CVE-2022-49379

In CVE-2022-49379, the Linux kernel suffers a regression in driver core wait_for_device_probe() interaction with deferred_probe_timeout, causing NFS rootfs mounting to time out when deferred_probe_timeout is non-zero. The root cause was that ip_auto_config() waited for current deferred probes, bu...

CVE-2022-49379 driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix waitfordeviceprobe & deferredprobetimeout interaction Mounting NFS rootfs was timing out when deferredprobetimeout was non-zero 1. This was because ipautoconfig initcall times out waiting for the network interfac...

CVE-2022-49379

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix waitfordeviceprobe & deferredprobetimeout interaction Mounting NFS rootfs was timing out when deferredprobetimeout was non-zero 1. This was because ipautoconfig initcall times out waiting for the network interfac...

CVE-2022-49311 drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()

In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192bs: Fix deadlock in rtwjoinbsseventprehandle There is a deadlock in rtwjoinbsseventprehandle, which is shown below: Thread 1 | Thread 2 | settimer rtwjoinbsseventprehandle| modtimer spinlockbh //1 | wait ...

CVE-2022-49297 nbd: fix io hung while disconnecting device

In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for more than 368 seconds. Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca 884 "echo 0...

CVE-2022-49173 spi: fsi: Implement a timeout for polling status

In the Linux kernel, the following vulnerability has been resolved: spi: fsi: Implement a timeout for polling status The data transfer routines must poll the status register to determine when more data can be shifted in or out. If the hardware gets into a bad state, these polling loops may never...

CVE-2022-49173

In the Linux kernel, CVE-2022-49173 affects the SPI FSI path where data transfer routines poll a status register and may hang if a hardware bad state occurs. The fix adds a timeout to polling and returns an error when exceeded, preventing infinite loops. Affected component: spi: fsi in the Linux ...

CVE-2022-49173

In the Linux kernel, the following vulnerability has been resolved: spi: fsi: Implement a timeout for polling status The data transfer routines must poll the status register to determine when more data can be shifted in or out. If the hardware gets into a bad state, these polling loops may never...

CVE-2022-49173 spi: fsi: Implement a timeout for polling status

In the Linux kernel, the following vulnerability has been resolved: spi: fsi: Implement a timeout for polling status The data transfer routines must poll the status register to determine when more data can be shifted in or out. If the hardware gets into a bad state, these polling loops may never...

CVE-2022-49159 scsi: qla2xxx: Implement ref count for SRB

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement ref count for SRB The timeout handler and the done function are racing. When qla2x00asynciocbtimeout starts to run it can be preempted by the normal response path via the firmware?. qla24xxasyncgpscspdone...

CVE-2022-49159 scsi: qla2xxx: Implement ref count for SRB

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement ref count for SRB The timeout handler and the done function are racing. When qla2x00asynciocbtimeout starts to run it can be preempted by the normal response path via the firmware?. qla24xxasyncgpscspdone...

CVE-2022-49159

CVE-2022-49159 affects the Linux kernel SCSI driver qla2xxx (SRB refcounting). The issue arises from a race between the timeout path and the normal completion path, where qla24xx_async_abort_cmd() could access a freed sp->qpair pointer, risking a kernel NULL pointer dereference. The documented...

CVE-2022-49159

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement ref count for SRB The timeout handler and the done function are racing. When qla2x00asynciocbtimeout starts to run it can be preempted by the normal response path via the firmware?. qla24xxasyncgpscspdone...

CVE-2022-49123

In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: 25393.301506 ath11kpci 0000:01:00.0: failed to flush mgmt transmit queue 0 kernel: 25398.421509 ath11kpci 0000:01:00.0: failed to flush mgm...

CVE-2022-49057

The CVE-2022-49057 issue occurs in the Linux kernel’s block/null_blk path where a timed-out poll request is removed from the poll list but not completed, causing a leak and preventing completion. The vulnerability is triggered when a poll request times out and is not finalized, leaving it in an i...

CVE-2022-49057 block: null_blk: end timed out poll request

In the Linux kernel, the following vulnerability has been resolved: block: nullblk: end timed out poll request When poll request is timed out, it is removed from the poll list, but not completed, so the request is leaked, and never get chance to complete. Fix the issue by ending it in timeout...

CVE-2022-49057 block: null_blk: end timed out poll request

In the Linux kernel, the following vulnerability has been resolved: block: nullblk: end timed out poll request When poll request is timed out, it is removed from the poll list, but not completed, so the request is leaked, and never get chance to complete. Fix the issue by ending it in timeout...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue with the interaction of the waitfordeviceprobe function with deferredprobetimeout, which results in...

Red Hat Quarkus 安全漏洞

Red Hat Quarkus is a wireless network from Red Hat, Inc. for optimizing Java specifically for containers and making it an efficient platform for serverless, cloud, and Kubernetes environments. A security vulnerability exists in Red Hat Quarkus that stems from a memory leak caused by a client...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. ctl is a tool of the FreeBSD Foundation . Provides SCSI target device emulation. A security vulnerability exists in Linux kernel that stems from the presence of data...