12: c0000031e2ffffa8 c000000002dd0000 c000000000187108 c00000020fcee2c0
GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20: 0000000000000000 0000000000000000 0000000000000000 c008000002f81300
GPR24: 5deadbeef0000100 5deadbeef0000122 c000000263ba6910 c00000024cc88000
GPR28: 000000000000003c c0000002430a0000 c0000002430ac300 000000000000c300
NIP [c0000000007c4bb0] __list_del_entry_valid+0x90/0x100
LR [c0000000007c4bac] __list_del_entry_valid+0x8c/0x100
Call Trace:
[c00000025c10ba00] [c0000000007c4bac] __list_del_entry_valid+0x8c/0x100 (unreliable)
[c00000025c10ba60] [c008000002f42284] ibmvfc_free_queue+0xec/0x210 [ibmvfc]
[c00000025c10bb10] [c008000002f4246c] ibmvfc_deregister_scsi_channel+0xc4/0x160 [ibmvfc]
[c00000025c10bba0] [c008000002f42580] ibmvfc_release_sub_crqs+0x78/0x130 [ibmvfc]
[c00000025c10bc20] [c008000002f4f6cc] ibmvfc_do_work+0x5c4/0xc70 [ibmvfc]
[c00000025c10bce0] [c008000002f4fdec] ibmvfc_work+0x74/0x1e8 [ibmvfc]
[c00000025c10bda0] [c0000000001872b8] kthread+0x1b8/0x1c0
[c00000025c10be10] [c00000000000cd64] ret_from_kernel_thread+0x5c/0x64
Instruction dump:
40820034 38600001 38210060 4e800020 7c0802a6 7c641b78 3c62fe7a 7d254b78
3863b590 f8010070 4ba309cd 60000000 <0fe00000> 7c0802a6 3c62fe7a 3863b640
---[ end trace 11a2b65a92f8b66c ]---
ibmvfc 30000003: Send warning. Receive queue closed, will retry.
Add registration/deregistration helpers that are called instead during
connection resets to sanitize and reconfigure the queues.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/ibmvscsi/ibmvfc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "161ec2a0807ddd58bc0f24f3e1e7e3d4fef5297f",
"status": "affected",
"version": "3034ebe26389740bb6b4a463e05afb51dc93c336",
"versionType": "git"
},
{
"lessThan": "9f23c499ca601b2a1e1d2e761d03964b739bca0e",
"status": "affected",
"version": "3034ebe26389740bb6b4a463e05afb51dc93c336",
"versionType": "git"
},
{
"lessThan": "72ea7fe0db73d65c7d977208842d8ade9b823de9",
"status": "affected",
"version": "3034ebe26389740bb6b4a463e05afb51dc93c336",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/ibmvscsi/ibmvfc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ibmvfc: Allocate/free queue resource only during probe/remove\n\nCurrently, the sub-queues and event pool resources are allocated/freed for\nevery CRQ connection event such as reset and LPM. This exposes the driver\nto a couple issues. First the inefficiency of freeing and reallocating\nmemory that can simply be resued after being sanitized. Further, a system\nunder memory pressue runs the risk of allocation failures that could result\nin a crippled driver. Finally, there is a race window where command\nsubmission/compeletion can try to pull/return elements from/to an event\npool that is being deleted or already has been deleted due to the lack of\nhost state around freeing/allocating resources. The following is an example\nof list corruption following a live partition migration (LPM):\n\nOops: Exception in kernel mode, sig: 5 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: vfat fat isofs cdrom ext4 mbcache jbd2 nft_counter nft_compat nf_tables nfnetlink rpadlpar_io rpaphp xsk_diag nfsv3 nfs_acl nfs lockd grace fscache netfs rfkill bonding tls sunrpc pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc scsi_transport_fc ibmveth vmx_crypto dm_multipath dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse\nCPU: 0 PID: 2108 Comm: ibmvfc_0 Kdump: loaded Not tainted 5.14.0-70.9.1.el9_0.ppc64le #1\nNIP: c0000000007c4bb0 LR: c0000000007c4bac CTR: 00000000005b9a10\nREGS: c00000025c10b760 TRAP: 0700 Not tainted (5.14.0-70.9.1.el9_0.ppc64le)\nMSR: 800000000282b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 2800028f XER: 0000000f\nCFAR: c0000000001f55bc IRQMASK: 0\n GPR00: c0000000007c4bac c00000025c10ba00 c000000002a47c00 000000000000004e\n GPR04: c0000031e3006f88 c0000031e308bd00 c00000025c10b768 0000000000000027\n GPR08: 0000000000000000 c0000031e3009dc0 00000031e0eb0000 0000000000000000\n GPR12: c0000031e2ffffa8 c000000002dd0000 c000000000187108 c00000020fcee2c0\n GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR20: 0000000000000000 0000000000000000 0000000000000000 c008000002f81300\n GPR24: 5deadbeef0000100 5deadbeef0000122 c000000263ba6910 c00000024cc88000\n GPR28: 000000000000003c c0000002430a0000 c0000002430ac300 000000000000c300\nNIP [c0000000007c4bb0] __list_del_entry_valid+0x90/0x100\nLR [c0000000007c4bac] __list_del_entry_valid+0x8c/0x100\nCall Trace:\n[c00000025c10ba00] [c0000000007c4bac] __list_del_entry_valid+0x8c/0x100 (unreliable)\n[c00000025c10ba60] [c008000002f42284] ibmvfc_free_queue+0xec/0x210 [ibmvfc]\n[c00000025c10bb10] [c008000002f4246c] ibmvfc_deregister_scsi_channel+0xc4/0x160 [ibmvfc]\n[c00000025c10bba0] [c008000002f42580] ibmvfc_release_sub_crqs+0x78/0x130 [ibmvfc]\n[c00000025c10bc20] [c008000002f4f6cc] ibmvfc_do_work+0x5c4/0xc70 [ibmvfc]\n[c00000025c10bce0] [c008000002f4fdec] ibmvfc_work+0x74/0x1e8 [ibmvfc]\n[c00000025c10bda0] [c0000000001872b8] kthread+0x1b8/0x1c0\n[c00000025c10be10] [c00000000000cd64] ret_from_kernel_thread+0x5c/0x64\nInstruction dump:\n40820034 38600001 38210060 4e800020 7c0802a6 7c641b78 3c62fe7a 7d254b78\n3863b590 f8010070 4ba309cd 60000000 \u003c0fe00000\u003e 7c0802a6 3c62fe7a 3863b640\n---[ end trace 11a2b65a92f8b66c ]---\nibmvfc 30000003: Send warning. Receive queue closed, will retry.\n\nAdd registration/deregistration helpers that are called instead during\nconnection resets to sanitize and reconfigure the queues."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:34.368Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/161ec2a0807ddd58bc0f24f3e1e7e3d4fef5297f"
},
{
"url": "https://git.kernel.org/stable/c/9f23c499ca601b2a1e1d2e761d03964b739bca0e"
},
{
"url": "https://git.kernel.org/stable/c/72ea7fe0db73d65c7d977208842d8ade9b823de9"
}
],
"title": "scsi: ibmvfc: Allocate/free queue resource only during probe/remove",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49701",
"datePublished": "2025-02-26T02:24:21.358Z",
"dateReserved": "2025-02-26T02:21:30.443Z",
"dateUpdated": "2025-05-04T08:43:34.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49310 (GCVE-0-2022-49310)
Vulnerability from cvelistv5
Published
2025-02-26 02:10
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
char: xillybus: fix a refcount leak in cleanup_dev()
usb_get_dev is called in xillyusb_probe. So it is better to call
usb_put_dev before xdev is released.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:21.264048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:58.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/xillybus/xillyusb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bc8fceda3b89006e8a7dda8a097d36045d044c25",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
},
{
"lessThan": "21f1f167d727f3f857e26d509ef5a6d47fd31bc3",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
},
{
"lessThan": "e277b95acdab84cd5d2f8d537a37aef6d21e988b",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
},
{
"lessThan": "b67d19662fdee275c479d21853bc1239600a798f",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/xillybus/xillyusb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: fix a refcount leak in cleanup_dev()\n\nusb_get_dev is called in xillyusb_probe. So it is better to call\nusb_put_dev before xdev is released."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:55.305Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bc8fceda3b89006e8a7dda8a097d36045d044c25"
},
{
"url": "https://git.kernel.org/stable/c/21f1f167d727f3f857e26d509ef5a6d47fd31bc3"
},
{
"url": "https://git.kernel.org/stable/c/e277b95acdab84cd5d2f8d537a37aef6d21e988b"
},
{
"url": "https://git.kernel.org/stable/c/b67d19662fdee275c479d21853bc1239600a798f"
}
],
"title": "char: xillybus: fix a refcount leak in cleanup_dev()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49310",
"datePublished": "2025-02-26T02:10:40.664Z",
"dateReserved": "2025-02-26T02:08:31.536Z",
"dateUpdated": "2025-10-01T19:46:58.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49705 (GCVE-0-2022-49705)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl
We need to release directory fid if we fail halfway through open
This fixes fid leaking with xfstests generic 531
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:32:32.816962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:45.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_inode_dotl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "22832ac3eb5be3f7168816a76b64c1284e12eb3c",
"status": "affected",
"version": "6636b6dcc3db2258cd0585b8078c1c225c4b6dde",
"versionType": "git"
},
{
"lessThan": "8bc5412ba1a45edfd1e451874c483c26a097af2b",
"status": "affected",
"version": "6636b6dcc3db2258cd0585b8078c1c225c4b6dde",
"versionType": "git"
},
{
"lessThan": "beca774fc51a9ba8abbc869cf0c3d965ff17cd24",
"status": "affected",
"version": "6636b6dcc3db2258cd0585b8078c1c225c4b6dde",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_inode_dotl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl\n\nWe need to release directory fid if we fail halfway through open\n\nThis fixes fid leaking with xfstests generic 531"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:39.042Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/22832ac3eb5be3f7168816a76b64c1284e12eb3c"
},
{
"url": "https://git.kernel.org/stable/c/8bc5412ba1a45edfd1e451874c483c26a097af2b"
},
{
"url": "https://git.kernel.org/stable/c/beca774fc51a9ba8abbc869cf0c3d965ff17cd24"
}
],
"title": "9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49705",
"datePublished": "2025-02-26T02:24:24.077Z",
"dateReserved": "2025-02-26T02:21:30.443Z",
"dateUpdated": "2025-10-01T19:36:45.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49085 (GCVE-0-2022-49085)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drbd: Fix five use after free bugs in get_initial_state
In get_initial_state, it calls notify_initial_state_done(skb,..) if
cb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(),
the skb will be freed by nlmsg_free(skb).
Then get_initial_state will goto out and the freed skb will be used by
return value skb->len, which is a uaf bug.
What's worse, the same problem goes even further: skb can also be
freed in the notify_*_state_change -> notify_*_state calls below.
Thus 4 additional uaf bugs happened.
My patch lets the problem callee functions: notify_initial_state_done
and notify_*_state_change return an error code if errors happen.
So that the error codes could be propagated and the uaf bugs can be avoid.
v2 reports a compilation warning. This v3 fixed this warning and built
successfully in my local environment with no additional warnings.
