Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2025-0797
Vulnerability from csaf_certbund - Published: 2025-04-14 22:00 - Updated: 2025-04-14 22:00Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0797 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0797.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0797 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0797"
},
{
"category": "external",
"summary": "Github Security Advisory GHSA-6qhr-h8jp-m2w8) vom 2025-04-14",
"url": "https://github.com/advisories/GHSA-6qhr-h8jp-m2w8"
},
{
"category": "external",
"summary": "Github Security Advisory GHSA-9crv-c24c-9g53 vom 2025-04-14",
"url": "https://github.com/advisories/GHSA-9crv-c24c-9g53"
},
{
"category": "external",
"summary": "Github Security Advisory GHSA-fh2c-3j7r-hvgv vom 2025-04-14",
"url": "https://github.com/advisories/GHSA-fh2c-3j7r-hvgv"
},
{
"category": "external",
"summary": "Github Security Advisory GHSA-fjrf-m4f9-hh77 vom 2025-04-14",
"url": "https://github.com/advisories/GHSA-fjrf-m4f9-hh77"
},
{
"category": "external",
"summary": "Github Security Advisory GHSA-hvr9-mmhm-xx2r vom 2025-04-14",
"url": "https://github.com/advisories/GHSA-hvr9-mmhm-xx2r"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2025-04-14T22:00:00.000+00:00",
"generator": {
"date": "2025-04-15T10:05:55.317+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0797",
"initial_release_date": "2025-04-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T006656",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-49279",
"product_status": {
"known_affected": [
"T006656"
]
},
"release_date": "2025-04-14T22:00:00.000+00:00",
"title": "CVE-2022-49279"
},
{
"cve": "CVE-2022-49300",
"product_status": {
"known_affected": [
"T006656"
]
},
"release_date": "2025-04-14T22:00:00.000+00:00",
"title": "CVE-2022-49300"
},
{
"cve": "CVE-2022-49365",
"product_status": {
"known_affected": [
"T006656"
]
},
"release_date": "2025-04-14T22:00:00.000+00:00",
"title": "CVE-2022-49365"
},
{
"cve": "CVE-2022-49366",
"product_status": {
"known_affected": [
"T006656"
]
},
"release_date": "2025-04-14T22:00:00.000+00:00",
"title": "CVE-2022-49366"
},
{
"cve": "CVE-2022-49381",
"product_status": {
"known_affected": [
"T006656"
]
},
"release_date": "2025-04-14T22:00:00.000+00:00",
"title": "CVE-2022-49381"
}
]
}
CVE-2022-49381 (GCVE-0-2022-49381)
Vulnerability from cvelistv5 – Published: 2025-02-26 02:11 – Updated: 2025-10-01 19:46
VLAI?
EPSS
Summary
In the Linux kernel, the following vulnerability has been resolved:
jffs2: fix memory leak in jffs2_do_fill_super
If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns
an error, we can observe the following kmemleak report:
--------------------------------------------
unreferenced object 0xffff888105a65340 (size 64):
comm "mount", pid 710, jiffies 4302851558 (age 58.239s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff859c45e5>] kmem_cache_alloc_trace+0x475/0x8a0
[<ffffffff86160146>] jffs2_sum_init+0x96/0x1a0
[<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120
[<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810
[<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0
[...]
unreferenced object 0xffff8881bd7f0000 (size 65536):
comm "mount", pid 710, jiffies 4302851558 (age 58.239s)
hex dump (first 32 bytes):
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
backtrace:
[<ffffffff858579ba>] kmalloc_order+0xda/0x110
[<ffffffff85857a11>] kmalloc_order_trace+0x21/0x130
[<ffffffff859c2ed1>] __kmalloc+0x711/0x8a0
[<ffffffff86160189>] jffs2_sum_init+0xd9/0x1a0
[<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120
[<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810
[<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0
[...]
--------------------------------------------
This is because the resources allocated in jffs2_sum_init() are not
released. Call jffs2_sum_exit() to release these resources to solve
the problem.
Severity ?
