https://vulnerability.circl.lu/sightings/feed 2026-05-06T08:54:05.307490+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/a373d950-be4f-4716-af01-0a5838e2d969/export 2026-05-06T08:54:05.517182+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "a373d950-be4f-4716-af01-0a5838e2d969", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49295", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5422", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49295\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: call genl_unregister_family() first in nbd_cleanup()\n\nOtherwise there may be race between module removal and the handling of\nnetlink command, which can lead to the oops as shown below:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000098\n Oops: 0002 [#1] SMP PTI\n CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n RIP: 0010:down_write+0x1a/0x50\n Call Trace:\n start_creating+0x89/0x130\n debugfs_create_dir+0x1b/0x130\n nbd_start_device+0x13d/0x390 [nbd]\n nbd_genl_connect+0x42f/0x748 [nbd]\n genl_family_rcv_msg_doit.isra.0+0xec/0x150\n genl_rcv_msg+0xe5/0x1e0\n netlink_rcv_skb+0x55/0x100\n genl_rcv+0x29/0x40\n netlink_unicast+0x1a8/0x250\n netlink_sendmsg+0x21b/0x430\n ____sys_sendmsg+0x2a4/0x2d0\n ___sys_sendmsg+0x81/0xc0\n __sys_sendmsg+0x62/0xb0\n __x64_sys_sendmsg+0x1f/0x30\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n Modules linked in: nbd(E-)\n\ud83d\udccf Published: 2025-02-26T02:01:25.659Z\n\ud83d\udccf Modified: 2025-02-26T02:01:25.659Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/8a1435c862ea09b06be7acda325128dc08458e25\n2. https://git.kernel.org/stable/c/013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c\n3. https://git.kernel.org/stable/c/1be608e1ee1f222464b2856bda9b85ab5184a33e\n4. https://git.kernel.org/stable/c/c0868f6e728c3c28bef0e8bee89d2daf86a8bbca\n5. https://git.kernel.org/stable/c/cbeafa7a79d08ecdb55f8f1d41a11323d0f709db\n6. https://git.kernel.org/stable/c/6f505bbb8063fd3a238a4239d2d8c165e5279f6f\n7. https://git.kernel.org/stable/c/3d5da1ffba3388c2ae2e6c598855a4d887d3bf79\n8. https://git.kernel.org/stable/c/06c4da89c24e7023ea448cadf8e9daf06a0aae6e", "creation_timestamp": "2025-02-26T02:23:19.000000Z"} 2025-02-26T02:23:19+00:00 https://vulnerability.circl.lu/sighting/8050e288-8ab0-463d-b0c0-9c34da189620/export 2026-05-06T08:54:05.517072+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "8050e288-8ab0-463d-b0c0-9c34da189620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49294", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5423", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49294\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check if modulo is 0 before dividing.\n\n[How & Why]\nIf a value of 0 is read, then this will cause a divide-by-0 panic.\n\ud83d\udccf Published: 2025-02-26T02:01:25.159Z\n\ud83d\udccf Modified: 2025-02-26T02:01:25.159Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/10ef82d6e0af5536ec64770c07f6bbabfdd6977c\n2. https://git.kernel.org/stable/c/96725758eff7b3805e4e94d1443a100757412720\n3. https://git.kernel.org/stable/c/07efce8269a038c37814eb656b4de14aa3015fc6\n4. https://git.kernel.org/stable/c/49947b906a6bd9668eaf4f9cf691973c25c26955", "creation_timestamp": "2025-02-26T02:23:23.000000Z"} 2025-02-26T02:23:23+00:00 https://vulnerability.circl.lu/sighting/2eb0a21d-d4fc-4118-b8d9-79a95bfdd12a/export 2026-05-06T08:54:05.516953+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "2eb0a21d-d4fc-4118-b8d9-79a95bfdd12a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49293", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5427", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49293\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: initialize registers in nft_do_chain()\n\nInitialize registers to avoid stack leak into userspace.