{"vulnerability": "cve-2022-4882", "sightings": [{"uuid": "89b333aa-4054-4543-a17a-fcc566ea149f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48827", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "dabae612-6f16-4b0f-b6c9-8a0c8b4256e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48828", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "2fdcb350-170a-453d-a71d-0554bf8fe3a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48829", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "ba85d343-bcc0-4435-b57f-b99457021cc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2022-48826", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "422b236a-5f71-4741-9f55-24971117662f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2022-48825", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "ad38a15c-c7a4-4438-abb9-36f07f072b1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2022-48827", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "49b8c3f4-5f0a-4a66-8599-385ff40d79e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48824", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16474", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48824\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: myrs: Fix crash in error case\n\nIn myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fails\nwith non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and\ncrash the kernel.\n\n[ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A\n[ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller\n[ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 1.110774] Call Trace:\n[ 1.110950] myrs_cleanup+0xe4/0x150 [myrs]\n[ 1.111135] myrs_probe.cold+0x91/0x56a [myrs]\n[ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs]\n[ 1.111500] local_pci_probe+0x48/0x90\n\ud83d\udccf Published: 2024-07-16T11:44:09.970Z\n\ud83d\udccf Modified: 2025-05-15T12:28:15.394Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/5c5ceea00c8c9df150708e66cb9f2891192c1162\n2. https://git.kernel.org/stable/c/0e42c4a3d732517edc3766dd45a14e60d29dd929\n3. https://git.kernel.org/stable/c/6207f35c213f6cb2fc3f13b5e77f08c710e1de19\n4. https://git.kernel.org/stable/c/1d6cd26605b4d662063a83c15c776b5299a1cb23\n5. https://git.kernel.org/stable/c/4db09593af0b0b4d7d4805ebb3273df51d7cc30d", "creation_timestamp": "2025-05-15T12:34:20.000000Z"}, {"uuid": "6fa8677d-f156-4be9-9f46-76e46eb11f01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48829", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19693", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48829\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes\n\niattr::ia_size is a loff_t, so these NFSv3 procedures must be\ncareful to deal with incoming client size values that are larger\nthan s64_max without corrupting the value.\n\nSilently capping the value results in storing a different value\nthan the client passed in which is unexpected behavior, so remove\nthe min_t() check in decode_sattr3().\n\nNote that RFC 1813 permits only the WRITE procedure to return\nNFS3ERR_FBIG. We believe that NFSv3 reference implementations\nalso return NFS3ERR_FBIG when ia_size is too large.\n\ud83d\udccf Published: 2024-07-16T11:44:13.313Z\n\ud83d\udccf Modified: 2025-06-27T10:21:09.814Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/72c14aed6838b5d90b4dd926b6a339b34bb02e08\n2. https://git.kernel.org/stable/c/a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3\n3. https://git.kernel.org/stable/c/37f2d2cd8eadddbbd9c7bda327a9393399b2f89b\n4. https://git.kernel.org/stable/c/aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0\n5. https://git.kernel.org/stable/c/a648fdeb7c0e17177a2280344d015dba3fbe3314", "creation_timestamp": "2025-06-27T10:49:58.000000Z"}, {"uuid": "1fcbdc4e-038b-4b28-a825-53d97d2a1d3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48828", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19694", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48828\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix ia_size underflow\n\niattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and\nNFSv4 both define file size as an unsigned 64-bit type. Thus there\nis a range of valid file size values an NFS client can send that is\nalready larger than Linux can handle.