5.5 (Medium)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
e631ddba588783edd521c5a89f7b2902772fb691 , < 4ba7bbeab8009faf3a726e565d98816593ddd5b0
(git)
Affected: e631ddba588783edd521c5a89f7b2902772fb691 , < 4da8763a3d2b684c773b72ed80fad40bc264bc40 (git) Affected: e631ddba588783edd521c5a89f7b2902772fb691 , < 28048a4cf3813b7cf5cc8cce629dfdc7951cb1c2 (git) Affected: e631ddba588783edd521c5a89f7b2902772fb691 , < d3a4fff1e7e408c32649030daa7c2c42a7e19a95 (git) Affected: e631ddba588783edd521c5a89f7b2902772fb691 , < 3252d327f977b14663a10967f3b0930d6c325687 (git) Affected: e631ddba588783edd521c5a89f7b2902772fb691 , < ecc53e58596542791e82eff00702f8af7a313f70 (git) Affected: e631ddba588783edd521c5a89f7b2902772fb691 , < cf9db013e167bc8fc2ecd7a13ed97a37df0c9dab (git) Affected: e631ddba588783edd521c5a89f7b2902772fb691 , < 69295267c481545f636b69ff341b8db75aa136b9 (git) Affected: e631ddba588783edd521c5a89f7b2902772fb691 , < c14adb1cf70a984ed081c67e9d27bc3caad9537c (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:41:55.283015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:52.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jffs2/fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4ba7bbeab8009faf3a726e565d98816593ddd5b0",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "4da8763a3d2b684c773b72ed80fad40bc264bc40",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "28048a4cf3813b7cf5cc8cce629dfdc7951cb1c2",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "d3a4fff1e7e408c32649030daa7c2c42a7e19a95",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "3252d327f977b14663a10967f3b0930d6c325687",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "ecc53e58596542791e82eff00702f8af7a313f70",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "cf9db013e167bc8fc2ecd7a13ed97a37df0c9dab",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "69295267c481545f636b69ff341b8db75aa136b9",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
},
{
"lessThan": "c14adb1cf70a984ed081c67e9d27bc3caad9537c",
"status": "affected",
"version": "e631ddba588783edd521c5a89f7b2902772fb691",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jffs2/fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.15"
},
{
"lessThan": "2.6.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.318",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "2.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "2.6.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njffs2: fix memory leak in jffs2_do_fill_super\n\nIf jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns\nan error, we can observe the following kmemleak report:\n\n--------------------------------------------\nunreferenced object 0xffff888105a65340 (size 64):\n comm \"mount\", pid 710, jiffies 4302851558 (age 58.239s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffff859c45e5\u003e] kmem_cache_alloc_trace+0x475/0x8a0\n [\u003cffffffff86160146\u003e] jffs2_sum_init+0x96/0x1a0\n [\u003cffffffff86140e25\u003e] jffs2_do_mount_fs+0x745/0x2120\n [\u003cffffffff86149fec\u003e] jffs2_do_fill_super+0x35c/0x810\n [\u003cffffffff8614aae9\u003e] jffs2_fill_super+0x2b9/0x3b0\n [...]\nunreferenced object 0xffff8881bd7f0000 (size 65536):\n comm \"mount\", pid 710, jiffies 4302851558 (age 58.239s)\n hex dump (first 32 bytes):\n bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................\n bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................\n backtrace:\n [\u003cffffffff858579ba\u003e] kmalloc_order+0xda/0x110\n [\u003cffffffff85857a11\u003e] kmalloc_order_trace+0x21/0x130\n [\u003cffffffff859c2ed1\u003e] __kmalloc+0x711/0x8a0\n [\u003cffffffff86160189\u003e] jffs2_sum_init+0xd9/0x1a0\n [\u003cffffffff86140e25\u003e] jffs2_do_mount_fs+0x745/0x2120\n [\u003cffffffff86149fec\u003e] jffs2_do_fill_super+0x35c/0x810\n [\u003cffffffff8614aae9\u003e] jffs2_fill_super+0x2b9/0x3b0\n [...]\n--------------------------------------------\n\nThis is because the resources allocated in jffs2_sum_init() are not\nreleased. Call jffs2_sum_exit() to release these resources to solve\nthe problem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:28.528Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4ba7bbeab8009faf3a726e565d98816593ddd5b0"
},
{
"url": "https://git.kernel.org/stable/c/4da8763a3d2b684c773b72ed80fad40bc264bc40"
},
{
"url": "https://git.kernel.org/stable/c/28048a4cf3813b7cf5cc8cce629dfdc7951cb1c2"
},
{
"url": "https://git.kernel.org/stable/c/d3a4fff1e7e408c32649030daa7c2c42a7e19a95"
},
{
"url": "https://git.kernel.org/stable/c/3252d327f977b14663a10967f3b0930d6c325687"
},
{
"url": "https://git.kernel.org/stable/c/ecc53e58596542791e82eff00702f8af7a313f70"
},
{
"url": "https://git.kernel.org/stable/c/cf9db013e167bc8fc2ecd7a13ed97a37df0c9dab"
},
{
"url": "https://git.kernel.org/stable/c/69295267c481545f636b69ff341b8db75aa136b9"
},
{
"url": "https://git.kernel.org/stable/c/c14adb1cf70a984ed081c67e9d27bc3caad9537c"
}
],
"title": "jffs2: fix memory leak in jffs2_do_fill_super",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49381",
"datePublished": "2025-02-26T02:11:18.812Z",
"dateReserved": "2025-02-26T02:08:31.559Z",
"dateUpdated": "2025-10-01T19:46:52.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49366 (GCVE-0-2022-49366)
Vulnerability from cvelistv5 – Published: 2025-02-26 02:11 – Updated: 2025-10-01 19:46
VLAI?
