https://vulnerability.circl.lu/sightings/feed 2026-05-04T09:48:06.285917+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/cf7160e6-2f2c-4b4f-8f19-98dc2ac9371f/export 2026-05-04T09:48:06.468442+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "cf7160e6-2f2c-4b4f-8f19-98dc2ac9371f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49289", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5431", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49289\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nuaccess: fix integer overflow on access_ok()\n\nThree architectures check the end of a user access against the\naddress limit without taking a possible overflow into account.\nPassing a negative length or another overflow in here returns\nsuccess when it should not.\n\nUse the most common correct implementation here, which optimizes\nfor a constant 'size' argument, and turns the common case into a\nsingle comparison.\n\ud83d\udccf Published: 2025-02-26T01:56:27.026Z\n\ud83d\udccf Modified: 2025-02-26T01:56:27.026Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/e65d28d4e9bf90a35ba79c06661a572a38391dec\n2. https://git.kernel.org/stable/c/99801e2f457824955da4aadaa035913a6dede03a\n3. https://git.kernel.org/stable/c/a1ad747fc1a0e06d1bf26b996ee8a56b5c8d02d8\n4. https://git.kernel.org/stable/c/222ca305c9fd39e5ed8104da25c09b2b79a516a8", "creation_timestamp": "2025-02-26T02:23:32.000000Z"} 2025-02-26T02:23:32+00:00 https://vulnerability.circl.lu/sighting/38318971-285d-48e7-8383-3c264900b15f/export 2026-05-04T09:48:06.468314+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "38318971-285d-48e7-8383-3c264900b15f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49288", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5432", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49288\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix races among concurrent prealloc proc writes\n\nWe have no protection against concurrent PCM buffer preallocation\nchanges via proc files, and it may potentially lead to UAF or some\nweird problem. This patch applies the PCM open_mutex to the proc\nwrite operation for avoiding the racy proc writes and the PCM stream\nopen (and further operations).\n\ud83d\udccf Published: 2025-02-26T01:56:26.550Z\n\ud83d\udccf Modified: 2025-02-26T01:56:26.550Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/e7786c445bb67a9a6e64f66ebd6b7215b153ff7d\n2. https://git.kernel.org/stable/c/e14dca613e0a6ddc2bf6e360f16936a9f865205b\n3. https://git.kernel.org/stable/c/37b12c16beb6f6c1c3c678c1aacbc46525c250f7\n4. https://git.kernel.org/stable/c/b560d670c87d7d40b3cf6949246fa4c7aa65a00a\n5. https://git.kernel.org/stable/c/51fce708ab8986a9879ee5da946a2cc120f1036d\n6. https://git.kernel.org/stable/c/a21d2f323b5a978dedf9ff1d50f101f85e39b3f2\n7. https://git.kernel.org/stable/c/5ed8f8e3c4e59d0396b9ccf2e639711e24295bb6\n8. https://git.kernel.org/stable/c/69534c48ba8ce552ce383b3dfdb271ffe51820c3", "creation_timestamp": "2025-02-26T02:23:33.000000Z"} 2025-02-26T02:23:33+00:00 https://vulnerability.circl.lu/sighting/0eddfbfa-a111-4457-ab1a-d23ddfbc2712/export 2026-05-04T09:48:06.468174+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "0eddfbfa-a111-4457-ab1a-d23ddfbc2712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49286", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5433", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49286\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: use try_get_ops() in tpm-space.c\n\nAs part of the series conversion to remove nested TPM operations:\n\nhttps://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/\n\nexposure of the chip->tpm_mutex was removed from much of the upper\nlevel code. In this conversion, tpm2_del_space() was missed. This\ndidn't matter much because it's usually called closely after a\nconverted operation, so there's only a very tiny race window where the\nchip can be removed before the space flushing is done which causes a\nNULL deref on the mutex. However, there are reports of this window\nbeing hit in practice, so fix this by converting tpm2_del_space() to\nuse tpm_try_get_ops(), which performs all the teardown checks before\nacquring the mutex.