v2: https://lore.kernel.org/patchwork/patch/1435218/
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: a29728463b254ce81ecefdf20c1a02e01d9361da Version: a29728463b254ce81ecefdf20c1a02e01d9361da Version: a29728463b254ce81ecefdf20c1a02e01d9361da Version: a29728463b254ce81ecefdf20c1a02e01d9361da Version: a29728463b254ce81ecefdf20c1a02e01d9361da Version: a29728463b254ce81ecefdf20c1a02e01d9361da Version: a29728463b254ce81ecefdf20c1a02e01d9361da Version: a29728463b254ce81ecefdf20c1a02e01d9361da Version: a29728463b254ce81ecefdf20c1a02e01d9361da |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:59:12.644580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:29.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/drbd/drbd_int.h",
"drivers/block/drbd/drbd_nl.c",
"drivers/block/drbd/drbd_state.c",
"drivers/block/drbd/drbd_state_change.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0489700bfeb1e53eb2039c2291c67e71b0b40103",
"status": "affected",
"version": "a29728463b254ce81ecefdf20c1a02e01d9361da",
"versionType": "git"
},
{
"lessThan": "dcf6be17b5c53b741898d2223b23e66d682de300",
"status": "affected",
"version": "a29728463b254ce81ecefdf20c1a02e01d9361da",
"versionType": "git"
},
{
"lessThan": "188fe6b26765edbad4055611c0f788b6870f4024",
"status": "affected",
"version": "a29728463b254ce81ecefdf20c1a02e01d9361da",
"versionType": "git"
},
{
"lessThan": "b6a4055036eed1f5e239ce3d8b0db1ce38bba447",
"status": "affected",
"version": "a29728463b254ce81ecefdf20c1a02e01d9361da",
"versionType": "git"
},
{
"lessThan": "594205b4936771a250f9d141e7e0fff21c3dd2d9",
"status": "affected",
"version": "a29728463b254ce81ecefdf20c1a02e01d9361da",
"versionType": "git"
},
{
"lessThan": "a972c768723359ec995579902473028fe3cd64b1",
"status": "affected",
"version": "a29728463b254ce81ecefdf20c1a02e01d9361da",
"versionType": "git"
},
{
"lessThan": "de63e74da2333b4068bb79983e632db730fea97e",
"status": "affected",
"version": "a29728463b254ce81ecefdf20c1a02e01d9361da",
"versionType": "git"
},
{
"lessThan": "226e993c39405292781bfcf4b039a8db56aab362",
"status": "affected",
"version": "a29728463b254ce81ecefdf20c1a02e01d9361da",
"versionType": "git"
},
{
"lessThan": "aadb22ba2f656581b2f733deb3a467c48cc618f6",
"status": "affected",
"version": "a29728463b254ce81ecefdf20c1a02e01d9361da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/drbd/drbd_int.h",
"drivers/block/drbd/drbd_nl.c",
"drivers/block/drbd/drbd_state.c",
"drivers/block/drbd/drbd_state_change.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: Fix five use after free bugs in get_initial_state\n\nIn get_initial_state, it calls notify_initial_state_done(skb,..) if\ncb-\u003eargs[5]==1. If genlmsg_put() failed in notify_initial_state_done(),\nthe skb will be freed by nlmsg_free(skb).\nThen get_initial_state will goto out and the freed skb will be used by\nreturn value skb-\u003elen, which is a uaf bug.\n\nWhat\u0027s worse, the same problem goes even further: skb can also be\nfreed in the notify_*_state_change -\u003e notify_*_state calls below.\nThus 4 additional uaf bugs happened.\n\nMy patch lets the problem callee functions: notify_initial_state_done\nand notify_*_state_change return an error code if errors happen.\nSo that the error codes could be propagated and the uaf bugs can be avoid.\n\nv2 reports a compilation warning. This v3 fixed this warning and built\nsuccessfully in my local environment with no additional warnings.\nv2: https://lore.kernel.org/patchwork/patch/1435218/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:24.372Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0489700bfeb1e53eb2039c2291c67e71b0b40103"
},
{
"url": "https://git.kernel.org/stable/c/dcf6be17b5c53b741898d2223b23e66d682de300"
},
{
"url": "https://git.kernel.org/stable/c/188fe6b26765edbad4055611c0f788b6870f4024"
},
{
"url": "https://git.kernel.org/stable/c/b6a4055036eed1f5e239ce3d8b0db1ce38bba447"
},
{
"url": "https://git.kernel.org/stable/c/594205b4936771a250f9d141e7e0fff21c3dd2d9"
},
{
"url": "https://git.kernel.org/stable/c/a972c768723359ec995579902473028fe3cd64b1"
},
{
"url": "https://git.kernel.org/stable/c/de63e74da2333b4068bb79983e632db730fea97e"
},
{
"url": "https://git.kernel.org/stable/c/226e993c39405292781bfcf4b039a8db56aab362"
},
{
"url": "https://git.kernel.org/stable/c/aadb22ba2f656581b2f733deb3a467c48cc618f6"
}
],
"title": "drbd: Fix five use after free bugs in get_initial_state",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49085",
"datePublished": "2025-02-26T01:54:43.579Z",
"dateReserved": "2025-02-26T01:49:39.248Z",
"dateUpdated": "2025-05-04T08:29:24.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47645 (GCVE-0-2021-47645)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-10-01 19:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com
On the case tmp_dcim=1, the index of buffer is miscalculated.
This generate a NULL pointer dereference later.
So let's fix the calcul and add a check to prevent this to reappear.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 61c3b19f7b9eb7c7838fd35f86566230fefd6550 Version: 61c3b19f7b9eb7c7838fd35f86566230fefd6550 Version: 61c3b19f7b9eb7c7838fd35f86566230fefd6550 Version: 61c3b19f7b9eb7c7838fd35f86566230fefd6550 Version: 61c3b19f7b9eb7c7838fd35f86566230fefd6550 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:50:33.182211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:07.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/media/zoran/zoran_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8dce4b265a5357731058f69645840dabc718c687",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bafec1a6ba4b187a7fcdcfce0faebdc623d4ef8e",
"status": "affected",
"version": "61c3b19f7b9eb7c7838fd35f86566230fefd6550",
"versionType": "git"
},
{
"lessThan": "7e76f3ed7ab2ae026c6ef9cc23096a7554af8c52",
"status": "affected",
"version": "61c3b19f7b9eb7c7838fd35f86566230fefd6550",
"versionType": "git"
},
{
"lessThan": "20db2ed1e2f9fcd417fa67853e5154f0c2537d6c",
"status": "affected",
"version": "61c3b19f7b9eb7c7838fd35f86566230fefd6550",
"versionType": "git"
},
{
"lessThan": "20811bbe685ca3eddd34b0c750860427d7030910",
"status": "affected",
"version": "61c3b19f7b9eb7c7838fd35f86566230fefd6550",
"versionType": "git"
},
{
"lessThan": "e3b86f4e558cea9eed71d894df2f19b10d60a207",
"status": "affected",
"version": "61c3b19f7b9eb7c7838fd35f86566230fefd6550",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/media/zoran/zoran_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "5.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com\n\nOn the case tmp_dcim=1, the index of buffer is miscalculated.\nThis generate a NULL pointer dereference later.\n\nSo let\u0027s fix the calcul and add a check to prevent this to reappear."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T11:16:58.421Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8dce4b265a5357731058f69645840dabc718c687"
},
{
"url": "https://git.kernel.org/stable/c/bafec1a6ba4b187a7fcdcfce0faebdc623d4ef8e"
},
{
"url": "https://git.kernel.org/stable/c/7e76f3ed7ab2ae026c6ef9cc23096a7554af8c52"
},
{
"url": "https://git.kernel.org/stable/c/20db2ed1e2f9fcd417fa67853e5154f0c2537d6c"
},
{
"url": "https://git.kernel.org/stable/c/20811bbe685ca3eddd34b0c750860427d7030910"
},
{
"url": "https://git.kernel.org/stable/c/e3b86f4e558cea9eed71d894df2f19b10d60a207"
}
],
"title": "media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47645",
"datePublished": "2025-02-26T01:54:14.651Z",
"dateReserved": "2025-02-26T01:48:21.519Z",
"dateUpdated": "2025-10-01T19:57:07.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49402 (GCVE-0-2022-49402)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Clean up hash direct_functions on register failures
We see the following GPF when register_ftrace_direct fails:
[ ] general protection fault, probably for non-canonical address \
0x200000000000010: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
[...]
[ ] RIP: 0010:ftrace_find_rec_direct+0x53/0x70
[ ] Code: 48 c1 e0 03 48 03 42 08 48 8b 10 31 c0 48 85 d2 74 [...]
[ ] RSP: 0018:ffffc9000138bc10 EFLAGS: 00010206
[ ] RAX: 0000000000000000 RBX: ffffffff813e0df0 RCX: 000000000000003b
[ ] RDX: 0200000000000000 RSI: 000000000000000c RDI: ffffffff813e0df0
[ ] RBP: ffffffffa00a3000 R08: ffffffff81180ce0 R09: 0000000000000001
[ ] R10: ffffc9000138bc18 R11: 0000000000000001 R12: ffffffff813e0df0
[ ] R13: ffffffff813e0df0 R14: ffff888171b56400 R15: 0000000000000000
[ ] FS: 00007fa9420c7780(0000) GS:ffff888ff6a00000(0000) knlGS:000000000
[ ] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ ] CR2: 000000000770d000 CR3: 0000000107d50003 CR4: 0000000000370ee0
[ ] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ ] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ ] Call Trace:
[ ] <TASK>
[ ] register_ftrace_direct+0x54/0x290
[ ] ? render_sigset_t+0xa0/0xa0
[ ] bpf_trampoline_update+0x3f5/0x4a0
[ ] ? 0xffffffffa00a3000
[ ] bpf_trampoline_link_prog+0xa9/0x140
[ ] bpf_tracing_prog_attach+0x1dc/0x450
[ ] bpf_raw_tracepoint_open+0x9a/0x1e0
[ ] ? find_held_lock+0x2d/0x90
[ ] ? lock_release+0x150/0x430
[ ] __sys_bpf+0xbd6/0x2700
[ ] ? lock_is_held_type+0xd8/0x130
[ ] __x64_sys_bpf+0x1c/0x20
[ ] do_syscall_64+0x3a/0x80
[ ] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ ] RIP: 0033:0x7fa9421defa9
[ ] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 9 f8 [...]
[ ] RSP: 002b:00007ffed743bd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ ] RAX: ffffffffffffffda RBX: 00000000069d2480 RCX: 00007fa9421defa9
[ ] RDX: 0000000000000078 RSI: 00007ffed743bd80 RDI: 0000000000000011
[ ] RBP: 00007ffed743be00 R08: 0000000000bb7270 R09: 0000000000000000
[ ] R10: 00000000069da210 R11: 0000000000000246 R12: 0000000000000001
[ ] R13: 00007ffed743c4b0 R14: 00000000069d2480 R15: 0000000000000001
[ ] </TASK>
[ ] Modules linked in: klp_vm(OK)
[ ] ---[ end trace 0000000000000000 ]---
One way to trigger this is:
1. load a livepatch that patches kernel function xxx;
2. run bpftrace -e 'kfunc:xxx {}', this will fail (expected for now);
3. repeat #2 => gpf.
This is because the entry is added to direct_functions, but not removed.
Fix this by remove the entry from direct_functions when
register_ftrace_direct fails.
Also remove the last trailing space from ftrace.c, so we don't have to
worry about it anymore.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/ftrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "82c888e51c2176a06f8b4541cf748ee81aac6e7e",
"status": "affected",
"version": "763e34e74bb7d5c316015e2e39fcc8520bfd071c",
"versionType": "git"
},
{
"lessThan": "cae2978d6907ef2c08b9b15f704e783f7c284713",
"status": "affected",
"version": "763e34e74bb7d5c316015e2e39fcc8520bfd071c",
"versionType": "git"
},
{
"lessThan": "805e87af946d8d2954171361e64d143ff37a441b",
"status": "affected",
"version": "763e34e74bb7d5c316015e2e39fcc8520bfd071c",
"versionType": "git"
},
{
"lessThan": "a0392833a178cf109a57c2a9d4d531bdfc6cd98f",
"status": "affected",
"version": "763e34e74bb7d5c316015e2e39fcc8520bfd071c",
"versionType": "git"
},
{
"lessThan": "7d54c15cb89a29a5f59e5ffc9ee62e6591769ef1",
"status": "affected",
"version": "763e34e74bb7d5c316015e2e39fcc8520bfd071c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/ftrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Clean up hash direct_functions on register failures\n\nWe see the following GPF when register_ftrace_direct fails:\n\n[ ] general protection fault, probably for non-canonical address \\\n 0x200000000000010: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n[...]\n[ ] RIP: 0010:ftrace_find_rec_direct+0x53/0x70\n[ ] Code: 48 c1 e0 03 48 03 42 08 48 8b 10 31 c0 48 85 d2 74 [...]\n[ ] RSP: 0018:ffffc9000138bc10 EFLAGS: 00010206\n[ ] RAX: 0000000000000000 RBX: ffffffff813e0df0 RCX: 000000000000003b\n[ ] RDX: 0200000000000000 RSI: 000000000000000c RDI: ffffffff813e0df0\n[ ] RBP: ffffffffa00a3000 R08: ffffffff81180ce0 R09: 0000000000000001\n[ ] R10: ffffc9000138bc18 R11: 0000000000000001 R12: ffffffff813e0df0\n[ ] R13: ffffffff813e0df0 R14: ffff888171b56400 R15: 0000000000000000\n[ ] FS: 00007fa9420c7780(0000) GS:ffff888ff6a00000(0000) knlGS:000000000\n[ ] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ ] CR2: 000000000770d000 CR3: 0000000107d50003 CR4: 0000000000370ee0\n[ ] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ ] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ ] Call Trace:\n[ ] \u003cTASK\u003e\n[ ] register_ftrace_direct+0x54/0x290\n[ ] ? render_sigset_t+0xa0/0xa0\n[ ] bpf_trampoline_update+0x3f5/0x4a0\n[ ] ? 0xffffffffa00a3000\n[ ] bpf_trampoline_link_prog+0xa9/0x140\n[ ] bpf_tracing_prog_attach+0x1dc/0x450\n[ ] bpf_raw_tracepoint_open+0x9a/0x1e0\n[ ] ? find_held_lock+0x2d/0x90\n[ ] ? lock_release+0x150/0x430\n[ ] __sys_bpf+0xbd6/0x2700\n[ ] ? lock_is_held_type+0xd8/0x130\n[ ] __x64_sys_bpf+0x1c/0x20\n[ ] do_syscall_64+0x3a/0x80\n[ ] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ ] RIP: 0033:0x7fa9421defa9\n[ ] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 9 f8 [...]\n[ ] RSP: 002b:00007ffed743bd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141\n[ ] RAX: ffffffffffffffda RBX: 00000000069d2480 RCX: 00007fa9421defa9\n[ ] RDX: 0000000000000078 RSI: 00007ffed743bd80 RDI: 0000000000000011\n[ ] RBP: 00007ffed743be00 R08: 0000000000bb7270 R09: 0000000000000000\n[ ] R10: 00000000069da210 R11: 0000000000000246 R12: 0000000000000001\n[ ] R13: 00007ffed743c4b0 R14: 00000000069d2480 R15: 0000000000000001\n[ ] \u003c/TASK\u003e\n[ ] Modules linked in: klp_vm(OK)\n[ ] ---[ end trace 0000000000000000 ]---\n\nOne way to trigger this is:\n 1. load a livepatch that patches kernel function xxx;\n 2. run bpftrace -e \u0027kfunc:xxx {}\u0027, this will fail (expected for now);\n 3. repeat #2 =\u003e gpf.\n\nThis is because the entry is added to direct_functions, but not removed.\nFix this by remove the entry from direct_functions when\nregister_ftrace_direct fails.\n\nAlso remove the last trailing space from ftrace.c, so we don\u0027t have to\nworry about it anymore."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:54.911Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/82c888e51c2176a06f8b4541cf748ee81aac6e7e"
},
{
"url": "https://git.kernel.org/stable/c/cae2978d6907ef2c08b9b15f704e783f7c284713"
},
{
"url": "https://git.kernel.org/stable/c/805e87af946d8d2954171361e64d143ff37a441b"
},
{
"url": "https://git.kernel.org/stable/c/a0392833a178cf109a57c2a9d4d531bdfc6cd98f"
},
{
"url": "https://git.kernel.org/stable/c/7d54c15cb89a29a5f59e5ffc9ee62e6591769ef1"
}
],
"title": "ftrace: Clean up hash direct_functions on register failures",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49402",
"datePublished": "2025-02-26T02:12:29.070Z",
"dateReserved": "2025-02-26T02:08:31.565Z",
"dateUpdated": "2025-05-04T08:36:54.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49731 (GCVE-0-2022-49731)
Vulnerability from cvelistv5
Published
2025-02-26 02:24
Modified
2025-10-01 19:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
In an unlikely (and probably wrong?) case that the 'ppi' parameter of
ata_host_alloc_pinfo() points to an array starting with a NULL pointer,
there's going to be a kernel oops as the 'pi' local variable won't get
reassigned from the initial value of NULL. Initialize 'pi' instead to
'&ata_dummy_port_info' to fix the possible kernel oops for good...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:31:53.132246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:36:43.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/ata/libata-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ca4693e6e06e4fd2b240c0fec47aa2498c94848e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1ac5efee33f29e704226506d429b84575a5d66f8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a810bd5af06977a847d1f202b22d7defd5c62497",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "253334f84c81bc6a43af489f108c0bddad989eef",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "36cd19e7d4e5571d77a2ed20c5b6ef50cf57734a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ff128fbea720bf763fa345680dda5f050bc24a47",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "07cbdb4807d369fbda73062a91b570c4dc5ec429",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bf476fe22aa1851bab4728e0c49025a6a0bea307",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/ata/libata-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.124",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.49",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()\n\nIn an unlikely (and probably wrong?) case that the \u0027ppi\u0027 parameter of\nata_host_alloc_pinfo() points to an array starting with a NULL pointer,\nthere\u0027s going to be a kernel oops as the \u0027pi\u0027 local variable won\u0027t get\nreassigned from the initial value of NULL. Initialize \u0027pi\u0027 instead to\n\u0027\u0026ata_dummy_port_info\u0027 to fix the possible kernel oops for good...\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:44:15.648Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ca4693e6e06e4fd2b240c0fec47aa2498c94848e"
},
{
"url": "https://git.kernel.org/stable/c/1ac5efee33f29e704226506d429b84575a5d66f8"
},
{
"url": "https://git.kernel.org/stable/c/a810bd5af06977a847d1f202b22d7defd5c62497"
},
{
"url": "https://git.kernel.org/stable/c/253334f84c81bc6a43af489f108c0bddad989eef"
},
{
"url": "https://git.kernel.org/stable/c/36cd19e7d4e5571d77a2ed20c5b6ef50cf57734a"
},
{
"url": "https://git.kernel.org/stable/c/ff128fbea720bf763fa345680dda5f050bc24a47"
},
{
"url": "https://git.kernel.org/stable/c/07cbdb4807d369fbda73062a91b570c4dc5ec429"
},
{
"url": "https://git.kernel.org/stable/c/bf476fe22aa1851bab4728e0c49025a6a0bea307"
}
],
"title": "ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49731",
"datePublished": "2025-02-26T02:24:41.300Z",
"dateReserved": "2025-02-26T02:21:30.449Z",
"dateUpdated": "2025-10-01T19:36:43.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47639 (GCVE-0-2021-47639)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 07:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU
Zap both valid and invalid roots when zapping/unmapping a gfn range, as
KVM must ensure it holds no references to the freed page after returning
from the unmap operation. Most notably, the TDP MMU doesn't zap invalid
roots in mmu_notifier callbacks. This leads to use-after-free and other
issues if the mmu_notifier runs to completion while an invalid root
zapper yields as KVM fails to honor the requirement that there must be
_no_ references to the page after the mmu_notifier returns.