\n\nCurrently decode_fattr4() dumps a full u64 value into ia_size. If\nthat value happens to be larger than S64_MAX, then ia_size\nunderflows. I'm about to fix up the NFSv3 behavior as well, so let's\ncatch the underflow in the common code path: nfsd_setattr().\n\ud83d\udccf Published: 2024-07-16T11:44:12.660Z\n\ud83d\udccf Modified: 2025-06-27T10:21:08.711Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/d2211e6e34d0755f35e2f8c22d81999fa81cfc71\n2. https://git.kernel.org/stable/c/38d02ba22e43b6fc7d291cf724bc6e3b7be6626b\n3. https://git.kernel.org/stable/c/8e0ecaf7a7e57b30284d6b3289cc436100fadc48\n4. https://git.kernel.org/stable/c/da22ca1ad548429d7822011c54cfe210718e0aa7\n5. https://git.kernel.org/stable/c/e6faac3f58c7c4176b66f63def17a34232a17b0e", "creation_timestamp": "2025-06-27T10:49:59.000000Z"}, {"uuid": "887cf711-2a89-412f-a809-c0ee098947bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48824", "type": "seen", "source": "https://t.me/cvedetector/933", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48824 - Linux Kernel myrs Null Pointer Dereference\", \n \"Content\": \"CVE ID : CVE-2022-48824 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nscsi: myrs: Fix crash in error case \n \nIn myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fails \nwith non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and \ncrash the kernel. \n \n[ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A \n[ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller \n[ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000 \n[ 1.110774] Call Trace: \n[ 1.110950] myrs_cleanup+0xe4/0x150 [myrs] \n[ 1.111135] myrs_probe.cold+0x91/0x56a [myrs] \n[ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs] \n[ 1.111500] local_pci_probe+0x48/0x90 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:14.000000Z"}, {"uuid": "d20e12bc-c1a4-497c-859b-c2df006dda19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48821", "type": "seen", "source": "https://t.me/cvedetector/940", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48821 - Linux Kernel - Use-After-Free in fastrpc\", \n \"Content\": \"CVE ID : CVE-2022-48821 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmisc: fastrpc: avoid double fput() on failed usercopy \n \nIf the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF \nioctl(), we shouldn't assume that 'buf->dmabuf' is still valid. In fact, \ndma_buf_fd() called fd_install() before, i.e. \"consumed\" one reference, \nleaving us with none. \n \nCalling dma_buf_put() will therefore put a reference we no longer own, \nleading to a valid file descritor table entry for an already released \n'file' object which is a straight use-after-free. \n \nSimply avoid calling dma_buf_put() and rely on the process exit code to \ndo the necessary cleanup, if needed, i.e. if the file descriptor is \nstill valid. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:26.000000Z"}, {"uuid": "a5c4971a-9895-4ebe-bebf-21696a4da83c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48823", "type": "seen", "source": "https://t.me/cvedetector/939", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48823 - QEDF Linux SCSI Driver Refcount Vulnerability\", \n \"Content\": \"CVE ID : CVE-2022-48823 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nscsi: qedf: Fix refcount issue when LOGO is received during TMF \n \nHung task call trace was seen during LOGO processing. \n \n[ 974.309060] [0000:00:00.0]:[qedf_eh_device_reset:868]: 1:0:2:0: LUN RESET Issued... \n[ 974.309065] [0000:00:00.0]:[qedf_initiate_tmf:2422]: tm_flags 0x10 sc_cmd 00000000c16b930f op = 0x2a target_id = 0x2 lun=0 \n[ 974.309178] [0000:00:00.0]:[qedf_initiate_tmf:2431]: portid=016900 tm_flags =LUN RESET \n[ 974.309222] [0000:00:00.0]:[qedf_initiate_tmf:2438]: orig io_req = 00000000ec78df8f xid = 0x180 ref_cnt = 1. \n[ 974.309625] host1: rport 016900: Received LOGO request while in state Ready \n[ 974.309627] host1: rport 016900: Delete port \n[ 974.309642] host1: rport 016900: work event 3 \n[ 974.309644] host1: rport 016900: lld callback ev 3 \n[ 974.313243] [0000:61:00.2]:[qedf_execute_tmf:2383]:1: fcport is uploading, not executing flush. \n[ 974.313295] [0000:61:00.2]:[qedf_execute_tmf:2400]:1: task mgmt command success... \n[ 984.031088] INFO: task jbd2/dm-15-8:7645 blocked for more than 120 seconds. \n[ 984.031136] Not tainted 4.18.0-305.el8.x86_64 #1 \n \n[ 984.031166] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message. \n[ 984.031209] jbd2/dm-15-8 D 0 7645 2 0x80004080 \n[ 984.031212] Call Trace: \n[ 984.031222] __schedule+0x2c4/0x700 \n[ 984.031230] ? unfreeze_partials.isra.83+0x16e/0x1a0 \n[ 984.031233] ? bit_wait_timeout+0x90/0x90 \n[ 984.031235] schedule+0x38/0xa0 \n[ 984.031238] io_schedule+0x12/0x40 \n[ 984.031240] bit_wait_io+0xd/0x50 \n[ 984.031243] __wait_on_bit+0x6c/0x80 \n[ 984.031248] ? free_buffer_head+0x21/0x50 \n[ 984.031251] out_of_line_wait_on_bit+0x91/0xb0 \n[ 984.031257] ? init_wait_var_entry+0x50/0x50 \n[ 984.031268] jbd2_journal_commit_transaction+0x112e/0x19f0 [jbd2] \n[ 984.031280] kjournald2+0xbd/0x270 [jbd2] \n[ 984.031284] ? finish_wait+0x80/0x80 \n[ 984.031291] ? commit_timeout+0x10/0x10 [jbd2] \n[ 984.031294] kthread+0x116/0x130 \n[ 984.031300] ? kthread_flush_work_fn+0x10/0x10 \n[ 984.031305] ret_from_fork+0x1f/0x40 \n \nThere was a ref count issue when LOGO is received during TMF. This leads to \none of the I/Os hanging with the driver. Fix the ref count. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:22.000000Z"}, {"uuid": "541366a9-625b-42bb-bb1b-b82e1cfa7680", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48828", "type": "seen", "source": "https://t.me/cvedetector/938", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48828 - \"Linux NFSd Signed Integer Underflow\"\", \n \"Content\": \"CVE ID : CVE-2022-48828 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nNFSD: Fix ia_size underflow \n \niattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and \nNFSv4 both define file size as an unsigned 64-bit type. Thus there \nis a range of valid file size values an NFS client can send that is \nalready larger than Linux can handle. \n \nCurrently decode_fattr4() dumps a full u64 value into ia_size. If \nthat value happens to be larger than S64_MAX, then ia_size \nunderflows. I'm about to fix up the NFSv3 behavior as well, so let's \ncatch the underflow in the common code path: nfsd_setattr(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:22.000000Z"}, {"uuid": "85d89362-273e-4e13-a623-1df6a5f85d97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48825", "type": "seen", "source": "https://t.me/cvedetector/937", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48825 - Dell PowerEdge MX740c QEDF Linux Kernel Use After Free\", \n \"Content\": \"CVE ID : CVE-2022-48825 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nscsi: qedf: Add stag_work to all the vports \n \nCall trace seen when creating NPIV ports, only 32 out of 64 show online. \nstag work was not initialized for vport, hence initialize the stag work. \n \nWARNING: CPU: 8 PID: 645 at kernel/workqueue.c:1635 __queue_delayed_work+0x68/0x80 \nCPU: 8 PID: 645 Comm: kworker/8:1 Kdump: loaded Tainted: G IOE --------- -- \n 4.18.0-348.el8.x86_64 #1 \nHardware name: Dell Inc. PowerEdge MX740c/0177V9, BIOS 2.12.2 07/09/2021 \nWorkqueue: events fc_lport_timeout [libfc] \nRIP: 0010:__queue_delayed_work+0x68/0x80 \nCode: 89 b2 88 00 00 00 44 89 82 90 00 00 00 48 01 c8 48 89 42 50 41 81 \nf8 00 20 00 00 75 1d e9 60 24 07 00 44 89 c7 e9 98 f6 ff ff 0b eb \nc5 0f 0b eb a1 0f 0b eb a7 0f 0b eb ac 44 89 c6 e9 40 23 \nRSP: 0018:ffffae514bc3be40 EFLAGS: 00010006 \nRAX: ffff8d25d6143750 RBX: 0000000000000202 RCX: 0000000000000002 \nRDX: ffff8d2e31383748 RSI: ffff8d25c000d600 RDI: ffff8d2e31383788 \nRBP: ffff8d2e31380de0 R08: 