\n\ud83d\udccf Published: 2025-02-26T01:56:29.033Z\n\ud83d\udccf Modified: 2025-02-26T01:56:29.033Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/4d28522acd1c4415c85f6b33463713a268f68965\n2. https://git.kernel.org/stable/c/a3cc32863b175168283cb0a5fde08de6a1e27df9\n3. https://git.kernel.org/stable/c/88791b79a1eb2ba94e95d039243e28433583a67b\n4. https://git.kernel.org/stable/c/06f0ff82c70241a766a811ae1acf07d6e2734dcb\n5. https://git.kernel.org/stable/c/2c74374c2e88c7b7992bf808d9f9391f7452f9d9\n6. https://git.kernel.org/stable/c/fafb904156fbb8f1dd34970cd5223e00b47c33be\n7. https://git.kernel.org/stable/c/64f24c76dd0ce53d0fa3a0bfb9aeea507c769485\n8. https://git.kernel.org/stable/c/dd03640529204ef4b8189fbdea08217d8d98271f\n9. https://git.kernel.org/stable/c/4c905f6740a365464e91467aa50916555b28213d", "creation_timestamp": "2025-02-26T02:23:26.000000Z"} 2025-02-26T02:23:26+00:00 https://vulnerability.circl.lu/sighting/7e6a7a52-11a0-4805-9007-38f493131d7f/export 2026-05-06T08:54:05.516826+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "7e6a7a52-11a0-4805-9007-38f493131d7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49292", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5428", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49292\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: oss: Fix PCM OSS buffer allocation overflow\n\nWe've got syzbot reports hitting INT_MAX overflow at vmalloc()\nallocation that is called from snd_pcm_plug_alloc(). Although we\napply the restrictions to input parameters, it's based only on the\nhw_params of the underlying PCM device. Since the PCM OSS layer\nallocates a temporary buffer for the data conversion, the size may\nbecome unexpectedly large when more channels or higher rates is given;\nin the reported case, it went over INT_MAX, hence it hits WARN_ON().\n\nThis patch is an attempt to avoid such an overflow and an allocation\nfor too large buffers. First off, it adds the limit of 1MB as the\nupper bound for period bytes. This must be large enough for all use\ncases, and we really don't want to handle a larger temporary buffer\nthan this size. The size check is performed at two places, where the\noriginal period bytes is calculated and where the plugin buffer size\nis calculated.\n\nIn addition, the driver uses array_size() and array3_size() for\nmultiplications to catch overflows for the converted period size and\nbuffer bytes.\n\ud83d\udccf Published: 2025-02-26T01:56:28.552Z\n\ud83d\udccf Modified: 2025-02-26T01:56:28.552Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5\n2. https://git.kernel.org/stable/c/0c4190b41a69990666b4000999e27f8f1b2a426b\n3. https://git.kernel.org/stable/c/5ce74ff7059341d8b2f4d01c3383491df63d1898\n4. https://git.kernel.org/stable/c/7a40cbf3579a8e14849ba7ce46309c1992658d2b\n5. https://git.kernel.org/stable/c/fb08bf99195a87c798bc8ae1357337a981faeade\n6. https://git.kernel.org/stable/c/e74a069c6a7bb505f3ade141dddf85f4b0b5145a\n7. https://git.kernel.org/stable/c/efb6402c3c4a7c26d97c92d70186424097b6e366", "creation_timestamp": "2025-02-26T02:23:30.000000Z"} 2025-02-26T02:23:30+00:00 https://vulnerability.circl.lu/sighting/4796bb69-1089-4465-9bed-b5a3cca8a216/export 2026-05-06T08:54:05.516699+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "4796bb69-1089-4465-9bed-b5a3cca8a216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49291", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5429", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49291\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix races among concurrent hw_params and hw_free calls\n\nCurrently we have neither proper check nor protection against the\nconcurrent calls of PCM hw_params and hw_free ioctls, which may result\nin a UAF. Since the existing PCM stream lock can't be used for\nprotecting the whole ioctl operations, we need a new mutex to protect\nthose racy calls.