The bug is most easily reproduced by hacking KVM to cause a collision
between set_nx_huge_pages() and kvm_mmu_notifier_release(), but the bug
exists between kvm_mmu_notifier_invalidate_range_start() and memslot
updates as well. Invalidating a root ensures pages aren't accessible by
the guest, and KVM won't read or write page data itself, but KVM will
trigger e.g. kvm_set_pfn_dirty() when zapping SPTEs, and thus completing
a zap of an invalid root _after_ the mmu_notifier returns is fatal.
WARNING: CPU: 24 PID: 1496 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:173 [kvm]
RIP: 0010:kvm_is_zone_device_pfn+0x96/0xa0 [kvm]
Call Trace:
<TASK>
kvm_set_pfn_dirty+0xa8/0xe0 [kvm]
__handle_changed_spte+0x2ab/0x5e0 [kvm]
__handle_changed_spte+0x2ab/0x5e0 [kvm]
__handle_changed_spte+0x2ab/0x5e0 [kvm]
zap_gfn_range+0x1f3/0x310 [kvm]
kvm_tdp_mmu_zap_invalidated_roots+0x50/0x90 [kvm]
kvm_mmu_zap_all_fast+0x177/0x1a0 [kvm]
set_nx_huge_pages+0xb4/0x190 [kvm]
param_attr_store+0x70/0x100
module_attr_store+0x19/0x30
kernfs_fop_write_iter+0x119/0x1b0
new_sync_write+0x11c/0x1b0
vfs_write+0x1cc/0x270
ksys_write+0x5f/0xe0
do_syscall_64+0x38/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xae
</TASK>
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:17:52.744634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:35.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/mmu/tdp_mmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "af47248407c0c5ae52a752af1ab5ce5b0db91502",
"status": "affected",
"version": "b7cccd397f310739fb85383033e95580f99927e0",
"versionType": "git"
},
{
"lessThan": "0c8a8da182d4333d9bbb9131d765145568c847b2",
"status": "affected",
"version": "b7cccd397f310739fb85383033e95580f99927e0",
"versionType": "git"
},
{
"lessThan": "8cf6f98ab1d16d5e607635a0c21c4231eb15367e",
"status": "affected",
"version": "b7cccd397f310739fb85383033e95580f99927e0",
"versionType": "git"
},
{
"lessThan": "d62007edf01f5c11f75d0f4b1e538fc52a5b1982",
"status": "affected",
"version": "b7cccd397f310739fb85383033e95580f99927e0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/mmu/tdp_mmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU\n\nZap both valid and invalid roots when zapping/unmapping a gfn range, as\nKVM must ensure it holds no references to the freed page after returning\nfrom the unmap operation. Most notably, the TDP MMU doesn\u0027t zap invalid\nroots in mmu_notifier callbacks. This leads to use-after-free and other\nissues if the mmu_notifier runs to completion while an invalid root\nzapper yields as KVM fails to honor the requirement that there must be\n_no_ references to the page after the mmu_notifier returns.\n\nThe bug is most easily reproduced by hacking KVM to cause a collision\nbetween set_nx_huge_pages() and kvm_mmu_notifier_release(), but the bug\nexists between kvm_mmu_notifier_invalidate_range_start() and memslot\nupdates as well. Invalidating a root ensures pages aren\u0027t accessible by\nthe guest, and KVM won\u0027t read or write page data itself, but KVM will\ntrigger e.g. kvm_set_pfn_dirty() when zapping SPTEs, and thus completing\na zap of an invalid root _after_ the mmu_notifier returns is fatal.\n\n WARNING: CPU: 24 PID: 1496 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:173 [kvm]\n RIP: 0010:kvm_is_zone_device_pfn+0x96/0xa0 [kvm]\n Call Trace:\n \u003cTASK\u003e\n kvm_set_pfn_dirty+0xa8/0xe0 [kvm]\n __handle_changed_spte+0x2ab/0x5e0 [kvm]\n __handle_changed_spte+0x2ab/0x5e0 [kvm]\n __handle_changed_spte+0x2ab/0x5e0 [kvm]\n zap_gfn_range+0x1f3/0x310 [kvm]\n kvm_tdp_mmu_zap_invalidated_roots+0x50/0x90 [kvm]\n kvm_mmu_zap_all_fast+0x177/0x1a0 [kvm]\n set_nx_huge_pages+0xb4/0x190 [kvm]\n param_attr_store+0x70/0x100\n module_attr_store+0x19/0x30\n kernfs_fop_write_iter+0x119/0x1b0\n new_sync_write+0x11c/0x1b0\n vfs_write+0x1cc/0x270\n ksys_write+0x5f/0xe0\n do_syscall_64+0x38/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:18.607Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/af47248407c0c5ae52a752af1ab5ce5b0db91502"
},
{
"url": "https://git.kernel.org/stable/c/0c8a8da182d4333d9bbb9131d765145568c847b2"
},
{
"url": "https://git.kernel.org/stable/c/8cf6f98ab1d16d5e607635a0c21c4231eb15367e"
},
{
"url": "https://git.kernel.org/stable/c/d62007edf01f5c11f75d0f4b1e538fc52a5b1982"
}
],
"title": "KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47639",
"datePublished": "2025-02-26T01:54:11.651Z",
"dateReserved": "2025-02-26T01:48:21.519Z",
"dateUpdated": "2025-05-04T07:15:18.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49095 (GCVE-0-2022-49095)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
The error handling path of the probe releases a resource that is not freed
in the remove function. In some cases, a ioremap() must be undone.
Add the missing iounmap() call in the remove function.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 45804fbb00eea27bdf4d62751681228a9e2844e9 Version: 45804fbb00eea27bdf4d62751681228a9e2844e9 Version: 45804fbb00eea27bdf4d62751681228a9e2844e9 Version: 45804fbb00eea27bdf4d62751681228a9e2844e9 Version: 45804fbb00eea27bdf4d62751681228a9e2844e9 Version: 45804fbb00eea27bdf4d62751681228a9e2844e9 Version: 45804fbb00eea27bdf4d62751681228a9e2844e9 Version: 45804fbb00eea27bdf4d62751681228a9e2844e9 Version: 45804fbb00eea27bdf4d62751681228a9e2844e9 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/zorro7xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ce430cfad6a5385d5b7f7c1dc3fa50f10abfd41b",
"status": "affected",
"version": "45804fbb00eea27bdf4d62751681228a9e2844e9",
"versionType": "git"
},
{
"lessThan": "1e0c01319dedf1e63ec5df37ead048e17afd92ba",
"status": "affected",
"version": "45804fbb00eea27bdf4d62751681228a9e2844e9",
"versionType": "git"
},
{
"lessThan": "db863ab2baf058ed05c7b723612e3c40c9dd6885",
"status": "affected",
"version": "45804fbb00eea27bdf4d62751681228a9e2844e9",
"versionType": "git"
},
{
"lessThan": "34a47f7ddb4fd1cbd12397aa6f7dad1de08b4050",
"status": "affected",
"version": "45804fbb00eea27bdf4d62751681228a9e2844e9",
"versionType": "git"
},
{
"lessThan": "c5f77b595379b5191316edd365a542f8b1526066",
"status": "affected",
"version": "45804fbb00eea27bdf4d62751681228a9e2844e9",
"versionType": "git"
},
{
"lessThan": "aefd755a96051aa56b198cb7ecd168b22ba384f6",
"status": "affected",
"version": "45804fbb00eea27bdf4d62751681228a9e2844e9",
"versionType": "git"
},
{
"lessThan": "de6aee0978f164d3d0c771ce03e3066a26c371c5",
"status": "affected",
"version": "45804fbb00eea27bdf4d62751681228a9e2844e9",
"versionType": "git"
},
{
"lessThan": "a845c678e094894f38cc9526d212b21933ce44c7",
"status": "affected",
"version": "45804fbb00eea27bdf4d62751681228a9e2844e9",
"versionType": "git"
},
{
"lessThan": "16ed828b872d12ccba8f07bcc446ae89ba662f9c",
"status": "affected",
"version": "45804fbb00eea27bdf4d62751681228a9e2844e9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/zorro7xx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.23"
},
{
"lessThan": "2.6.23",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "2.6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()\n\nThe error handling path of the probe releases a resource that is not freed\nin the remove function. In some cases, a ioremap() must be undone.\n\nAdd the missing iounmap() call in the remove function."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:29:47.033Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ce430cfad6a5385d5b7f7c1dc3fa50f10abfd41b"
},
{
"url": "https://git.kernel.org/stable/c/1e0c01319dedf1e63ec5df37ead048e17afd92ba"
},
{
"url": "https://git.kernel.org/stable/c/db863ab2baf058ed05c7b723612e3c40c9dd6885"
},
{
"url": "https://git.kernel.org/stable/c/34a47f7ddb4fd1cbd12397aa6f7dad1de08b4050"
},
{
"url": "https://git.kernel.org/stable/c/c5f77b595379b5191316edd365a542f8b1526066"
},
{
"url": "https://git.kernel.org/stable/c/aefd755a96051aa56b198cb7ecd168b22ba384f6"
},
{
"url": "https://git.kernel.org/stable/c/de6aee0978f164d3d0c771ce03e3066a26c371c5"
},
{
"url": "https://git.kernel.org/stable/c/a845c678e094894f38cc9526d212b21933ce44c7"
},
{
"url": "https://git.kernel.org/stable/c/16ed828b872d12ccba8f07bcc446ae89ba662f9c"
}
],
"title": "scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49095",
"datePublished": "2025-02-26T01:54:48.637Z",
"dateReserved": "2025-02-26T01:49:39.249Z",
"dateUpdated": "2025-05-04T08:29:47.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49426 (GCVE-0-2022-49426)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu-v3-sva: Fix mm use-after-free
We currently call arm64_mm_context_put() without holding a reference to
the mm, which can result in use-after-free. Call mmgrab()/mmdrop() to
ensure the mm only gets freed after we unpinned the ASID.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:16:10.824439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:22:32.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fc90f13ea0dcd960e5002d204fa55cec4e0db2fa",
"status": "affected",
"version": "32784a9562fb0518b12e9797ee2aec52214adf6f",
"versionType": "git"
},
{
"lessThan": "e3cbbdbff8a4db5d053c53fd71be62ccccdb52b0",
"status": "affected",
"version": "32784a9562fb0518b12e9797ee2aec52214adf6f",
"versionType": "git"
},
{
"lessThan": "9aa215450888cf29af0c479e14a712dc6b0c506c",
"status": "affected",
"version": "32784a9562fb0518b12e9797ee2aec52214adf6f",
"versionType": "git"
},
{
"lessThan": "cbd23144f7662b00bcde32a938c4a4057e476d68",
"status": "affected",
"version": "32784a9562fb0518b12e9797ee2aec52214adf6f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-v3-sva: Fix mm use-after-free\n\nWe currently call arm64_mm_context_put() without holding a reference to\nthe mm, which can result in use-after-free. Call mmgrab()/mmdrop() to\nensure the mm only gets freed after we unpinned the ASID."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:24.999Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fc90f13ea0dcd960e5002d204fa55cec4e0db2fa"
},
{
"url": "https://git.kernel.org/stable/c/e3cbbdbff8a4db5d053c53fd71be62ccccdb52b0"
},
{
"url": "https://git.kernel.org/stable/c/9aa215450888cf29af0c479e14a712dc6b0c506c"
},
{
"url": "https://git.kernel.org/stable/c/cbd23144f7662b00bcde32a938c4a4057e476d68"
}
],
"title": "iommu/arm-smmu-v3-sva: Fix mm use-after-free",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49426",
"datePublished": "2025-02-26T02:12:47.206Z",
"dateReserved": "2025-02-26T02:08:31.569Z",
"dateUpdated": "2025-05-04T08:37:24.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49509 (GCVE-0-2022-49509)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-05-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: i2c: max9286: fix kernel oops when removing module
When removing the max9286 module we get a kernel oops:
Unable to handle kernel paging request at virtual address 000000aa00000094
Mem abort info:
ESR = 0x96000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=0000000880d85000
[000000aa00000094] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Modules linked in: fsl_jr_uio caam_jr rng_core libdes caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine max9271 authenc crct10dif_ce mxc_jpeg_encdec
CPU: 2 PID: 713 Comm: rmmod Tainted: G C 5.15.5-00057-gaebcd29c8ed7-dirty #5
Hardware name: Freescale i.MX8QXP MEK (DT)
pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : i2c_mux_del_adapters+0x24/0xf0
lr : max9286_remove+0x28/0xd0 [max9286]
sp : ffff800013a9bbf0
x29: ffff800013a9bbf0 x28: ffff00080b6da940 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
x23: ffff000801a5b970 x22: ffff0008048b0890 x21: ffff800009297000
x20: ffff0008048b0f70 x19: 000000aa00000064 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000014 x13: 0000000000000000 x12: ffff000802da49e8
x11: ffff000802051918 x10: ffff000802da4920 x9 : ffff000800030098
x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d
x5 : 8080808000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : ffffffffffffffff x1 : ffff00080b6da940 x0 : 0000000000000000
Call trace:
i2c_mux_del_adapters+0x24/0xf0
max9286_remove+0x28/0xd0 [max9286]
i2c_device_remove+0x40/0x110
__device_release_driver+0x188/0x234
driver_detach+0xc4/0x150
bus_remove_driver+0x60/0xe0
driver_unregister+0x34/0x64
i2c_del_driver+0x58/0xa0
max9286_i2c_driver_exit+0x1c/0x490 [max9286]
__arm64_sys_delete_module+0x194/0x260
invoke_syscall+0x48/0x114
el0_svc_common.constprop.0+0xd4/0xfc
do_el0_svc+0x2c/0x94
el0_svc+0x28/0x80
el0t_64_sync_handler+0xa8/0x130
el0t_64_sync+0x1a0/0x1a4
The Oops happens because the I2C client data does not point to
max9286_priv anymore but to v4l2_subdev. The change happened in
max9286_init() which calls v4l2_i2c_subdev_init() later on...