0000000000002000 R09: ffff8d2e31383750 \nR10: ffffffffc0c957e0 R11: ffff8d2624800000 R12: ffff8d2e31380a58 \nR13: ffff8d2d915eb000 R14: ffff8d25c499b5c0 R15: ffff8d2e31380e18 \nFS: 0000000000000000(0000) GS:ffff8d2d1fb00000(0000) knlGS:0000000000000000 \nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \nCR2: 000055fd0484b8b8 CR3: 00000008ffc10006 CR4: 00000000007706e0 \nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 \nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 \nPKRU: 55555554 \nCall Trace: \n queue_delayed_work_on+0x36/0x40 \n qedf_elsct_send+0x57/0x60 [qedf] \n fc_lport_enter_flogi+0x90/0xc0 [libfc] \n fc_lport_timeout+0xb7/0x140 [libfc] \n process_one_work+0x1a7/0x360 \n ? create_worker+0x1a0/0x1a0 \n worker_thread+0x30/0x390 \n ? create_worker+0x1a0/0x1a0 \n kthread+0x116/0x130 \n ? kthread_flush_work_fn+0x10/0x10 \n ret_from_fork+0x35/0x40 \n ---[ end trace 008f00f722f2c2ff ]-- \n \nInitialize stag work for all the vports. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:21.000000Z"}, {"uuid": "32ffb80b-091d-4ce6-a0ad-068d3cf6fbb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48829", "type": "seen", "source": "https://t.me/cvedetector/936", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48829 - NFS on Linux Kernel Large File Size Handling Buffer Overflow\", \n \"Content\": \"CVE ID : CVE-2022-48829 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nNFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes \n \niattr::ia_size is a loff_t, so these NFSv3 procedures must be \ncareful to deal with incoming client size values that are larger \nthan s64_max without corrupting the value. \n \nSilently capping the value results in storing a different value \nthan the client passed in which is unexpected behavior, so remove \nthe min_t() check in decode_sattr3(). \n \nNote that RFC 1813 permits only the WRITE procedure to return \nNFS3ERR_FBIG. We believe that NFSv3 reference implementations \nalso return NFS3ERR_FBIG when ia_size is too large. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:20.000000Z"}, {"uuid": "001adbd4-09de-4f82-b5b5-c828479bbb5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48827", "type": "seen", "source": "https://t.me/cvedetector/935", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48827 - NFS Linux Kernel Long Offset Read Vulnerability\", \n \"Content\": \"CVE ID : CVE-2022-48827 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nNFSD: Fix the behavior of READ near OFFSET_MAX \n \nDan Aloni reports: \n> Due to commit 8cfb9015280d (\"NFS: Always provide aligned buffers to \n> the RPC read layers\") on the client, a read of 0xfff is aligned up \n> to server rsize of 0x1000. \n> \n> As a result, in a test where the server has a file of size \n> 0x7fffffffffffffff, and the client tries to read from the offset \n> 0x7ffffffffffff000, the read causes loff_t overflow in the server \n> and it returns an NFS code of EINVAL to the client. The client as \n> a result indefinitely retries the request. \n \nThe Linux NFS client does not handle NFS?ERR_INVAL, even though all \nNFS specifications permit servers to return that status code for a \nREAD. \n \nInstead of NFS?ERR_INVAL, have out-of-range READ requests succeed \nand return a short result. Set the EOF flag in the result to prevent \nthe client from retrying the READ request. This behavior appears to \nbe consistent with Solaris NFS servers. \n \nNote that NFSv3 and NFSv4 use u64 offset values on the wire. These \nmust be converted to loff_t internally before use -- an implicit \ntype cast is not adequate for this purpose. Otherwise VFS checks \nagainst sb->s_maxbytes do not work properly. