CVE-2022-50147

CVE-2022-50147 refers to a Linux kernel memory policy bug: mm/mempolicy get_nodes can access the nmask array out of bounds when a user specifies more nodes than supported. The issue is resolved in the Linux kernel (patches referenced), with CVSSv3.1 base score 7.1 (HIGH), local access, low privil...

SUSE CVE-2022-49567

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix uninit-value in mpolrebindpolicy mpolsetnodemaskmm/mempolicy.c does not set up nodemask when pol-mode is MPOLLOCAL. Check pol-mode before access pol-w.cpusetmemsallowed in mpolrebindpolicymm/mempolicy.c. BUG:...

CVE-2022-49567

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix uninit-value in mpolrebindpolicy mpolsetnodemaskmm/mempolicy.c does not set up nodemask when pol-mode is MPOLLOCAL. Check pol-mode before access pol-w.cpusetmemsallowed in mpolrebindpolicymm/mempolicy.c. BUG:...

kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c

An out-of-bounds write flaw was found in the Linux kernel. An empty nodelist in mempolicy.c is mishandled durig mount option parsing leading to a stack-based out-of-bounds write. The highest threat from this vulnerability is to system availability...

kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...