Besides fixing the max9286_remove() function, remove the call to
i2c_set_clientdata() in max9286_probe(), to avoid confusion, and make
the necessary changes to max9286_init() so that it doesn't have to use
i2c_get_clientdata() in order to fetch the pointer to priv.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/i2c/max9286.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a4ec75df70575cdf33d9638c7844e729bfe6ce24",
"status": "affected",
"version": "66d8c9d2422da21ed41f75c03ba0685987b65fe0",
"versionType": "git"
},
{
"lessThan": "579c77595dbbdfe4f2edf335899f86ac51eca4e9",
"status": "affected",
"version": "66d8c9d2422da21ed41f75c03ba0685987b65fe0",
"versionType": "git"
},
{
"lessThan": "9dd783274c89c21a038d967b52a858a297e767f8",
"status": "affected",
"version": "66d8c9d2422da21ed41f75c03ba0685987b65fe0",
"versionType": "git"
},
{
"lessThan": "365ab7ebc24eebb42b9e020aeb440d51af8960cd",
"status": "affected",
"version": "66d8c9d2422da21ed41f75c03ba0685987b65fe0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/i2c/max9286.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: max9286: fix kernel oops when removing module\n\nWhen removing the max9286 module we get a kernel oops:\n\nUnable to handle kernel paging request at virtual address 000000aa00000094\nMem abort info:\n ESR = 0x96000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004\n CM = 0, WnR = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=0000000880d85000\n[000000aa00000094] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 96000004 [#1] PREEMPT SMP\nModules linked in: fsl_jr_uio caam_jr rng_core libdes caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine max9271 authenc crct10dif_ce mxc_jpeg_encdec\nCPU: 2 PID: 713 Comm: rmmod Tainted: G C 5.15.5-00057-gaebcd29c8ed7-dirty #5\nHardware name: Freescale i.MX8QXP MEK (DT)\npstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : i2c_mux_del_adapters+0x24/0xf0\nlr : max9286_remove+0x28/0xd0 [max9286]\nsp : ffff800013a9bbf0\nx29: ffff800013a9bbf0 x28: ffff00080b6da940 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000801a5b970 x22: ffff0008048b0890 x21: ffff800009297000\nx20: ffff0008048b0f70 x19: 000000aa00000064 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000014 x13: 0000000000000000 x12: ffff000802da49e8\nx11: ffff000802051918 x10: ffff000802da4920 x9 : ffff000800030098\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : ffffffffffffffff x1 : ffff00080b6da940 x0 : 0000000000000000\nCall trace:\n i2c_mux_del_adapters+0x24/0xf0\n max9286_remove+0x28/0xd0 [max9286]\n i2c_device_remove+0x40/0x110\n __device_release_driver+0x188/0x234\n driver_detach+0xc4/0x150\n bus_remove_driver+0x60/0xe0\n driver_unregister+0x34/0x64\n i2c_del_driver+0x58/0xa0\n max9286_i2c_driver_exit+0x1c/0x490 [max9286]\n __arm64_sys_delete_module+0x194/0x260\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xd4/0xfc\n do_el0_svc+0x2c/0x94\n el0_svc+0x28/0x80\n el0t_64_sync_handler+0xa8/0x130\n el0t_64_sync+0x1a0/0x1a4\n\nThe Oops happens because the I2C client data does not point to\nmax9286_priv anymore but to v4l2_subdev. The change happened in\nmax9286_init() which calls v4l2_i2c_subdev_init() later on...\n\nBesides fixing the max9286_remove() function, remove the call to\ni2c_set_clientdata() in max9286_probe(), to avoid confusion, and make\nthe necessary changes to max9286_init() so that it doesn\u0027t have to use\ni2c_get_clientdata() in order to fetch the pointer to priv."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:39:28.147Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a4ec75df70575cdf33d9638c7844e729bfe6ce24"
},
{
"url": "https://git.kernel.org/stable/c/579c77595dbbdfe4f2edf335899f86ac51eca4e9"
},
{
"url": "https://git.kernel.org/stable/c/9dd783274c89c21a038d967b52a858a297e767f8"
},
{
"url": "https://git.kernel.org/stable/c/365ab7ebc24eebb42b9e020aeb440d51af8960cd"
}
],
"title": "media: i2c: max9286: fix kernel oops when removing module",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49509",
"datePublished": "2025-02-26T02:13:40.134Z",
"dateReserved": "2025-02-26T02:08:31.587Z",
"dateUpdated": "2025-05-04T08:39:28.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47643 (GCVE-0-2021-47643)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 07:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: ir_toy: free before error exiting
Fix leak in error path.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/rc/ir_toy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "99e3f83539cac6884a4df02cb204a57a184ea12b",
"status": "affected",
"version": "261463dbc34ff0acafe4d84df04535b48a15afea",
"versionType": "git"
},
{
"lessThan": "2011363c196846c083649c91ed30aeef64358d52",
"status": "affected",
"version": "261463dbc34ff0acafe4d84df04535b48a15afea",
"versionType": "git"
},
{
"lessThan": "382e0f6958ef34eb093127b6d74c12f3b8fd0904",
"status": "affected",
"version": "261463dbc34ff0acafe4d84df04535b48a15afea",
"versionType": "git"
},
{
"lessThan": "93ef3fdf3b6633c58f049e5a6be755777dde4340",
"status": "affected",
"version": "261463dbc34ff0acafe4d84df04535b48a15afea",
"versionType": "git"
},
{
"lessThan": "52cdb013036391d9d87aba5b4fc49cdfc6ea4b23",
"status": "affected",
"version": "261463dbc34ff0acafe4d84df04535b48a15afea",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/rc/ir_toy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ir_toy: free before error exiting\n\nFix leak in error path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:15:23.510Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/99e3f83539cac6884a4df02cb204a57a184ea12b"
},
{
"url": "https://git.kernel.org/stable/c/2011363c196846c083649c91ed30aeef64358d52"
},
{
"url": "https://git.kernel.org/stable/c/382e0f6958ef34eb093127b6d74c12f3b8fd0904"
},
{
"url": "https://git.kernel.org/stable/c/93ef3fdf3b6633c58f049e5a6be755777dde4340"
},
{
"url": "https://git.kernel.org/stable/c/52cdb013036391d9d87aba5b4fc49cdfc6ea4b23"
}
],
"title": "media: ir_toy: free before error exiting",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47643",
"datePublished": "2025-02-26T01:54:13.684Z",
"dateReserved": "2025-02-26T01:48:21.519Z",
"dateUpdated": "2025-05-04T07:15:23.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49246 (GCVE-0-2022-49246)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: atmel: Fix error handling in snd_proto_probe
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
This function only calls of_node_put() in the regular path.
And it will cause refcount leak in error paths.
Fix this by calling of_node_put() in error handling too.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/atmel/mikroe-proto.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f32ac9bf5e3f594ef9bfedb410aebc98cf784e69",
"status": "affected",
"version": "a45f8853a5f95e3760dfbd7ba09d3d597d247040",
"versionType": "git"
},
{
"lessThan": "0f517480d5888cd54487c5662ce4da95b30ad798",
"status": "affected",
"version": "a45f8853a5f95e3760dfbd7ba09d3d597d247040",
"versionType": "git"
},
{
"lessThan": "8fa969cd8485031294f91fc7184399000cae6355",
"status": "affected",
"version": "a45f8853a5f95e3760dfbd7ba09d3d597d247040",
"versionType": "git"
},
{
"lessThan": "b0bfaf0544d08d093d6211d7ef8816fb0b5b6c75",
"status": "affected",
"version": "a45f8853a5f95e3760dfbd7ba09d3d597d247040",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/atmel/mikroe-proto.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: atmel: Fix error handling in snd_proto_probe\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error paths.\nFix this by calling of_node_put() in error handling too."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:16.716Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f32ac9bf5e3f594ef9bfedb410aebc98cf784e69"
},
{
"url": "https://git.kernel.org/stable/c/0f517480d5888cd54487c5662ce4da95b30ad798"
},
{
"url": "https://git.kernel.org/stable/c/8fa969cd8485031294f91fc7184399000cae6355"
},
{
"url": "https://git.kernel.org/stable/c/b0bfaf0544d08d093d6211d7ef8816fb0b5b6c75"
}
],
"title": "ASoC: atmel: Fix error handling in snd_proto_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49246",
"datePublished": "2025-02-26T01:56:05.740Z",
"dateReserved": "2025-02-26T01:49:39.295Z",
"dateUpdated": "2025-05-04T08:33:16.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49399 (GCVE-0-2022-49399)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: goldfish: Use tty_port_destroy() to destroy port
In goldfish_tty_probe(), the port initialized through tty_port_init()
should be destroyed in error paths.In goldfish_tty_remove(), qtty->port
also should be destroyed or else might leak resources.
Fix the above by calling tty_port_destroy().