\n\ud83d\udccf Published: 2025-02-26T01:56:25.566Z\n\ud83d\udccf Modified: 2025-02-26T01:56:25.566Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/5b1d2561a03e534064b51c50c774657833d3d2cf\n2. https://git.kernel.org/stable/c/95193d12f10a8a088843b25e0f5fe1d83ec6b079\n3. https://git.kernel.org/stable/c/476ddd23f818fb94cf86fb5617f3bb9a7c92113d\n4. https://git.kernel.org/stable/c/eda1662cce964c8a65bb86321f8d9cfa6e9ceaab\n5. https://git.kernel.org/stable/c/ba84f9a48366dcc3cdef978599433efe101dd5bd\n6. https://git.kernel.org/stable/c/fb5abce6b2bb5cb3d628aaa63fa821da8c4600f9", "creation_timestamp": "2025-02-26T02:23:37.000000Z"} 2025-02-26T02:23:37+00:00 https://vulnerability.circl.lu/sighting/1eae9aa3-4697-42ca-8914-33d80bedfa08/export 2026-05-04T09:48:06.468044+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "1eae9aa3-4697-42ca-8914-33d80bedfa08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49285", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5434", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49285\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: mma8452: use the correct logic to get mma8452_data\n\nThe original logic to get mma8452_data is wrong, the *dev point to\nthe device belong to iio_dev. we can't use this dev to find the\ncorrect i2c_client. The original logic happen to work because it\nfinally use dev->driver_data to get iio_dev. Here use the API\nto_i2c_client() is wrong and make reader confuse. To correct the\nlogic, it should be like this\n\n struct mma8452_data *data = iio_priv(dev_get_drvdata(dev));\n\nBut after commit 8b7651f25962 (\"iio: iio_device_alloc(): Remove\nunnecessary self drvdata\"), the upper logic also can't work.\nWhen try to show the avialable scale in userspace, will meet kernel\ndump, kernel handle NULL pointer dereference.\n\nSo use dev_to_iio_dev() to correct the logic.\n\nDual fixes tags as the second reflects when the bug was exposed, whilst\nthe first reflects when the original bug was introduced.\n\ud83d\udccf Published: 2025-02-26T01:56:25.096Z\n\ud83d\udccf Modified: 2025-02-26T01:56:25.096Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/4c0bb583a4444cce224e8661090cbffc98e2fe07\n2. https://git.kernel.org/stable/c/d2d9ebdbff79d87d27652578e6d1638ad3b5f3bf\n3. https://git.kernel.org/stable/c/c87b7b12f48db86ac9909894f4dc0107d7df6375", "creation_timestamp": "2025-02-26T02:23:38.000000Z"} 2025-02-26T02:23:38+00:00 https://vulnerability.circl.lu/sighting/77aaa348-2ff9-4640-a41c-83ca64dd5549/export 2026-05-04T09:48:06.467934+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "77aaa348-2ff9-4640-a41c-83ca64dd5549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49283", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5436", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49283\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: sysfb: fix platform-device leak in error path\n\nMake sure to free the platform device also in the unlikely event that\nregistration fails.\n\ud83d\udccf Published: 2025-02-26T01:56:24.155Z\n\ud83d\udccf Modified: 2025-02-26T01:56:24.155Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/b3e38f939ab4d0d86f56bff3362c3f88c4b2ad32\n2. https://git.kernel.org/stable/c/bb7fcbe80a013dc883181dc818c407d38558f76c\n3. https://git.kernel.org/stable/c/fed4df558b8cdb6f3beea38a7c977f118f082b0d\n4. https://git.kernel.org/stable/c/202c08914ba50dd324e42d5ad99535a89f242560", "creation_timestamp": "2025-02-26T02:23:39.000000Z"} 2025-02-26T02:23:39+00:00 https://vulnerability.circl.lu/sighting/cc7aea76-00d3-4d7e-baef-17ba8655a0bd/export 2026-05-04T09:48:06.467760+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "cc7aea76-00d3-4d7e-baef-17ba8655a0bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49284", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5435", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49284\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: syscfg: Fix memleak on registration failure in cscfg_create_device\n\ndevice_register() calls device_initialize(),\naccording to doc of device_initialize:\n\n Use put_device() to give up your reference instead of freeing\n * @dev directly once you have called this function.\n\nTo prevent potential memleak, use put_device() for error handling.\n\ud83d\udccf Published: 2025-02-26T01:56:24.622Z\n\ud83d\udccf Modified: 2025-02-26T01:56:24.622Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/c61e2fc87f24cae4701f352fe9ecd4c5c143106c\n2. https://git.kernel.org/stable/c/a529af1f5a5c096f3e18f0d5a32cfcc3d82df1ec\n3. https://git.kernel.org/stable/c/412225b32986d5b11c3c1ad9234c50a3f5c52c76\n4. https://git.kernel.org/stable/c/cfa5dbcdd7aece76f3415284569f2f384aff0253", "creation_timestamp": "2025-02-26T02:23:39.000000Z"} 2025-02-26T02:23:39+00:00 https://vulnerability.circl.lu/sighting/8a771c2f-9389-46bb-bda1-07fd6c0335e6/export 2026-05-04T09:48:06.466351+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "8a771c2f-9389-46bb-bda1-07fd6c0335e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49282", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5437", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49282\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: quota: fix loop condition at f2fs_quota_sync()\n\ncnt should be passed to sb_has_quota_active() instead of type to check\nactive quota properly.