\n\nThis patch introduced a new mutex, runtime->buffer_mutex, and applies\nit to both hw_params and hw_free ioctl code paths. Along with it, the\nboth functions are slightly modified (the mmap_count check is moved\ninto the state-check block) for code simplicity.\n\ud83d\udccf Published: 2025-02-26T01:56:27.986Z\n\ud83d\udccf Modified: 2025-02-26T01:56:27.986Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a42aa926843acca96c0dfbde2e835b8137f2f092\n2. https://git.kernel.org/stable/c/9cb6c40a6ebe4a0cfc9d6a181958211682cffea9\n3. https://git.kernel.org/stable/c/fbeb492694ce0441053de57699e1e2b7bc148a69\n4. https://git.kernel.org/stable/c/0f6947f5f5208f6ebd4d76a82a4757e2839a23f8\n5. https://git.kernel.org/stable/c/33061d0fba51d2bf70a2ef9645f703c33fe8e438\n6. https://git.kernel.org/stable/c/0090c13cbbdffd7da079ac56f80373a9a1be0bf8\n7. https://git.kernel.org/stable/c/1bbf82d9f961414d6c76a08f7f843ea068e0ab7b\n8. https://git.kernel.org/stable/c/92ee3c60ec9fe64404dc035e7c41277d74aa26cb", "creation_timestamp": "2025-02-26T02:23:30.000000Z"} 2025-02-26T02:23:30+00:00 https://vulnerability.circl.lu/sighting/59257351-faae-4d10-9bd6-11d5f52f3d99/export 2026-05-06T08:54:05.516499+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "59257351-faae-4d10-9bd6-11d5f52f3d99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49290", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5430", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49290\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix potential double free on mesh join\n\nWhile commit 6a01afcf8468 (\"mac80211: mesh: Free ie data when leaving\nmesh\") fixed a memory leak on mesh leave / teardown it introduced a\npotential memory corruption caused by a double free when rejoining the\nmesh:\n\n ieee80211_leave_mesh()\n -> kfree(sdata->u.mesh.ie);\n ...\n ieee80211_join_mesh()\n -> copy_mesh_setup()\n -> old_ie = ifmsh->ie;\n -> kfree(old_ie);\n\nThis double free / kernel panics can be reproduced by using wpa_supplicant\nwith an encrypted mesh (if set up without encryption via \"iw\" then\nifmsh->ie is always NULL, which avoids this issue). And then calling:\n\n $ iw dev mesh0 mesh leave\n $ iw dev mesh0 mesh join my-mesh\n\nNote that typically these commands are not used / working when using\nwpa_supplicant. And it seems that wpa_supplicant or wpa_cli are going\nthrough a NETDEV_DOWN/NETDEV_UP cycle between a mesh leave and mesh join\nwhere the NETDEV_UP resets the mesh.ie to NULL via a memcpy of\ndefault_mesh_setup in cfg80211_netdev_notifier_call, which then avoids\nthe memory corruption, too.\n\nThe issue was first observed in an application which was not using\nwpa_supplicant but \"Senf\" instead, which implements its own calls to\nnl80211.\n\nFixing the issue by removing the kfree()'ing of the mesh IE in the mesh\njoin function and leaving it solely up to the mesh leave to free the\nmesh IE.\n\ud83d\udccf Published: 2025-02-26T01:56:27.500Z\n\ud83d\udccf Modified: 2025-02-26T01:56:27.500Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/615716af8644813355e014314a0bc1e961250f5a\n2. https://git.kernel.org/stable/c/c1d9c3628ef0a0ca197595d0f9e01cd3b5dda186\n3. https://git.kernel.org/stable/c/273ebddc5fda2967492cb0b6cdd7d81cfb821b76\n4. https://git.kernel.org/stable/c/3bbd0000d012f92aec423b224784fbf0f7bf40f8\n5. https://git.kernel.org/stable/c/5d3ff9542a40ce034416bca03864709540a36016\n6. https://git.kernel.org/stable/c/12e407a8ef17623823fd0c066fbd7f103953d28d\n7. https://git.kernel.org/stable/c/582d8c60c0c053684f7138875e8150d5749ffc17\n8. https://git.kernel.org/stable/c/46bb87d40683337757a2f902fcd4244b32bb4e86\n9. https://git.kernel.org/stable/c/4a2d4496e15ea5bb5c8e83b94ca8ca7fb045e7d3", "creation_timestamp": "2025-02-26T02:23:31.000000Z"} 