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 666b7793d4bfa9f150b5c2007ab48c755ddc53ca Version: 666b7793d4bfa9f150b5c2007ab48c755ddc53ca Version: 666b7793d4bfa9f150b5c2007ab48c755ddc53ca Version: 666b7793d4bfa9f150b5c2007ab48c755ddc53ca Version: 666b7793d4bfa9f150b5c2007ab48c755ddc53ca Version: 666b7793d4bfa9f150b5c2007ab48c755ddc53ca Version: 666b7793d4bfa9f150b5c2007ab48c755ddc53ca Version: 666b7793d4bfa9f150b5c2007ab48c755ddc53ca |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/goldfish.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "241fcb79dd1df276d80b19f5f6acc9eaaaa63309",
"status": "affected",
"version": "666b7793d4bfa9f150b5c2007ab48c755ddc53ca",
"versionType": "git"
},
{
"lessThan": "326192b99c903a2193d820c30ed936cc2402382c",
"status": "affected",
"version": "666b7793d4bfa9f150b5c2007ab48c755ddc53ca",
"versionType": "git"
},
{
"lessThan": "9ae3d073f7db5578ae1907544f0c15947e9678e6",
"status": "affected",
"version": "666b7793d4bfa9f150b5c2007ab48c755ddc53ca",
"versionType": "git"
},
{
"lessThan": "ee6c33b29e624f515202a31bf6ef0437f26a1867",
"status": "affected",
"version": "666b7793d4bfa9f150b5c2007ab48c755ddc53ca",
"versionType": "git"
},
{
"lessThan": "da64f419d7f78272bfe40dde1262602d4ff6b32c",
"status": "affected",
"version": "666b7793d4bfa9f150b5c2007ab48c755ddc53ca",
"versionType": "git"
},
{
"lessThan": "45f6ce70abfb7ccf9d787781cbc4c03294a775a1",
"status": "affected",
"version": "666b7793d4bfa9f150b5c2007ab48c755ddc53ca",
"versionType": "git"
},
{
"lessThan": "4639d1b992de8f37d66f698056875c274efcd45f",
"status": "affected",
"version": "666b7793d4bfa9f150b5c2007ab48c755ddc53ca",
"versionType": "git"
},
{
"lessThan": "507b05063d1b7a1fcb9f7d7c47586fc4f3508f98",
"status": "affected",
"version": "666b7793d4bfa9f150b5c2007ab48c755ddc53ca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/goldfish.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: goldfish: Use tty_port_destroy() to destroy port\n\nIn goldfish_tty_probe(), the port initialized through tty_port_init()\nshould be destroyed in error paths.In goldfish_tty_remove(), qtty-\u003eport\nalso should be destroyed or else might leak resources.\n\nFix the above by calling tty_port_destroy()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:51.387Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/241fcb79dd1df276d80b19f5f6acc9eaaaa63309"
},
{
"url": "https://git.kernel.org/stable/c/326192b99c903a2193d820c30ed936cc2402382c"
},
{
"url": "https://git.kernel.org/stable/c/9ae3d073f7db5578ae1907544f0c15947e9678e6"
},
{
"url": "https://git.kernel.org/stable/c/ee6c33b29e624f515202a31bf6ef0437f26a1867"
},
{
"url": "https://git.kernel.org/stable/c/da64f419d7f78272bfe40dde1262602d4ff6b32c"
},
{
"url": "https://git.kernel.org/stable/c/45f6ce70abfb7ccf9d787781cbc4c03294a775a1"
},
{
"url": "https://git.kernel.org/stable/c/4639d1b992de8f37d66f698056875c274efcd45f"
},
{
"url": "https://git.kernel.org/stable/c/507b05063d1b7a1fcb9f7d7c47586fc4f3508f98"
}
],
"title": "tty: goldfish: Use tty_port_destroy() to destroy port",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49399",
"datePublished": "2025-02-26T02:12:27.650Z",
"dateReserved": "2025-02-26T02:08:31.563Z",
"dateUpdated": "2025-05-04T08:36:51.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49254 (GCVE-0-2022-49254)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats()
In cal_ctx_v4l2_init_formats(), devm_kzalloc() is assigned to
ctx->active_fmt and there is a dereference of it after that, which could
lead to NULL pointer dereference on failure of devm_kzalloc().
Fix this bug by adding a NULL check of ctx->active_fmt.
This bug was found by a static analyzer.
Builds with 'make allyesconfig' show no new warnings, and our static
analyzer no longer warns about this code.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/ti-vpe/cal-video.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "aa613ac270292e102503e9767882e39200efe608",
"status": "affected",
"version": "7168155002cf7aadbfaa14a28f037c880a214764",
"versionType": "git"
},
{
"lessThan": "91e2805579ab0783eed53acc2bf9fb553e939004",
"status": "affected",
"version": "7168155002cf7aadbfaa14a28f037c880a214764",
"versionType": "git"
},
{
"lessThan": "1381f1a629a090c251965edb56f849ad648414a4",
"status": "affected",
"version": "7168155002cf7aadbfaa14a28f037c880a214764",
"versionType": "git"
},
{
"lessThan": "abd77889851d2ead0d0c9c4d29f1808801477b00",
"status": "affected",
"version": "7168155002cf7aadbfaa14a28f037c880a214764",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/platform/ti-vpe/cal-video.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats()\n\nIn cal_ctx_v4l2_init_formats(), devm_kzalloc() is assigned to\nctx-\u003eactive_fmt and there is a dereference of it after that, which could\nlead to NULL pointer dereference on failure of devm_kzalloc().\n\nFix this bug by adding a NULL check of ctx-\u003eactive_fmt.\n\nThis bug was found by a static analyzer.\n\nBuilds with \u0027make allyesconfig\u0027 show no new warnings, and our static\nanalyzer no longer warns about this code."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:27.253Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/aa613ac270292e102503e9767882e39200efe608"
},
{
"url": "https://git.kernel.org/stable/c/91e2805579ab0783eed53acc2bf9fb553e939004"
},
{
"url": "https://git.kernel.org/stable/c/1381f1a629a090c251965edb56f849ad648414a4"
},
{
"url": "https://git.kernel.org/stable/c/abd77889851d2ead0d0c9c4d29f1808801477b00"
}
],
"title": "media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49254",
"datePublished": "2025-02-26T01:56:09.619Z",
"dateReserved": "2025-02-26T01:49:39.295Z",
"dateUpdated": "2025-05-04T08:33:27.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49292 (GCVE-0-2022-49292)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: oss: Fix PCM OSS buffer allocation overflow
We've got syzbot reports hitting INT_MAX overflow at vmalloc()
allocation that is called from snd_pcm_plug_alloc(). Although we
apply the restrictions to input parameters, it's based only on the
hw_params of the underlying PCM device. Since the PCM OSS layer
allocates a temporary buffer for the data conversion, the size may
become unexpectedly large when more channels or higher rates is given;
in the reported case, it went over INT_MAX, hence it hits WARN_ON().
This patch is an attempt to avoid such an overflow and an allocation
for too large buffers. First off, it adds the limit of 1MB as the
upper bound for period bytes. This must be large enough for all use
cases, and we really don't want to handle a larger temporary buffer
than this size. The size check is performed at two places, where the
original period bytes is calculated and where the plugin buffer size
is calculated.
In addition, the driver uses array_size() and array3_size() for
multiplications to catch overflows for the converted period size and
buffer bytes.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/core/oss/pcm_oss.c",
"sound/core/oss/pcm_plugin.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a63af1baf0a5e11827db60e3127f87e437cab6e5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0c4190b41a69990666b4000999e27f8f1b2a426b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5ce74ff7059341d8b2f4d01c3383491df63d1898",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7a40cbf3579a8e14849ba7ce46309c1992658d2b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fb08bf99195a87c798bc8ae1357337a981faeade",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e74a069c6a7bb505f3ade141dddf85f4b0b5145a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "efb6402c3c4a7c26d97c92d70186424097b6e366",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/core/oss/pcm_oss.c",
"sound/core/oss/pcm_plugin.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.237",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.188",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.32",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: oss: Fix PCM OSS buffer allocation overflow\n\nWe\u0027ve got syzbot reports hitting INT_MAX overflow at vmalloc()\nallocation that is called from snd_pcm_plug_alloc(). Although we\napply the restrictions to input parameters, it\u0027s based only on the\nhw_params of the underlying PCM device. Since the PCM OSS layer\nallocates a temporary buffer for the data conversion, the size may\nbecome unexpectedly large when more channels or higher rates is given;\nin the reported case, it went over INT_MAX, hence it hits WARN_ON().\n\nThis patch is an attempt to avoid such an overflow and an allocation\nfor too large buffers. First off, it adds the limit of 1MB as the\nupper bound for period bytes. This must be large enough for all use\ncases, and we really don\u0027t want to handle a larger temporary buffer\nthan this size. The size check is performed at two places, where the\noriginal period bytes is calculated and where the plugin buffer size\nis calculated.\n\nIn addition, the driver uses array_size() and array3_size() for\nmultiplications to catch overflows for the converted period size and\nbuffer bytes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:23.499Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5"
},
{
"url": "https://git.kernel.org/stable/c/0c4190b41a69990666b4000999e27f8f1b2a426b"
},
{
"url": "https://git.kernel.org/stable/c/5ce74ff7059341d8b2f4d01c3383491df63d1898"
},
{
"url": "https://git.kernel.org/stable/c/7a40cbf3579a8e14849ba7ce46309c1992658d2b"
},
{
"url": "https://git.kernel.org/stable/c/fb08bf99195a87c798bc8ae1357337a981faeade"
},
{
"url": "https://git.kernel.org/stable/c/e74a069c6a7bb505f3ade141dddf85f4b0b5145a"
},
{
"url": "https://git.kernel.org/stable/c/efb6402c3c4a7c26d97c92d70186424097b6e366"
}
],
"title": "ALSA: oss: Fix PCM OSS buffer allocation overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49292",
"datePublished": "2025-02-26T01:56:28.552Z",
"dateReserved": "2025-02-26T01:49:39.302Z",
"dateUpdated": "2025-05-04T08:34:23.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49156 (GCVE-0-2022-49156)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix scheduling while atomic
The driver makes a call into midlayer (fc_remote_port_delete) which can put
the thread to sleep. The thread that originates the call is in interrupt
context. The combination of the two trigger a crash. Schedule the call in
non-interrupt context where it is more safe.
kernel: BUG: scheduling while atomic: swapper/7/0/0x00010000
kernel: Call Trace:
kernel: <IRQ>
kernel: dump_stack+0x66/0x81
kernel: __schedule_bug.cold.90+0x5/0x1d
kernel: __schedule+0x7af/0x960
kernel: schedule+0x28/0x80
kernel: schedule_timeout+0x26d/0x3b0
kernel: wait_for_completion+0xb4/0x140
kernel: ? wake_up_q+0x70/0x70
kernel: __wait_rcu_gp+0x12c/0x160
kernel: ? sdev_evt_alloc+0xc0/0x180 [scsi_mod]
kernel: synchronize_sched+0x6c/0x80
kernel: ? call_rcu_bh+0x20/0x20
kernel: ? __bpf_trace_rcu_invoke_callback+0x10/0x10
kernel: sdev_evt_alloc+0xfd/0x180 [scsi_mod]
kernel: starget_for_each_device+0x85/0xb0 [scsi_mod]
kernel: ? scsi_init_io+0x360/0x3d0 [scsi_mod]
kernel: scsi_init_io+0x388/0x3d0 [scsi_mod]
kernel: device_for_each_child+0x54/0x90
kernel: fc_remote_port_delete+0x70/0xe0 [scsi_transport_fc]
kernel: qla2x00_schedule_rport_del+0x62/0xf0 [qla2xxx]
kernel: qla2x00_mark_device_lost+0x9c/0xd0 [qla2xxx]
kernel: qla24xx_handle_plogi_done_event+0x55f/0x570 [qla2xxx]
kernel: qla2x00_async_login_sp_done+0xd2/0x100 [qla2xxx]
kernel: qla24xx_logio_entry+0x13a/0x3c0 [qla2xxx]
kernel: qla24xx_process_response_queue+0x306/0x400 [qla2xxx]
kernel: qla24xx_msix_rsp_q+0x3f/0xb0 [qla2xxx]
kernel: __handle_irq_event_percpu+0x40/0x180
kernel: handle_irq_event_percpu+0x30/0x80
kernel: handle_irq_event+0x36/0x60
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7fef50214dd04427233a2e66cd624d468e67aecb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "826a9d4a00d1424afa961504aec6298ee92d5053",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "78225d6a2a4ffdb2250ce2b7691a9e68a3f86912",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "78612f2fe8e26637476d756a44f0f05cca0d97de",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "afd438ff874ca40b74321b3fa19bd61adfd7ca0c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix scheduling while atomic\n\nThe driver makes a call into midlayer (fc_remote_port_delete) which can put\nthe thread to sleep. The thread that originates the call is in interrupt\ncontext. The combination of the two trigger a crash. Schedule the call in\nnon-interrupt context where it is more safe.\n\nkernel: BUG: scheduling while atomic: swapper/7/0/0x00010000\nkernel: Call Trace:\nkernel: \u003cIRQ\u003e\nkernel: dump_stack+0x66/0x81\nkernel: __schedule_bug.cold.90+0x5/0x1d\nkernel: __schedule+0x7af/0x960\nkernel: schedule+0x28/0x80\nkernel: schedule_timeout+0x26d/0x3b0\nkernel: wait_for_completion+0xb4/0x140\nkernel: ? wake_up_q+0x70/0x70\nkernel: __wait_rcu_gp+0x12c/0x160\nkernel: ? sdev_evt_alloc+0xc0/0x180 [scsi_mod]\nkernel: synchronize_sched+0x6c/0x80\nkernel: ? call_rcu_bh+0x20/0x20\nkernel: ? __bpf_trace_rcu_invoke_callback+0x10/0x10\nkernel: sdev_evt_alloc+0xfd/0x180 [scsi_mod]\nkernel: starget_for_each_device+0x85/0xb0 [scsi_mod]\nkernel: ? scsi_init_io+0x360/0x3d0 [scsi_mod]\nkernel: scsi_init_io+0x388/0x3d0 [scsi_mod]\nkernel: device_for_each_child+0x54/0x90\nkernel: fc_remote_port_delete+0x70/0xe0 [scsi_transport_fc]\nkernel: qla2x00_schedule_rport_del+0x62/0xf0 [qla2xxx]\nkernel: qla2x00_mark_device_lost+0x9c/0xd0 [qla2xxx]\nkernel: qla24xx_handle_plogi_done_event+0x55f/0x570 [qla2xxx]\nkernel: qla2x00_async_login_sp_done+0xd2/0x100 [qla2xxx]\nkernel: qla24xx_logio_entry+0x13a/0x3c0 [qla2xxx]\nkernel: qla24xx_process_response_queue+0x306/0x400 [qla2xxx]\nkernel: qla24xx_msix_rsp_q+0x3f/0xb0 [qla2xxx]\nkernel: __handle_irq_event_percpu+0x40/0x180\nkernel: handle_irq_event_percpu+0x30/0x80\nkernel: handle_irq_event+0x36/0x60"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:31:11.583Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7fef50214dd04427233a2e66cd624d468e67aecb"