EPSS
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix reference count leak in smb_check_perm_dacl()
The issue happens in a specific path in smb_check_perm_dacl(). When
"id" and "uid" have the same value, the function simply jumps out of
the loop without decrementing the reference count of the object
"posix_acls", which is increased by get_acl() earlier. This may
result in memory leaks.
Fix it by decreasing the reference count of "posix_acls" before
jumping to label "check_access_bits".
Severity ?
5.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
777cad1604d68ed4379ec899d1f7d2f6a29f01f0 , < cf824b95c12a1abacadbc2d069931963221a3414
(git)
Affected: 777cad1604d68ed4379ec899d1f7d2f6a29f01f0 , < 248d71b440aef829f5cc5f6545ca113ef5062900 (git) Affected: 777cad1604d68ed4379ec899d1f7d2f6a29f01f0 , < 9758a6653c27867d810de02b4e5697163dda9883 (git) Affected: 777cad1604d68ed4379ec899d1f7d2f6a29f01f0 , < d21a580dafc69aa04f46e6099616146a536b0724 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:34.679399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:53.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ksmbd/smbacl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cf824b95c12a1abacadbc2d069931963221a3414",
"status": "affected",
"version": "777cad1604d68ed4379ec899d1f7d2f6a29f01f0",
"versionType": "git"
},
{
"lessThan": "248d71b440aef829f5cc5f6545ca113ef5062900",
"status": "affected",
"version": "777cad1604d68ed4379ec899d1f7d2f6a29f01f0",
"versionType": "git"
},
{
"lessThan": "9758a6653c27867d810de02b4e5697163dda9883",
"status": "affected",
"version": "777cad1604d68ed4379ec899d1f7d2f6a29f01f0",
"versionType": "git"
},
{
"lessThan": "d21a580dafc69aa04f46e6099616146a536b0724",
"status": "affected",
"version": "777cad1604d68ed4379ec899d1f7d2f6a29f01f0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ksmbd/smbacl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix reference count leak in smb_check_perm_dacl()\n\nThe issue happens in a specific path in smb_check_perm_dacl(). When\n\"id\" and \"uid\" have the same value, the function simply jumps out of\nthe loop without decrementing the reference count of the object\n\"posix_acls\", which is increased by get_acl() earlier. This may\nresult in memory leaks.\n\nFix it by decreasing the reference count of \"posix_acls\" before\njumping to label \"check_access_bits\"."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:10.219Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cf824b95c12a1abacadbc2d069931963221a3414"
},
{
"url": "https://git.kernel.org/stable/c/248d71b440aef829f5cc5f6545ca113ef5062900"
},
{
"url": "https://git.kernel.org/stable/c/9758a6653c27867d810de02b4e5697163dda9883"
},
{
"url": "https://git.kernel.org/stable/c/d21a580dafc69aa04f46e6099616146a536b0724"
}
],
"title": "ksmbd: fix reference count leak in smb_check_perm_dacl()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49366",
"datePublished": "2025-02-26T02:11:11.250Z",
"dateReserved": "2025-02-26T02:08:31.555Z",
"dateUpdated": "2025-10-01T19:46:53.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49279 (GCVE-0-2022-49279)
Vulnerability from cvelistv5 – Published: 2025-02-26 01:56 – Updated: 2025-10-01 19:47
VLAI?
EPSS
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFSD: prevent integer overflow on 32 bit systems
On a 32 bit system, the "len * sizeof(*p)" operation can have an
integer overflow.
Severity ?