2025-02-26T02:23:31+00:00 https://vulnerability.circl.lu/sighting/338812e3-5746-4aa3-b868-0621cebbc9f6/export 2026-05-06T08:54:05.515458+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "338812e3-5746-4aa3-b868-0621cebbc9f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49299", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16468", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49299\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: gadget: don't reset gadget's driver->bus\n\nUDC driver should not touch gadget's driver internals, especially it\nshould not reset driver->bus. This wasn't harmful so far, but since\ncommit fc274c1e9973 (\"USB: gadget: Add a new bus for gadgets\") gadget\nsubsystem got it's own bus and messing with ->bus triggers the\nfollowing NULL pointer dereference:\n\ndwc2 12480000.hsotg: bound driver g_ether\n8<--- cut here ---\nUnable to handle kernel NULL pointer dereference at virtual address 00000000\n[00000000] *pgd=00000000\nInternal error: Oops: 5 [#1] SMP ARM\nModules linked in: ...\nCPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862\nHardware name: Samsung Exynos (Flattened Device Tree)\nPC is at module_add_driver+0x44/0xe8\nLR is at sysfs_do_create_link_sd+0x84/0xe0\n...\nProcess modprobe (pid: 620, stack limit = 0x(ptrval))\n...\n module_add_driver from bus_add_driver+0xf4/0x1e4\n bus_add_driver from driver_register+0x78/0x10c\n driver_register from usb_gadget_register_driver_owner+0x40/0xb4\n usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0\n do_one_initcall from do_init_module+0x44/0x1c8\n do_init_module from load_module+0x19b8/0x1b9c\n load_module from sys_finit_module+0xdc/0xfc\n sys_finit_module from ret_fast_syscall+0x0/0x54\nException stack(0xf1771fa8 to 0xf1771ff0)\n...\ndwc2 12480000.hsotg: new device is high-speed\n---[ end trace 0000000000000000 ]---\n\nFix this by removing driver->bus entry reset.\n\ud83d\udccf Published: 2025-02-26T02:10:34.977Z\n\ud83d\udccf Modified: 2025-05-15T12:28:27.659Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8\n2. https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0\n3. https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b\n4. https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa\n5. https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd\n6. https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316\n7. https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c\n8. https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac\n9. https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a", "creation_timestamp": "2025-05-15T12:34:14.000000Z"} 2025-05-15T12:34:14+00:00 https://vulnerability.circl.lu/sighting/74723598-7ee4-4f8c-93c3-8a49908c22d5/export 2026-05-06T08:54:05.515327+00:00 Alexandre Dulaunoy http://vulnerability.circl.lu/user/adulau {"uuid": "74723598-7ee4-4f8c-93c3-8a49908c22d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2022-49294", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} 2025-12-03T14:14:49.267740+00:00 https://vulnerability.circl.lu/sighting/fa06164f-027a-4467-9e8e-930297783168/export 2026-05-06T08:54:05.514226+00:00 Alexandre Dulaunoy http://vulnerability.circl.lu/user/adulau {"uuid": "fa06164f-027a-4467-9e8e-930297783168", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2022-49296", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"} 2025-12-03T14:14:49.267740+00:00 https://vulnerability.circl.lu/sighting/4f8dc6b3-9cd6-4830-9a9a-4815ec6ad2a0/export 2026-05-06T08:54:05.512281+00:00 Joseph Lee http://vulnerability.circl.lu/user/syspect {"uuid": "4f8dc6b3-9cd6-4830-9a9a-4815ec6ad2a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-49296", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} 2026-03-19T00:00:00+00:00