},
{
"url": "https://git.kernel.org/stable/c/826a9d4a00d1424afa961504aec6298ee92d5053"
},
{
"url": "https://git.kernel.org/stable/c/78225d6a2a4ffdb2250ce2b7691a9e68a3f86912"
},
{
"url": "https://git.kernel.org/stable/c/78612f2fe8e26637476d756a44f0f05cca0d97de"
},
{
"url": "https://git.kernel.org/stable/c/afd438ff874ca40b74321b3fa19bd61adfd7ca0c"
}
],
"title": "scsi: qla2xxx: Fix scheduling while atomic",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49156",
"datePublished": "2025-02-26T01:55:20.285Z",
"dateReserved": "2025-02-26T01:49:39.275Z",
"dateUpdated": "2025-05-04T08:31:11.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49411 (GCVE-0-2022-49411)
Vulnerability from cvelistv5
Published
2025-02-26 02:12
Modified
2025-05-04 08:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bfq: Make sure bfqg for which we are queueing requests is online
Bios queued into BFQ IO scheduler can be associated with a cgroup that
was already offlined. This may then cause insertion of this bfq_group
into a service tree. But this bfq_group will get freed as soon as last
bio associated with it is completed leading to use after free issues for
service tree users. Fix the problem by making sure we always operate on
online bfq_group. If the bfq_group associated with the bio is not
online, we pick the first online parent.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: e21b7a0b988772e82e7147e1c659a5afe2ae003c Version: e21b7a0b988772e82e7147e1c659a5afe2ae003c Version: e21b7a0b988772e82e7147e1c659a5afe2ae003c Version: e21b7a0b988772e82e7147e1c659a5afe2ae003c Version: e21b7a0b988772e82e7147e1c659a5afe2ae003c Version: e21b7a0b988772e82e7147e1c659a5afe2ae003c |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T21:14:17.027775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T21:21:43.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/bfq-cgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ccddf8cd411c1800863ed357064e56ceffd356bb",
"status": "affected",
"version": "e21b7a0b988772e82e7147e1c659a5afe2ae003c",
"versionType": "git"
},
{
"lessThan": "51f724bffa3403a5236597e6b75df7329c1ec6e9",
"status": "affected",
"version": "e21b7a0b988772e82e7147e1c659a5afe2ae003c",
"versionType": "git"
},
{
"lessThan": "6ee0868b0c3ccead5907685fcdcdd0c08dfe4b0b",
"status": "affected",
"version": "e21b7a0b988772e82e7147e1c659a5afe2ae003c",
"versionType": "git"
},
{
"lessThan": "97bd6c56bdcb41079e488e31df56809e3b2ce628",
"status": "affected",
"version": "e21b7a0b988772e82e7147e1c659a5afe2ae003c",
"versionType": "git"
},
{
"lessThan": "7781c38552e6cc54ed8e9040279561340516b881",
"status": "affected",
"version": "e21b7a0b988772e82e7147e1c659a5afe2ae003c",
"versionType": "git"
},
{
"lessThan": "075a53b78b815301f8d3dd1ee2cd99554e34f0dd",
"status": "affected",
"version": "e21b7a0b988772e82e7147e1c659a5afe2ae003c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/bfq-cgroup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.121",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbfq: Make sure bfqg for which we are queueing requests is online\n\nBios queued into BFQ IO scheduler can be associated with a cgroup that\nwas already offlined. This may then cause insertion of this bfq_group\ninto a service tree. But this bfq_group will get freed as soon as last\nbio associated with it is completed leading to use after free issues for\nservice tree users. Fix the problem by making sure we always operate on\nonline bfq_group. If the bfq_group associated with the bio is not\nonline, we pick the first online parent."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:37:06.106Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ccddf8cd411c1800863ed357064e56ceffd356bb"
},
{
"url": "https://git.kernel.org/stable/c/51f724bffa3403a5236597e6b75df7329c1ec6e9"
},
{
"url": "https://git.kernel.org/stable/c/6ee0868b0c3ccead5907685fcdcdd0c08dfe4b0b"
},
{
"url": "https://git.kernel.org/stable/c/97bd6c56bdcb41079e488e31df56809e3b2ce628"
},
{
"url": "https://git.kernel.org/stable/c/7781c38552e6cc54ed8e9040279561340516b881"
},
{
"url": "https://git.kernel.org/stable/c/075a53b78b815301f8d3dd1ee2cd99554e34f0dd"
}
],
"title": "bfq: Make sure bfqg for which we are queueing requests is online",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49411",
"datePublished": "2025-02-26T02:12:33.628Z",
"dateReserved": "2025-02-26T02:08:31.567Z",
"dateUpdated": "2025-05-04T08:37:06.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49269 (GCVE-0-2022-49269)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-05-04 08:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: isotp: sanitize CAN ID checks in isotp_bind()
Syzbot created an environment that lead to a state machine status that
can not be reached with a compliant CAN ID address configuration.
The provided address information consisted of CAN ID 0x6000001 and 0xC28001
which both boil down to 11 bit CAN IDs 0x001 in sending and receiving.
Sanitize the SFF/EFF CAN ID values before performing the address checks.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/can/isotp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d72866a7f5326160d2a9d945a33eb6ef1883e25d",
"status": "affected",
"version": "e057dd3fc20ffb3d7f150af46542a51b59b90127",
"versionType": "git"
},
{
"lessThan": "f343dbe82314ab457153c9afd970be4e9e553020",
"status": "affected",
"version": "e057dd3fc20ffb3d7f150af46542a51b59b90127",
"versionType": "git"
},
{
"lessThan": "cf522d741f5301223cc94b978eb1603c7590d65e",
"status": "affected",
"version": "e057dd3fc20ffb3d7f150af46542a51b59b90127",
"versionType": "git"
},
{
"lessThan": "7b4652fc71dcec043977a6def80ef5034c913615",
"status": "affected",
"version": "e057dd3fc20ffb3d7f150af46542a51b59b90127",
"versionType": "git"
},
{
"lessThan": "3ea566422cbde9610c2734980d1286ab681bb40e",
"status": "affected",
"version": "e057dd3fc20ffb3d7f150af46542a51b59b90127",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/can/isotp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: isotp: sanitize CAN ID checks in isotp_bind()\n\nSyzbot created an environment that lead to a state machine status that\ncan not be reached with a compliant CAN ID address configuration.\nThe provided address information consisted of CAN ID 0x6000001 and 0xC28001\nwhich both boil down to 11 bit CAN IDs 0x001 in sending and receiving.\n\nSanitize the SFF/EFF CAN ID values before performing the address checks."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:45.911Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d72866a7f5326160d2a9d945a33eb6ef1883e25d"
},
{
"url": "https://git.kernel.org/stable/c/f343dbe82314ab457153c9afd970be4e9e553020"
},
{
"url": "https://git.kernel.org/stable/c/cf522d741f5301223cc94b978eb1603c7590d65e"
},
{
"url": "https://git.kernel.org/stable/c/7b4652fc71dcec043977a6def80ef5034c913615"
},
{
"url": "https://git.kernel.org/stable/c/3ea566422cbde9610c2734980d1286ab681bb40e"
}
],
"title": "can: isotp: sanitize CAN ID checks in isotp_bind()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49269",
"datePublished": "2025-02-26T01:56:17.204Z",
"dateReserved": "2025-02-26T01:49:39.297Z",
"dateUpdated": "2025-05-04T08:33:45.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49371 (GCVE-0-2022-49371)
Vulnerability from cvelistv5
Published
2025-02-26 02:11
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
driver core: fix deadlock in __device_attach
In __device_attach function, The lock holding logic is as follows:
...
__device_attach
device_lock(dev) // get lock dev
async_schedule_dev(__device_attach_async_helper, dev); // func
async_schedule_node
async_schedule_node_domain(func)
entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC);
/* when fail or work limit, sync to execute func, but
__device_attach_async_helper will get lock dev as
well, which will lead to A-A deadlock. */
if (!entry || atomic_read(&entry_count) > MAX_WORK) {
func;
else
queue_work_node(node, system_unbound_wq, &entry->work)
device_unlock(dev)
As shown above, when it is allowed to do async probes, because of
out of memory or work limit, async work is not allowed, to do
sync execute instead. it will lead to A-A deadlock because of
__device_attach_async_helper getting lock dev.
To fix the deadlock, move the async_schedule_dev outside device_lock,
as we can see, in async_schedule_node_domain, the parameter of
queue_work_node is system_unbound_wq, so it can accept concurrent
operations. which will also not change the code logic, and will
not lead to deadlock.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 765230b5f084863183aa8adb3405ab3f32c0b16e Version: 765230b5f084863183aa8adb3405ab3f32c0b16e Version: 765230b5f084863183aa8adb3405ab3f32c0b16e Version: 765230b5f084863183aa8adb3405ab3f32c0b16e Version: 765230b5f084863183aa8adb3405ab3f32c0b16e Version: 765230b5f084863183aa8adb3405ab3f32c0b16e |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:17.592122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:52.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/dd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "593b595332bd2d65e1a5c1ae7897996c157f5468",
"status": "affected",
"version": "765230b5f084863183aa8adb3405ab3f32c0b16e",
"versionType": "git"
},
{
"lessThan": "36ee9ffca8ef56c302f2855c4a5fccf61c0c1ada",
"status": "affected",
"version": "765230b5f084863183aa8adb3405ab3f32c0b16e",
"versionType": "git"
},
{
"lessThan": "df6de52b80aa3b46f5ac804412355ffe2e1df93e",
"status": "affected",
"version": "765230b5f084863183aa8adb3405ab3f32c0b16e",
"versionType": "git"
},
{
"lessThan": "d53a227bfcd5160ce1b61d9954901968a20651e7",
"status": "affected",
"version": "765230b5f084863183aa8adb3405ab3f32c0b16e",
"versionType": "git"
},
{
"lessThan": "34fdd9b7def9d2fcb71bb7b0bc4848dd7313767e",
"status": "affected",
"version": "765230b5f084863183aa8adb3405ab3f32c0b16e",
"versionType": "git"
},
{
"lessThan": "b232b02bf3c205b13a26dcec08e53baddd8e59ed",
"status": "affected",
"version": "765230b5f084863183aa8adb3405ab3f32c0b16e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/dd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: fix deadlock in __device_attach\n\nIn __device_attach function, The lock holding logic is as follows:\n...\n__device_attach\ndevice_lock(dev) // get lock dev\n async_schedule_dev(__device_attach_async_helper, dev); // func\n async_schedule_node\n async_schedule_node_domain(func)\n entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC);\n\t/* when fail or work limit, sync to execute func, but\n\t __device_attach_async_helper will get lock dev as\n\t well, which will lead to A-A deadlock. */\n\tif (!entry || atomic_read(\u0026entry_count) \u003e MAX_WORK) {\n\t func;\n\telse\n\t queue_work_node(node, system_unbound_wq, \u0026entry-\u003ework)\n device_unlock(dev)\n\nAs shown above, when it is allowed to do async probes, because of\nout of memory or work limit, async work is not allowed, to do\nsync execute instead. it will lead to A-A deadlock because of\n__device_attach_async_helper getting lock dev.\n\nTo fix the deadlock, move the async_schedule_dev outside device_lock,\nas we can see, in async_schedule_node_domain, the parameter of\nqueue_work_node is system_unbound_wq, so it can accept concurrent\noperations. which will also not change the code logic, and will\nnot lead to deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:16.018Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/593b595332bd2d65e1a5c1ae7897996c157f5468"
},
{
"url": "https://git.kernel.org/stable/c/36ee9ffca8ef56c302f2855c4a5fccf61c0c1ada"
},
{
"url": "https://git.kernel.org/stable/c/df6de52b80aa3b46f5ac804412355ffe2e1df93e"
},
{
"url": "https://git.kernel.org/stable/c/d53a227bfcd5160ce1b61d9954901968a20651e7"
},
{
"url": "https://git.kernel.org/stable/c/34fdd9b7def9d2fcb71bb7b0bc4848dd7313767e"
},
{
"url": "https://git.kernel.org/stable/c/b232b02bf3c205b13a26dcec08e53baddd8e59ed"
}
],
"title": "driver core: fix deadlock in __device_attach",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49371",
"datePublished": "2025-02-26T02:11:13.652Z",
"dateReserved": "2025-02-26T02:08:31.555Z",
"dateUpdated": "2025-10-01T19:46:52.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49059 (GCVE-0-2022-49059)
Vulnerability from cvelistv5
Published
2025-02-26 01:54
Modified
2025-05-04 08:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: add flush_workqueue to prevent uaf
Our detector found a concurrent use-after-free bug when detaching an
NCI device. The main reason for this bug is the unexpected scheduling
between the used delayed mechanism (timer and workqueue).
The race can be demonstrated below:
Thread-1 Thread-2
| nci_dev_up()
| nci_open_device()
| __nci_request(nci_reset_req)
| nci_send_cmd
| queue_work(cmd_work)
nci_unregister_device() |
nci_close_device() | ...
del_timer_sync(cmd_timer)[1] |
... | Worker
nci_free_device() | nci_cmd_work()
kfree(ndev)[3] | mod_timer(cmd_timer)[2]
In short, the cleanup routine thought that the cmd_timer has already
been detached by [1] but the mod_timer can re-attach the timer [2], even
it is already released [3], resulting in UAF.
