EUVD-2022-54880

In the Linux kernel, the following vulnerability has been resolved: ext4: filter out EXT4FCREPLAY from on-disk superblock field sstate The EXT4FCREPLAY bit in sbi-smountstate is used to indicate that we are in the middle of replay the fast commit journal. This was actually a mistake, since the...

EUVD-2022-54887

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog-jitedlen along prog-jited syzbot reported an illegal copytouser attempt from bpfproggetinfobyfd 1 There was no repro yet on this bug, but I think that commit 0aef499f3172 "mm/usercopy: Detect vmalloc...

EUVD-2022-54890

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules CT cleanup assumes that all tc rules were deleted first, and so is free to delete the CT shared resources e.g the draction fwdaction which is shared for all tuples. B...

EUVD-2022-54866

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on block address in f2fsdozerorange As Yanming reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215894 I have encountered a bug in F2FS file system in kernel v5.17. I have uploaded the...

EUVD-2022-54933

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: initialize registers in nftdochain Initialize registers to avoid stack leak into userspace...

EUVD-2022-54957

In the Linux kernel, the following vulnerability has been resolved: can: isotp: sanitize CAN ID checks in isotpbind Syzbot created an environment that lead to a state machine status that can not be reached with a compliant CAN ID address configuration. The provided address information consisted o...

EUVD-2022-54966

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - fix the aead software fallback for engine Due to the subreq pointer misuse the private context memory. The aead soft crypto occasionally casues the OS panic as setting the 64K page. Here is fix it...

EUVD-2022-54961

In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fix sleep-in-atomic bug caused by genpddebugremove When a genpd with GENPDFLAGIRQSAFE gets removed, the following sleep-in-atomic bug will be seen, as genpddebugremove will be called with a spinlock being held...

EUVD-2022-54979

In the Linux kernel, the following vulnerability has been resolved: media: stk1160: If start stream fails, return buffers with VB2BUFSTATEQUEUED If the callback 'startstreaming' fails, then all queued buffers in the driver should be returned with state 'VB2BUFSTATEQUEUED'. Currently, they are...

EUVD-2022-54919

In the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke the sysfs such as stateshow intermittently before devsetdrvdata is done. And it can be a cause of kernel Oops because of edev is Nu...

EUVD-2022-54967

In the Linux kernel, the following vulnerability has been resolved: block: don't delete queue kobject before its children kobjects aren't supposed to be deleted before their child kobjects are deleted. Apparently this is usually benign; however, a WARN will be triggered if one of the child kobjec...

EUVD-2022-54997

In the Linux kernel, the following vulnerability has been resolved: ptp: unregister virtual clocks when unregistering physical clock. When unregistering a physical clock which has some virtual clocks, unregister the virtual clocks with it. This fixes the following oops, which can be triggered by...

EUVD-2022-55032

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Use stronger register read/writes to assure ordering GCC12 appears to be much smarter about its dependency tracking and is aware that the relaxed variants are just normal loads and stores and this is causing proble...

EUVD-2022-55027

In the Linux kernel, the following vulnerability has been resolved: RDMA/nldev: Prevent underflow in nldevstatsetcounterdynamicdoit This code checks "index" for an upper bound but it does not check for negatives. Change the type to unsigned to prevent underflows...

EUVD-2022-55022

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix more uncharged while msg has moredata In tcpbpfsendverdict, if msg has more data after tcpbpfsendmsgredir: tcpbpfsendverdict tosend = msg-sg.size //msg-sg.size = 22220 case SKREDIRECT: skmsgreturn //uncharged...

EUVD-2022-55006

In the Linux kernel, the following vulnerability has been resolved: dax: make sure inodes are flushed before destroy cache A bug can be triggered by following command $ modprobe ndpmem && modprobe -r ndpmem 10.060014 BUG daxcache Not tainted: Objects remaining in daxcache on kmemcacheshutdown...

EUVD-2022-55009

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xxsendabortall, the nelem field of the ccb used is not initialized to 0. This missing initialization sometimes lead to the task completion path seeing the ccb with a non-zero...

EUVD-2022-55034

In the Linux kernel, the following vulnerability has been resolved: drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool cpswethtoolbegin directly returns the result of pmruntimegetsync when successful. pmruntimegetsync returns -error code on failure and 0 on successful...

EUVD-2022-55037

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a requirement on certain newer platforms to support M/N as 2/3 and the final D value calculated results in underflow errors. As the curren...

EUVD-2022-55063

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: sm712fb: Fix crash in smtcfbwrite When the sm712fb driver writes three bytes to the framebuffer, the driver will crash: BUG: unable to handle page fault for address: ffffc90001ffffff RIP: 0010:smtcfbwrite+0x454/0x5b...