{"vulnerability": "CVE-2022-4905", "sightings": [{"uuid": "622cf37d-9bc4-4802-91b2-fbf1edd07d7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49053", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5746", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49053\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: tcmu: Fix possible page UAF\n\ntcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not\ntake refcount properly and just returns page pointer. When\ntcmu_try_get_data_page() returns, the returned page may have been freed by\ntcmu_blocks_release().\n\nWe need to get_page() under cmdr_lock to avoid concurrent\ntcmu_blocks_release().\n\ud83d\udccf Published: 2025-02-26T01:54:26.806Z\n\ud83d\udccf Modified: 2025-02-27T18:02:30.241Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/d7c5d79e50be6e06b669141e3db1f977a0dd4e8e\n2. https://git.kernel.org/stable/c/e3e0e067d5b34e4a68e3cc55f8eebc413f56f8ed\n3. https://git.kernel.org/stable/c/fb7a5115422fbd6a4d505e8844f1ef5529f10489\n4. https://git.kernel.org/stable/c/aec36b98a1bbaa84bfd8299a306e4c12314af626\n5. https://git.kernel.org/stable/c/b7f3b5d70c834f49f7d87a2f2ed1c6284d9a0322\n6. https://git.kernel.org/stable/c/a9564d84ed9f6ee71017d062d0d2182154294a4b\n7. https://git.kernel.org/stable/c/a6968f7a367f128d120447360734344d5a3d5336", "creation_timestamp": "2025-02-27T18:27:10.000000Z"}, {"uuid": "cf87a928-b295-4b77-a49f-106812832fb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2022-49054", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "b15e2f2b-2c02-4433-91a5-5880e7d4a5d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49053", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16471", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49053\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: tcmu: Fix possible page UAF\n\ntcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not\ntake refcount properly and just returns page pointer. When\ntcmu_try_get_data_page() returns, the returned page may have been freed by\ntcmu_blocks_release().\n\nWe need to get_page() under cmdr_lock to avoid concurrent\ntcmu_blocks_release().\n\ud83d\udccf Published: 2025-02-26T01:54:26.806Z\n\ud83d\udccf Modified: 2025-05-15T12:28:22.433Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/d7c5d79e50be6e06b669141e3db1f977a0dd4e8e\n2. https://git.kernel.org/stable/c/e3e0e067d5b34e4a68e3cc55f8eebc413f56f8ed\n3. https://git.kernel.org/stable/c/fb7a5115422fbd6a4d505e8844f1ef5529f10489\n4. https://git.kernel.org/stable/c/aec36b98a1bbaa84bfd8299a306e4c12314af626\n5. https://git.kernel.org/stable/c/b7f3b5d70c834f49f7d87a2f2ed1c6284d9a0322\n6. https://git.kernel.org/stable/c/a9564d84ed9f6ee71017d062d0d2182154294a4b\n7. https://git.kernel.org/stable/c/a6968f7a367f128d120447360734344d5a3d5336", "creation_timestamp": "2025-05-15T12:34:17.000000Z"}, {"uuid": "0078d3a7-f344-43e6-9a24-c907806e8832", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4905", "type": "seen", "source": "https://t.me/cibsecurity/58040", "content": "\u203c CVE-2022-4905 \u203c\n\nA vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.2.0 is able to address this issue. The name of the patch is 6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a. It is recommended to upgrade the affected component. VDB-220750 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T00:30:15.000000Z"}, {"uuid": "88b3882a-0631-48e5-9173-fc729e91ae46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-49055", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16470", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49055\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check for potential null return of kmalloc_array()\n\nAs the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference.\nTherefore, it is better to check the return value of kmalloc_array() to avoid this confusion.\n\ud83d\udccf Published: 2025-02-26T01:54:27.771Z\n\ud83d\udccf Modified: 2025-05-15T12:28:24.295Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/32cf90a521dcc0f136db7ee5ba32bfe5f79e460e\n2. https://git.kernel.org/stable/c/40bf32dbfef866c83a3e74800b81d79e52b6d20b\n3. https://git.kernel.org/stable/c/94869bb0de69a812f70231b0eb480bb2f7ae73a6\n4. https://git.kernel.org/stable/c/c7a268b33882d5feaafd29c1734456f41ba41396\n5. https://git.kernel.org/stable/c/1d7a5aae884ca727d41c7ed15d4c82fdb67c040c\n6. https://git.kernel.org/stable/c/f2658d5966bcee8c3eb487875f459756d4f7cdfc\n7. https://git.kernel.org/stable/c/0a692c625e373fef692ffbc7fc41f8a025f01cb7\n8. https://git.kernel.org/stable/c/ebbb7bb9e80305820dc2328a371c1b35679f2667", "creation_timestamp": "2025-05-15T12:34:16.000000Z"}]}