This UAF is easy to trigger, crash trace by POC is like below
[ 66.703713] ==================================================================
[ 66.703974] BUG: KASAN: use-after-free in enqueue_timer+0x448/0x490
[ 66.703974] Write of size 8 at addr ffff888009fb7058 by task kworker/u4:1/33
[ 66.703974]
[ 66.703974] CPU: 1 PID: 33 Comm: kworker/u4:1 Not tainted 5.18.0-rc2 #5
[ 66.703974] Workqueue: nfc2_nci_cmd_wq nci_cmd_work
[ 66.703974] Call Trace:
[ 66.703974] <TASK>
[ 66.703974] dump_stack_lvl+0x57/0x7d
[ 66.703974] print_report.cold+0x5e/0x5db
[ 66.703974] ? enqueue_timer+0x448/0x490
[ 66.703974] kasan_report+0xbe/0x1c0
[ 66.703974] ? enqueue_timer+0x448/0x490
[ 66.703974] enqueue_timer+0x448/0x490
[ 66.703974] __mod_timer+0x5e6/0xb80
[ 66.703974] ? mark_held_locks+0x9e/0xe0
[ 66.703974] ? try_to_del_timer_sync+0xf0/0xf0
[ 66.703974] ? lockdep_hardirqs_on_prepare+0x17b/0x410
[ 66.703974] ? queue_work_on+0x61/0x80
[ 66.703974] ? lockdep_hardirqs_on+0xbf/0x130
[ 66.703974] process_one_work+0x8bb/0x1510
[ 66.703974] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 66.703974] ? pwq_dec_nr_in_flight+0x230/0x230
[ 66.703974] ? rwlock_bug.part.0+0x90/0x90
[ 66.703974] ? _raw_spin_lock_irq+0x41/0x50
[ 66.703974] worker_thread+0x575/0x1190
[ 66.703974] ? process_one_work+0x1510/0x1510
[ 66.703974] kthread+0x2a0/0x340
[ 66.703974] ? kthread_complete_and_exit+0x20/0x20
[ 66.703974] ret_from_fork+0x22/0x30
[ 66.703974] </TASK>
[ 66.703974]
[ 66.703974] Allocated by task 267:
[ 66.703974] kasan_save_stack+0x1e/0x40
[ 66.703974] __kasan_kmalloc+0x81/0xa0
[ 66.703974] nci_allocate_device+0xd3/0x390
[ 66.703974] nfcmrvl_nci_register_dev+0x183/0x2c0
[ 66.703974] nfcmrvl_nci_uart_open+0xf2/0x1dd
[ 66.703974] nci_uart_tty_ioctl+0x2c3/0x4a0
[ 66.703974] tty_ioctl+0x764/0x1310
[ 66.703974] __x64_sys_ioctl+0x122/0x190
[ 66.703974] do_syscall_64+0x3b/0x90
[ 66.703974] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 66.703974]
[ 66.703974] Freed by task 406:
[ 66.703974] kasan_save_stack+0x1e/0x40
[ 66.703974] kasan_set_track+0x21/0x30
[ 66.703974] kasan_set_free_info+0x20/0x30
[ 66.703974] __kasan_slab_free+0x108/0x170
[ 66.703974] kfree+0xb0/0x330
[ 66.703974] nfcmrvl_nci_unregister_dev+0x90/0xd0
[ 66.703974] nci_uart_tty_close+0xdf/0x180
[ 66.703974] tty_ldisc_kill+0x73/0x110
[ 66.703974] tty_ldisc_hangup+0x281/0x5b0
[ 66.703974] __tty_hangup.part.0+0x431/0x890
[ 66.703974] tty_release+0x3a8/0xc80
[ 66.703974] __fput+0x1f0/0x8c0
[ 66.703974] task_work_run+0xc9/0x170
[ 66.703974] exit_to_user_mode_prepare+0x194/0x1a0
[ 66.703974] syscall_exit_to_user_mode+0x19/0x50
[ 66.703974] do_syscall_64+0x48/0x90
[ 66.703974] entry_SYSCALL_64_after_hwframe+0x44/0x
---truncated---
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:59:20.702464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:30.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7d3232214ca4ea8f7d18df264c3b254aa8089d7f",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "9d243aff5f7e6b04e907c617426bbdf26e996ac8",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "1a1748d0dd0f0a98535c6baeef671c8722107639",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "5c63ad2b0a267a524c12c88acb1ba9c2d109a801",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "67677050cecbe0edfdd81cd508415e9636ba7c65",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "9ded5ae40f4fe37fcc28f36d76bf45df20be5432",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "edd4600120641e1714e30112e69a548cfb68e067",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "ef27324e2cb7bb24542d6cb2571740eefe6b00dc",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.2"
},
{
"lessThan": "3.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.239",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.311",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.276",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.239",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.190",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.112",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.35",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.4",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: add flush_workqueue to prevent uaf\n\nOur detector found a concurrent use-after-free bug when detaching an\nNCI device. The main reason for this bug is the unexpected scheduling\nbetween the used delayed mechanism (timer and workqueue).\n\nThe race can be demonstrated below:\n\nThread-1 Thread-2\n | nci_dev_up()\n | nci_open_device()\n | __nci_request(nci_reset_req)\n | nci_send_cmd\n | queue_work(cmd_work)\nnci_unregister_device() |\n nci_close_device() | ...\n del_timer_sync(cmd_timer)[1] |\n... | Worker\nnci_free_device() | nci_cmd_work()\n kfree(ndev)[3] | mod_timer(cmd_timer)[2]\n\nIn short, the cleanup routine thought that the cmd_timer has already\nbeen detached by [1] but the mod_timer can re-attach the timer [2], even\nit is already released [3], resulting in UAF.\n\nThis UAF is easy to trigger, crash trace by POC is like below\n\n[ 66.703713] ==================================================================\n[ 66.703974] BUG: KASAN: use-after-free in enqueue_timer+0x448/0x490\n[ 66.703974] Write of size 8 at addr ffff888009fb7058 by task kworker/u4:1/33\n[ 66.703974]\n[ 66.703974] CPU: 1 PID: 33 Comm: kworker/u4:1 Not tainted 5.18.0-rc2 #5\n[ 66.703974] Workqueue: nfc2_nci_cmd_wq nci_cmd_work\n[ 66.703974] Call Trace:\n[ 66.703974] \u003cTASK\u003e\n[ 66.703974] dump_stack_lvl+0x57/0x7d\n[ 66.703974] print_report.cold+0x5e/0x5db\n[ 66.703974] ? enqueue_timer+0x448/0x490\n[ 66.703974] kasan_report+0xbe/0x1c0\n[ 66.703974] ? enqueue_timer+0x448/0x490\n[ 66.703974] enqueue_timer+0x448/0x490\n[ 66.703974] __mod_timer+0x5e6/0xb80\n[ 66.703974] ? mark_held_locks+0x9e/0xe0\n[ 66.703974] ? try_to_del_timer_sync+0xf0/0xf0\n[ 66.703974] ? lockdep_hardirqs_on_prepare+0x17b/0x410\n[ 66.703974] ? queue_work_on+0x61/0x80\n[ 66.703974] ? lockdep_hardirqs_on+0xbf/0x130\n[ 66.703974] process_one_work+0x8bb/0x1510\n[ 66.703974] ? lockdep_hardirqs_on_prepare+0x410/0x410\n[ 66.703974] ? pwq_dec_nr_in_flight+0x230/0x230\n[ 66.703974] ? rwlock_bug.part.0+0x90/0x90\n[ 66.703974] ? _raw_spin_lock_irq+0x41/0x50\n[ 66.703974] worker_thread+0x575/0x1190\n[ 66.703974] ? process_one_work+0x1510/0x1510\n[ 66.703974] kthread+0x2a0/0x340\n[ 66.703974] ? kthread_complete_and_exit+0x20/0x20\n[ 66.703974] ret_from_fork+0x22/0x30\n[ 66.703974] \u003c/TASK\u003e\n[ 66.703974]\n[ 66.703974] Allocated by task 267:\n[ 66.703974] kasan_save_stack+0x1e/0x40\n[ 66.703974] __kasan_kmalloc+0x81/0xa0\n[ 66.703974] nci_allocate_device+0xd3/0x390\n[ 66.703974] nfcmrvl_nci_register_dev+0x183/0x2c0\n[ 66.703974] nfcmrvl_nci_uart_open+0xf2/0x1dd\n[ 66.703974] nci_uart_tty_ioctl+0x2c3/0x4a0\n[ 66.703974] tty_ioctl+0x764/0x1310\n[ 66.703974] __x64_sys_ioctl+0x122/0x190\n[ 66.703974] do_syscall_64+0x3b/0x90\n[ 66.703974] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 66.703974]\n[ 66.703974] Freed by task 406:\n[ 66.703974] kasan_save_stack+0x1e/0x40\n[ 66.703974] kasan_set_track+0x21/0x30\n[ 66.703974] kasan_set_free_info+0x20/0x30\n[ 66.703974] __kasan_slab_free+0x108/0x170\n[ 66.703974] kfree+0xb0/0x330\n[ 66.703974] nfcmrvl_nci_unregister_dev+0x90/0xd0\n[ 66.703974] nci_uart_tty_close+0xdf/0x180\n[ 66.703974] tty_ldisc_kill+0x73/0x110\n[ 66.703974] tty_ldisc_hangup+0x281/0x5b0\n[ 66.703974] __tty_hangup.part.0+0x431/0x890\n[ 66.703974] tty_release+0x3a8/0xc80\n[ 66.703974] __fput+0x1f0/0x8c0\n[ 66.703974] task_work_run+0xc9/0x170\n[ 66.703974] exit_to_user_mode_prepare+0x194/0x1a0\n[ 66.703974] syscall_exit_to_user_mode+0x19/0x50\n[ 66.703974] do_syscall_64+0x48/0x90\n[ 66.703974] entry_SYSCALL_64_after_hwframe+0x44/0x\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:28:51.756Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7d3232214ca4ea8f7d18df264c3b254aa8089d7f"
},
{
"url": "https://git.kernel.org/stable/c/9d243aff5f7e6b04e907c617426bbdf26e996ac8"
},
{
"url": "https://git.kernel.org/stable/c/1a1748d0dd0f0a98535c6baeef671c8722107639"
},
{
"url": "https://git.kernel.org/stable/c/5c63ad2b0a267a524c12c88acb1ba9c2d109a801"
},
{
"url": "https://git.kernel.org/stable/c/67677050cecbe0edfdd81cd508415e9636ba7c65"
},
{
"url": "https://git.kernel.org/stable/c/9ded5ae40f4fe37fcc28f36d76bf45df20be5432"
},
{
"url": "https://git.kernel.org/stable/c/edd4600120641e1714e30112e69a548cfb68e067"
},
{
"url": "https://git.kernel.org/stable/c/ef27324e2cb7bb24542d6cb2571740eefe6b00dc"
}
],
"title": "nfc: nci: add flush_workqueue to prevent uaf",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49059",
"datePublished": "2025-02-26T01:54:29.819Z",
"dateReserved": "2025-02-26T01:49:39.243Z",
"dateUpdated": "2025-05-04T08:28:51.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49551 (GCVE-0-2022-49551)
Vulnerability from cvelistv5
Published
2025-02-26 02:14
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: isp1760: Fix out-of-bounds array access
Running the driver through kasan gives an interesting splat:
BUG: KASAN: global-out-of-bounds in isp1760_register+0x180/0x70c
Read of size 20 at addr f1db2e64 by task swapper/0/1
(...)
isp1760_register from isp1760_plat_probe+0x1d8/0x220
(...)
This happens because the loop reading the regmap fields for the
different ISP1760 variants look like this:
for (i = 0; i < HC_FIELD_MAX; i++) { ... }
Meaning it expects the arrays to be at least HC_FIELD_MAX - 1 long.
However the arrays isp1760_hc_reg_fields[], isp1763_hc_reg_fields[],
isp1763_hc_volatile_ranges[] and isp1763_dc_volatile_ranges[] are
dynamically sized during compilation.
Fix this by putting an empty assignment to the [HC_FIELD_MAX]
and [DC_FIELD_MAX] array member at the end of each array.