\n\nMoreover, when the type is -1, the compiler with enough inline knowledge\ncan discard sb_has_quota_active() check altogether, causing a NULL pointer\ndereference at the following inode_lock(dqopt->files[cnt]):\n\n[ 2.796010] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0\n[ 2.796024] Mem abort info:\n[ 2.796025] ESR = 0x96000005\n[ 2.796028] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 2.796029] SET = 0, FnV = 0\n[ 2.796031] EA = 0, S1PTW = 0\n[ 2.796032] Data abort info:\n[ 2.796034] ISV = 0, ISS = 0x00000005\n[ 2.796035] CM = 0, WnR = 0\n[ 2.796046] user pgtable: 4k pages, 39-bit VAs, pgdp=00000003370d1000\n[ 2.796048] [00000000000000a0] pgd=0000000000000000, pud=0000000000000000\n[ 2.796051] Internal error: Oops: 96000005 [#1] PREEMPT SMP\n[ 2.796056] CPU: 7 PID: 640 Comm: f2fs_ckpt-259:7 Tainted: G S 5.4.179-arter97-r8-64666-g2f16e087f9d8 #1\n[ 2.796057] Hardware name: Qualcomm Technologies, Inc. Lahaina MTP lemonadep (DT)\n[ 2.796059] pstate: 80c00005 (Nzcv daif +PAN +UAO)\n[ 2.796065] pc : down_write+0x28/0x70\n[ 2.796070] lr : f2fs_quota_sync+0x100/0x294\n[ 2.796071] sp : ffffffa3f48ffc30\n[ 2.796073] x29: ffffffa3f48ffc30 x28: 0000000000000000\n[ 2.796075] x27: ffffffa3f6d718b8 x26: ffffffa415fe9d80\n[ 2.796077] x25: ffffffa3f7290048 x24: 0000000000000001\n[ 2.796078] x23: 0000000000000000 x22: ffffffa3f7290000\n[ 2.796080] x21: ffffffa3f72904a0 x20: ffffffa3f7290110\n[ 2.796081] x19: ffffffa3f77a9800 x18: ffffffc020aae038\n[ 2.796083] x17: ffffffa40e38e040 x16: ffffffa40e38e6d0\n[ 2.796085] x15: ffffffa40e38e6cc x14: ffffffa40e38e6d0\n[ 2.796086] x13: 00000000000004f6 x12: 00162c44ff493000\n[ 2.796088] x11: 0000000000000400 x10: ffffffa40e38c948\n[ 2.796090] x9 : 0000000000000000 x8 : 00000000000000a0\n[ 2.796091] x7 : 0000000000000000 x6 : 0000d1060f00002a\n[ 2.796093] x5 : ffffffa3f48ff718 x4 : 000000000000000d\n[ 2.796094] x3 : 00000000060c0000 x2 : 0000000000000001\n[ 2.796096] x1 : 0000000000000000 x0 : 00000000000000a0\n[ 2.796098] Call trace:\n[ 2.796100] down_write+0x28/0x70\n[ 2.796102] f2fs_quota_sync+0x100/0x294\n[ 2.796104] block_operations+0x120/0x204\n[ 2.796106] f2fs_write_checkpoint+0x11c/0x520\n[ 2.796107] __checkpoint_and_complete_reqs+0x7c/0xd34\n[ 2.796109] issue_checkpoint_thread+0x6c/0xb8\n[ 2.796112] kthread+0x138/0x414\n[ 2.796114] ret_from_fork+0x10/0x18\n[ 2.796117] Code: aa0803e0 aa1f03e1 52800022 aa0103e9 (c8e97d02)\n[ 2.796120] ---[ end trace 96e942e8eb6a0b53 ]---\n[ 2.800116] Kernel panic - not syncing: Fatal exception\n[ 2.800120] SMP: stopping secondary CPUs\n\ud83d\udccf Published: 2025-02-26T01:56:23.679Z\n\ud83d\udccf Modified: 2025-02-26T01:56:23.679Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/f1d5946d47c0827bae39e1537959ce8d6f0224c5\n2. https://git.kernel.org/stable/c/e58ee6bd939b773675240f5d0f5b88a367c037c4\n3. https://git.kernel.org/stable/c/f9156db0987f1b426015d56505e2c58dee70c90d\n4. https://git.kernel.org/stable/c/e9ebf1e8fc50b6a9336f9aea1082d7845e568d0e\n5. https://git.kernel.org/stable/c/724469814d805820cd37ea789769dba94123ff1a\n6. https://git.kernel.org/stable/c/680af5b824a52faa819167628665804a14f0e0df", "creation_timestamp": "2025-02-26T02:23:40.000000Z"} 2025-02-26T02:23:40+00:00 https://vulnerability.circl.lu/sighting/40de500b-9467-451e-b1c8-55fac2480af9/export 2026-05-04T09:48:06.466240+00:00 Alexandre Dulaunoy http://vulnerability.circl.lu/user/adulau {"uuid": "40de500b-9467-451e-b1c8-55fac2480af9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2022-49289", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} 2025-12-03T14:14:49.267740+00:00 https://vulnerability.circl.lu/sighting/98521444-80a4-450a-b461-0acf439482d6/export 2026-05-04T09:48:06.466072+00:00 Alexandre Dulaunoy http://vulnerability.circl.lu/user/adulau {"uuid": "98521444-80a4-450a-b461-0acf439482d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2022-49285", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} 2025-12-03T14:14:49.267740+00:00 https://vulnerability.circl.lu/sighting/157b7170-d696-4533-a132-842d3ccc1a83/export 2026-05-04T09:48:06.462922+00:00 Alexandre Dulaunoy http://vulnerability.circl.lu/user/adulau {"uuid": "157b7170-d696-4533-a132-842d3ccc1a83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2022-49281", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} 2025-12-03T14:14:49.267740+00:00