CVE-2022-49364

CVE-2022-49364 : In the Linux kernel, a f2fs inode eviction bug was fixed. The root cause is that the inode node and the dnode share the same nid, causing dnode truncation to invalidate the NAT entry during f2fs_evict_inode() and leaving the inode marked dirty. The fix clears the dirty flag on th...

CVE-2022-49316

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr. The...

CVE-2021-47659

CVE-2021-47659 affects the Linux kernel DRM plane path. The vulnerability arises because the range check for format_count is performed late in __drm_universal_plane_init(); if format_count > 64 yields a WARN_ON, it can leak the plane->format_types array and skip drm_mode_object_unregister()...

CVE-2022-49287

CVE-2022-49287 concerns a Linux kernel refcount issue in tpm_chip handling that can trigger a use-after-free when interacting with TPM devices. The description details a sequence where a TPM command is written to /dev/tpmrm after unloading tpm_tis_spi, causing a refcount warning: refcount_t: addi...

CVE-2022-49288 ALSA: pcm: Fix races among concurrent prealloc proc writes

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the...

CVE-2022-49244 ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192mt6359devprobe The devicenode pointer is returned by ofparsephandle with refcount incremented. We should use ofnodeput on it when done. This function only calls ofnodeput...

CVE-2022-49201 ibmvnic: fix race between xmit and reset

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnicxmit accessing an scrq after it has been freed in the reset path. It can result in a crash like: Kernel attempt...

CVE-2022-49198 mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix crash due to tcptsortedanchor was initialized before release skb Got crash when doing pressure test of mptcp: =========================================================================== dstrelease: dst:ffffa06ce6e5c058...

CVE-2022-49192

In the Linux kernel, the following vulnerability has been resolved: drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool cpswethtoolbegin directly returns the result of pmruntimegetsync when successful. pmruntimegetsync returns -error code on failure and 0 on successful...

CVE-2022-49180 LSM: general protection fault in legacy_parse_param

In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular...

CVE-2022-49180

In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular...

CVE-2022-49170

CVE-2022-49170 concerns the F2FS implementation in the Linux kernel. The root cause was a missing sanity check on curseg->alloc_type, which could widen an array-bounds access of sbi->block_count[] (UBSAN: array-index-out-of-bounds) when mounting/operating a corrupted image. The issue manife...

CVE-2022-49167

The CVE-2022-49167 entry concerns a Linux kernel issue in btrfs where the compression path could cause a bio to be completed twice on error. The connected documents describe the root cause as the path that handles compressed reads potentially ending the bio both in the compression path and again ...

CVE-2022-49161 ASoC: mediatek: Fix error handling in mt8183_da7219_max98357_dev_probe

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8183da7219max98357devprobe The devicenode pointer is returned by ofparsephandle with refcount incremented. We should use ofnodeput on it when done. This function only calls ofnodeput in the...

CVE-2022-49158

CVE-2022-49158 affects the Linux kernel SCSI driver qla2xxx. The issue is a warning generated when adisc is flushed, where an error code type did not match the expected type. The fix adds translation between error code types to avoid the warning (no documented exploit). The connected advisories c...

CVE-2022-49156

The CVE-2022-49156 entry corresponds to a Linux kernel vulnerability in scsi: qla2xxx where a call into midlayer (fc_remote_port_delete) could sleep in interrupt context, causing a crash via scheduling while atomic. The fix schedules the call in non-interrupt context to avoid sleeping while atomi...

CVE-2022-49154

The CVE-2022-49154 entry is validated by connected advisories describing a Linux kernel KVM SVM issue: an out-of-bounds guest IRQ in svm_update_pi_irte() could crash when guest_irq comes via KVM_IRQFD. The root cause is an out-of-bounds access that could trigger a crash; the mitigation is a kerne...

CVE-2022-49143

...

CVE-2022-49134

Technical details about CVE-2022-49134 are not publicly provided in the supplied documents; no affected products/versions/fixes are specified here. Monitor for updates.

CVE-2022-49102 habanalabs: fix possible memory leak in MMU DR fini

In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix possible memory leak in MMU DR fini This patch fixes what seems to be copy paste error. We will have a memory leak if the host-resident shadow is NULL which will likely happen as the DR and HR are not dependent...