This will make the array one member longer than it needs to be,
but avoids the risk of overwriting whatever is inside
[HC_FIELD_MAX - 1] and is simple and intuitive to read. Also
add comments explaining what is going on.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:37:19.759163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:39.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/isp1760/isp1760-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bf2558bbdce3ab1d6bcba09f354914e4515d0a2b",
"status": "affected",
"version": "1da9e1c06873350c99ba49a052f92de85f2c69f2",
"versionType": "git"
},
{
"lessThan": "47d39cb57e8669e507d17d9e0d067d2b3e3a87ae",
"status": "affected",
"version": "1da9e1c06873350c99ba49a052f92de85f2c69f2",
"versionType": "git"
},
{
"lessThan": "463bddd3ff1acf4036ddb80c34a715eb99debf46",
"status": "affected",
"version": "1da9e1c06873350c99ba49a052f92de85f2c69f2",
"versionType": "git"
},
{
"lessThan": "26ae2c942b5702f2e43d36b2a4389cfb7d616b6a",
"status": "affected",
"version": "1da9e1c06873350c99ba49a052f92de85f2c69f2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/isp1760/isp1760-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: isp1760: Fix out-of-bounds array access\n\nRunning the driver through kasan gives an interesting splat:\n\n BUG: KASAN: global-out-of-bounds in isp1760_register+0x180/0x70c\n Read of size 20 at addr f1db2e64 by task swapper/0/1\n (...)\n isp1760_register from isp1760_plat_probe+0x1d8/0x220\n (...)\n\nThis happens because the loop reading the regmap fields for the\ndifferent ISP1760 variants look like this:\n\n for (i = 0; i \u003c HC_FIELD_MAX; i++) { ... }\n\nMeaning it expects the arrays to be at least HC_FIELD_MAX - 1 long.\n\nHowever the arrays isp1760_hc_reg_fields[], isp1763_hc_reg_fields[],\nisp1763_hc_volatile_ranges[] and isp1763_dc_volatile_ranges[] are\ndynamically sized during compilation.\n\nFix this by putting an empty assignment to the [HC_FIELD_MAX]\nand [DC_FIELD_MAX] array member at the end of each array.\nThis will make the array one member longer than it needs to be,\nbut avoids the risk of overwriting whatever is inside\n[HC_FIELD_MAX - 1] and is simple and intuitive to read. Also\nadd comments explaining what is going on."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:22.041Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bf2558bbdce3ab1d6bcba09f354914e4515d0a2b"
},
{
"url": "https://git.kernel.org/stable/c/47d39cb57e8669e507d17d9e0d067d2b3e3a87ae"
},
{
"url": "https://git.kernel.org/stable/c/463bddd3ff1acf4036ddb80c34a715eb99debf46"
},
{
"url": "https://git.kernel.org/stable/c/26ae2c942b5702f2e43d36b2a4389cfb7d616b6a"
}
],
"title": "usb: isp1760: Fix out-of-bounds array access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49551",
"datePublished": "2025-02-26T02:14:01.196Z",
"dateReserved": "2025-02-26T02:08:31.590Z",
"dateUpdated": "2025-10-01T19:46:39.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49118 (GCVE-0-2022-49118)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: hisi_sas: Free irq vectors in order for v3 HW
If the driver probe fails to request the channel IRQ or fatal IRQ, the
driver will free the IRQ vectors before freeing the IRQs in free_irq(),
and this will cause a kernel BUG like this:
------------[ cut here ]------------
kernel BUG at drivers/pci/msi.c:369!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Call trace:
free_msi_irqs+0x118/0x13c
pci_disable_msi+0xfc/0x120
pci_free_irq_vectors+0x24/0x3c
hisi_sas_v3_probe+0x360/0x9d0 [hisi_sas_v3_hw]
local_pci_probe+0x44/0xb0
work_for_cpu_fn+0x20/0x34
process_one_work+0x1d0/0x340
worker_thread+0x2e0/0x460
kthread+0x180/0x190
ret_from_fork+0x10/0x20
---[ end trace b88990335b610c11 ]---
So we use devm_add_action() to control the order in which we free the
vectors.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/hisi_sas/hisi_sas_v3_hw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "224903cc60d045576393c3b16907742f23e6c740",
"status": "affected",
"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
"versionType": "git"
},
{
"lessThan": "f05a0d8de2ea49af36821a20b0b501e20ced937e",
"status": "affected",
"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
"versionType": "git"
},
{
"lessThan": "8b6eab9d683bae7f88dc894b8c851f866032301c",
"status": "affected",
"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
"versionType": "git"
},
{
"lessThan": "b4cc04fa8f1fc3816c8494d77abab3f72b9d2292",
"status": "affected",
"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
"versionType": "git"
},
{
"lessThan": "554fb72ee34f4732c7f694f56c3c6e67790352a0",
"status": "affected",
"version": "47caad1577cd7a39e2048c5e4edbce4b863dc12b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/hisi_sas/hisi_sas_v3_hw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.5"
},
{
"lessThan": "4.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Free irq vectors in order for v3 HW\n\nIf the driver probe fails to request the channel IRQ or fatal IRQ, the\ndriver will free the IRQ vectors before freeing the IRQs in free_irq(),\nand this will cause a kernel BUG like this:\n\n------------[ cut here ]------------\nkernel BUG at drivers/pci/msi.c:369!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP\nCall trace:\n free_msi_irqs+0x118/0x13c\n pci_disable_msi+0xfc/0x120\n pci_free_irq_vectors+0x24/0x3c\n hisi_sas_v3_probe+0x360/0x9d0 [hisi_sas_v3_hw]\n local_pci_probe+0x44/0xb0\n work_for_cpu_fn+0x20/0x34\n process_one_work+0x1d0/0x340\n worker_thread+0x2e0/0x460\n kthread+0x180/0x190\n ret_from_fork+0x10/0x20\n---[ end trace b88990335b610c11 ]---\n\nSo we use devm_add_action() to control the order in which we free the\nvectors."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:16.543Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/224903cc60d045576393c3b16907742f23e6c740"
},
{
"url": "https://git.kernel.org/stable/c/f05a0d8de2ea49af36821a20b0b501e20ced937e"
},
{
"url": "https://git.kernel.org/stable/c/8b6eab9d683bae7f88dc894b8c851f866032301c"
},
{
"url": "https://git.kernel.org/stable/c/b4cc04fa8f1fc3816c8494d77abab3f72b9d2292"
},
{
"url": "https://git.kernel.org/stable/c/554fb72ee34f4732c7f694f56c3c6e67790352a0"
}
],
"title": "scsi: hisi_sas: Free irq vectors in order for v3 HW",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49118",
"datePublished": "2025-02-26T01:55:00.169Z",
"dateReserved": "2025-02-26T01:49:39.263Z",
"dateUpdated": "2025-05-04T08:30:16.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49121 (GCVE-0-2022-49121)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm8001: Fix tag leaks on error
In pm8001_chip_set_dev_state_req(), pm8001_chip_fw_flash_update_req(),
pm80xx_chip_phy_ctl_req() and pm8001_chip_reg_dev_req() add missing calls
to pm8001_tag_free() to free the allocated tag when pm8001_mpi_build_cmd()
fails.
Similarly, in pm8001_exec_internal_task_abort(), if the chip ->task_abort
method fails, the tag allocated for the abort request task must be
freed. Add the missing call to pm8001_tag_free().
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/pm8001/pm8001_hwi.c",
"drivers/scsi/pm8001/pm8001_sas.c",
"drivers/scsi/pm8001/pm80xx_hwi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a0bb65eadbf942024226241d9d99fed17168940b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "43c617eefab7077d69f5989ad3e2a273da1d728b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bdc74815f1c39905054b7d47399e0260b201b14d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9cc72bcc1c096ed42c91646f130d4b4191580a4c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4c8f04b1905cd4b776d0b720463c091545478ef7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/pm8001/pm8001_hwi.c",
"drivers/scsi/pm8001/pm8001_sas.c",
"drivers/scsi/pm8001/pm80xx_hwi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.111",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm8001: Fix tag leaks on error\n\nIn pm8001_chip_set_dev_state_req(), pm8001_chip_fw_flash_update_req(),\npm80xx_chip_phy_ctl_req() and pm8001_chip_reg_dev_req() add missing calls\nto pm8001_tag_free() to free the allocated tag when pm8001_mpi_build_cmd()\nfails.\n\nSimilarly, in pm8001_exec_internal_task_abort(), if the chip -\u003etask_abort\nmethod fails, the tag allocated for the abort request task must be\nfreed. Add the missing call to pm8001_tag_free()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:30:20.626Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a0bb65eadbf942024226241d9d99fed17168940b"
},
{
"url": "https://git.kernel.org/stable/c/43c617eefab7077d69f5989ad3e2a273da1d728b"
},
{
"url": "https://git.kernel.org/stable/c/bdc74815f1c39905054b7d47399e0260b201b14d"
},
{
"url": "https://git.kernel.org/stable/c/9cc72bcc1c096ed42c91646f130d4b4191580a4c"
},
{
"url": "https://git.kernel.org/stable/c/4c8f04b1905cd4b776d0b720463c091545478ef7"
}
],
"title": "scsi: pm8001: Fix tag leaks on error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49121",
"datePublished": "2025-02-26T01:55:01.671Z",
"dateReserved": "2025-02-26T01:49:39.264Z",
"dateUpdated": "2025-05-04T08:30:20.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49239 (GCVE-0-2022-49239)
Vulnerability from cvelistv5
Published
2025-02-26 01:56
Modified
2025-10-01 19:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
This is similar to commit 64b92de9603f
("ASoC: wcd9335: fix a leaked reference by adding missing of_node_put")
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:45:52.621969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:02.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/wcd934x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1f24716e38220fc9e52e208d20591d2bc9b7f020",
"status": "affected",
"version": "a61f3b4f476eceb25274161e5a53a8d18e42610b",
"versionType": "git"
},
{
"lessThan": "2f44eca78cc6d4e1779eb95765ec79e433accab4",
"status": "affected",
"version": "a61f3b4f476eceb25274161e5a53a8d18e42610b",
"versionType": "git"
},
{
"lessThan": "f3793eeb7b94a5eeed6f5c7a44bce403c6681a12",
"status": "affected",
"version": "a61f3b4f476eceb25274161e5a53a8d18e42610b",
"versionType": "git"
},
{
"lessThan": "f8e89d84ea83c51ba3ba97ff154f7aa679326760",
"status": "affected",
"version": "a61f3b4f476eceb25274161e5a53a8d18e42610b",
"versionType": "git"
},
{
"lessThan": "9531a631379169d57756b2411178c6238655df88",
"status": "affected",
"version": "a61f3b4f476eceb25274161e5a53a8d18e42610b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/wcd934x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\nThis is similar to commit 64b92de9603f\n(\"ASoC: wcd9335: fix a leaked reference by adding missing of_node_put\")"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:33:07.680Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f24716e38220fc9e52e208d20591d2bc9b7f020"
},
{
"url": "https://git.kernel.org/stable/c/2f44eca78cc6d4e1779eb95765ec79e433accab4"
},
{
"url": "https://git.kernel.org/stable/c/f3793eeb7b94a5eeed6f5c7a44bce403c6681a12"
},
{
"url": "https://git.kernel.org/stable/c/f8e89d84ea83c51ba3ba97ff154f7aa679326760"
},
{
"url": "https://git.kernel.org/stable/c/9531a631379169d57756b2411178c6238655df88"
}
],
"title": "ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49239",
"datePublished": "2025-02-26T01:56:02.220Z",
"dateReserved": "2025-02-26T01:49:39.294Z",
"dateUpdated": "2025-10-01T19:47:02.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49542 (GCVE-0-2022-49542)
Vulnerability from cvelistv5
Published
2025-02-26 02:13
Modified
2025-10-01 19:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()
In an attempt to log message 0126 with LOG_TRACE_EVENT, the following hard
lockup call trace hangs the system.
Call Trace:
_raw_spin_lock_irqsave+0x32/0x40
lpfc_dmp_dbg.part.32+0x28/0x220 [lpfc]
lpfc_cmpl_els_fdisc+0x145/0x460 [lpfc]
lpfc_sli_cancel_jobs+0x92/0xd0 [lpfc]
lpfc_els_flush_cmd+0x43c/0x670 [lpfc]
lpfc_els_flush_all_cmd+0x37/0x60 [lpfc]
lpfc_sli4_async_event_proc+0x956/0x1720 [lpfc]
lpfc_do_work+0x1485/0x1d70 [lpfc]
kthread+0x112/0x130
ret_from_fork+0x1f/0x40
Kernel panic - not syncing: Hard LOCKUP
The same CPU tries to claim the phba->port_list_lock twice.
Move the cfg_log_verbose checks as part of the lpfc_printf_vlog() and
lpfc_printf_log() macros before calling lpfc_dmp_dbg(). There is no need
to take the phba->port_list_lock within lpfc_dmp_dbg().
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:37:35.607576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:40.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_init.c",
"drivers/scsi/lpfc/lpfc_logmsg.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "271725e4028559ae7974d762a8467dc9de412f2e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cc6501afccec55b8b6c90584cbf71f1fefa77d1e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "09c772557a4fd9490fed1bfb133268313ea22213",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e294647b1aed4247fe52851f3a3b2b19ae906228",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_init.c",
"drivers/scsi/lpfc/lpfc_logmsg.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()\n\nIn an attempt to log message 0126 with LOG_TRACE_EVENT, the following hard\nlockup call trace hangs the system.\n\nCall Trace:\n _raw_spin_lock_irqsave+0x32/0x40\n lpfc_dmp_dbg.part.32+0x28/0x220 [lpfc]\n lpfc_cmpl_els_fdisc+0x145/0x460 [lpfc]\n lpfc_sli_cancel_jobs+0x92/0xd0 [lpfc]\n lpfc_els_flush_cmd+0x43c/0x670 [lpfc]\n lpfc_els_flush_all_cmd+0x37/0x60 [lpfc]\n lpfc_sli4_async_event_proc+0x956/0x1720 [lpfc]\n lpfc_do_work+0x1485/0x1d70 [lpfc]\n kthread+0x112/0x130\n ret_from_fork+0x1f/0x40\nKernel panic - not syncing: Hard LOCKUP\n\nThe same CPU tries to claim the phba-\u003eport_list_lock twice.\n\nMove the cfg_log_verbose checks as part of the lpfc_printf_vlog() and\nlpfc_printf_log() macros before calling lpfc_dmp_dbg(). There is no need\nto take the phba-\u003eport_list_lock within lpfc_dmp_dbg()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:40:10.611Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/271725e4028559ae7974d762a8467dc9de412f2e"
},
{
"url": "https://git.kernel.org/stable/c/cc6501afccec55b8b6c90584cbf71f1fefa77d1e"
},
{
"url": "https://git.kernel.org/stable/c/09c772557a4fd9490fed1bfb133268313ea22213"
},
{
"url": "https://git.kernel.org/stable/c/e294647b1aed4247fe52851f3a3b2b19ae906228"
}
],
"title": "scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49542",
"datePublished": "2025-02-26T02:13:56.961Z",
"dateReserved": "2025-02-26T02:08:31.589Z",
"dateUpdated": "2025-10-01T19:46:40.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…