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:19.000000Z"}, {"uuid": "54e5c03c-c348-45ff-8a70-4845d7bada22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48822", "type": "seen", "source": "https://t.me/cvedetector/931", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48822 - Linux usb fs Use-After-Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2022-48822 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nusb: f_fs: Fix use-after-free for epfile \n \nConsider a case where ffs_func_eps_disable is called from \nffs_func_disable as part of composition switch and at the \nsame time ffs_epfile_release get called from userspace. \nffs_epfile_release will free up the read buffer and call \nffs_data_closed which in turn destroys ffs->epfiles and \nmark it as NULL. While this was happening the driver has \nalready initialized the local epfile in ffs_func_eps_disable \nwhich is now freed and waiting to acquire the spinlock. Once \nspinlock is acquired the driver proceeds with the stale value \nof epfile and tries to free the already freed read buffer \ncausing use-after-free. \n \nFollowing is the illustration of the race: \n \n CPU1 CPU2 \n \n ffs_func_eps_disable \n epfiles (local copy) \n ffs_epfile_release \n ffs_data_closed \n if (last file closed) \n ffs_data_reset \n ffs_data_clear \n ffs_epfiles_destroy \nspin_lock \ndereference epfiles \n \nFix this races by taking epfiles local copy & assigning it under \nspinlock and if epfiles(local) is null then update it in ffs->epfiles \nthen finally destroy it. \nExtending the scope further from the race, protecting the ep related \nstructures, and concurrent accesses. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:12.000000Z"}, {"uuid": "30cf731e-1d2c-4c6d-b252-c738b264a05e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48826", "type": "seen", "source": "https://t.me/cvedetector/930", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48826 - In the Linux kernel, the following vulnerability h\", \n \"Content\": \"CVE ID : CVE-2022-48826 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/vc4: Fix deadlock on DSI device attach error \n \nDSI device attach to DSI host will be done with host device's lock \nheld. \n \nUn-registering host in \"device attach\" error path (ex: probe retry) \nwill result in deadlock with below call trace and non operational \nDSI display. \n \nStartup Call trace: \n[ 35.043036] rt_mutex_slowlock.constprop.21+0x184/0x1b8 \n[ 35.043048] mutex_lock_nested+0x7c/0xc8 \n[ 35.043060] device_del+0x4c/0x3e8 \n[ 35.043075] device_unregister+0x20/0x40 \n[ 35.043082] mipi_dsi_remove_device_fn+0x18/0x28 \n[ 35.043093] device_for_each_child+0x68/0xb0 \n[ 35.043105] mipi_dsi_host_unregister+0x40/0x90 \n[ 35.043115] vc4_dsi_host_attach+0xf0/0x120 [vc4] \n[ 35.043199] mipi_dsi_attach+0x30/0x48 \n[ 35.043209] tc358762_probe+0x128/0x164 [tc358762] \n[ 35.043225] mipi_dsi_drv_probe+0x28/0x38 \n[ 35.043234] really_probe+0xc0/0x318 \n[ 35.043244] __driver_probe_device+0x80/0xe8 \n[ 35.043254] driver_probe_device+0xb8/0x118 \n[ 35.043263] __device_attach_driver+0x98/0xe8 \n[ 35.043273] bus_for_each_drv+0x84/0xd8 \n[ 35.043281] __device_attach+0xf0/0x150 \n[ 35.043290] device_initial_probe+0x1c/0x28 \n[ 35.043300] bus_probe_device+0xa4/0xb0 \n[ 35.043308] deferred_probe_work_func+0xa0/0xe0 \n[ 35.043318] process_one_work+0x254/0x700 \n[ 35.043330] worker_thread+0x4c/0x448 \n[ 35.043339] kthread+0x19c/0x1a8 \n[ 35.043348] ret_from_fork+0x10/0x20 \n \nShutdown Call trace: \n[ 365.565417] Call trace: \n[ 365.565423] __switch_to+0x148/0x200 \n[ 365.565452] __schedule+0x340/0x9c8 \n[ 365.565467] schedule+0x48/0x110 \n[ 365.565479] schedule_timeout+0x3b0/0x448 \n[ 365.565496] wait_for_completion+0xac/0x138 \n[ 365.565509] __flush_work+0x218/0x4e0 \n[ 365.565523] flush_work+0x1c/0x28 \n[ 365.565536] wait_for_device_probe+0x68/0x158 \n[ 365.565550] device_shutdown+0x24/0x348 \n[ 365.565561] kernel_restart_prepare+0x40/0x50 \n[ 365.565578] kernel_restart+0x20/0x70 \n[ 365.565591] __do_sys_reboot+0x10c/0x220 \n[ 365.565605] __arm64_sys_reboot+0x2c/0x38 \n[ 365.565619] invoke_syscall+0x4c/0x110 \n[ 365.565634] el0_svc_common.constprop.3+0xfc/0x120 \n[ 365.565648] do_el0_svc+0x2c/0x90 \n[ 365.565661] el0_svc+0x4c/0xf0 \n[ 365.565671] el0t_64_sync_handler+0x90/0xb8 \n[ 365.565682] el0t_64_sync+0x180/0x184 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:11.000000Z"}]}