5.5 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3a2789e8ccb4a3e2a631f6817a2d3bb98b8c4fd8
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ce1aa09cc14ed625104acc2d487bd92b9a88efe2 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7af164fa2f1abc577d357d22d83a2f3490875d7e (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 303cd6173dce0a28d26526c77814eb90a41bd898 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 79b1c54fc6ce09ee0d5fe088bb3de26ae2150e3c (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e4195d27306ea468a6dc3a27af6f586709951229 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 23a9dbbe0faf124fc4c139615633b9d12a3a89ef (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:45:26.432021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:47:01.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/sunrpc/xdr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3a2789e8ccb4a3e2a631f6817a2d3bb98b8c4fd8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ce1aa09cc14ed625104acc2d487bd92b9a88efe2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7af164fa2f1abc577d357d22d83a2f3490875d7e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "303cd6173dce0a28d26526c77814eb90a41bd898",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "79b1c54fc6ce09ee0d5fe088bb3de26ae2150e3c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e4195d27306ea468a6dc3a27af6f586709951229",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "23a9dbbe0faf124fc4c139615633b9d12a3a89ef",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/sunrpc/xdr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.189",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: prevent integer overflow on 32 bit systems\n\nOn a 32 bit system, the \"len * sizeof(*p)\" operation can have an\ninteger overflow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:03.361Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3a2789e8ccb4a3e2a631f6817a2d3bb98b8c4fd8"
},
{
"url": "https://git.kernel.org/stable/c/ce1aa09cc14ed625104acc2d487bd92b9a88efe2"
},
{
"url": "https://git.kernel.org/stable/c/7af164fa2f1abc577d357d22d83a2f3490875d7e"
},
{
"url": "https://git.kernel.org/stable/c/303cd6173dce0a28d26526c77814eb90a41bd898"
},
{
"url": "https://git.kernel.org/stable/c/79b1c54fc6ce09ee0d5fe088bb3de26ae2150e3c"
},
{
"url": "https://git.kernel.org/stable/c/e4195d27306ea468a6dc3a27af6f586709951229"
},
{
"url": "https://git.kernel.org/stable/c/23a9dbbe0faf124fc4c139615633b9d12a3a89ef"
}
],
"title": "NFSD: prevent integer overflow on 32 bit systems",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49279",
"datePublished": "2025-02-26T01:56:22.051Z",
"dateReserved": "2025-02-26T01:49:39.298Z",
"dateUpdated": "2025-10-01T19:47:01.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49300 (GCVE-0-2022-49300)
Vulnerability from cvelistv5 – Published: 2025-02-26 02:10 – Updated: 2025-10-01 19:46
VLAI?
EPSS
Summary
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix race between nbd_alloc_config() and module removal
When nbd module is being removing, nbd_alloc_config() may be
called concurrently by nbd_genl_connect(), although try_module_get()
will return false, but nbd_alloc_config() doesn't handle it.
The race may lead to the leak of nbd_config and its related
resources (e.g, recv_workq) and oops in nbd_read_stat() due
to the unload of nbd module as shown below:
BUG: kernel NULL pointer dereference, address: 0000000000000040
Oops: 0000 [#1] SMP PTI
CPU: 5 PID: 13840 Comm: kworker/u17:33 Not tainted 5.14.0+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
Workqueue: knbd16-recv recv_work [nbd]
RIP: 0010:nbd_read_stat.cold+0x130/0x1a4 [nbd]
Call Trace:
recv_work+0x3b/0xb0 [nbd]
process_one_work+0x1ed/0x390
worker_thread+0x4a/0x3d0
kthread+0x12a/0x150
ret_from_fork+0x22/0x30
Fixing it by checking the return value of try_module_get()
in nbd_alloc_config(). As nbd_alloc_config() may return ERR_PTR(-ENODEV),
assign nbd->config only when nbd_alloc_config() succeeds to ensure
the value of nbd->config is binary (valid or NULL).
Also adding a debug message to check the reference counter
of nbd_config during module removal.
Severity ?
4.7 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 165cf2e0019fa6cedc75b456490c41494c34abb4
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2573f2375b64280be977431701ed5d33b75b9ad0 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8a7da4ced236ce6637fe70f14ca18e718d4bf9e9 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 122e4adaff2439f1cc18cc7e931980fa7560df5c (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 71c142f910da44421213ade601bcbd23ceae19fa (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2888fa41985f93ed0a6837cfbb06bcbfd7fa2314 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d09525720dd5201756f698bee1076de9aefd4602 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c55b2b983b0fa012942c3eb16384b2b722caa810 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:44:48.211252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:59.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "165cf2e0019fa6cedc75b456490c41494c34abb4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2573f2375b64280be977431701ed5d33b75b9ad0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8a7da4ced236ce6637fe70f14ca18e718d4bf9e9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "122e4adaff2439f1cc18cc7e931980fa7560df5c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "71c142f910da44421213ade601bcbd23ceae19fa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2888fa41985f93ed0a6837cfbb06bcbfd7fa2314",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d09525720dd5201756f698bee1076de9aefd4602",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c55b2b983b0fa012942c3eb16384b2b722caa810",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/block/nbd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.247",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix race between nbd_alloc_config() and module removal\n\nWhen nbd module is being removing, nbd_alloc_config() may be\ncalled concurrently by nbd_genl_connect(), although try_module_get()\nwill return false, but nbd_alloc_config() doesn\u0027t handle it.\n\nThe race may lead to the leak of nbd_config and its related\nresources (e.g, recv_workq) and oops in nbd_read_stat() due\nto the unload of nbd module as shown below:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000040\n Oops: 0000 [#1] SMP PTI\n CPU: 5 PID: 13840 Comm: kworker/u17:33 Not tainted 5.14.0+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: knbd16-recv recv_work [nbd]\n RIP: 0010:nbd_read_stat.cold+0x130/0x1a4 [nbd]\n Call Trace:\n recv_work+0x3b/0xb0 [nbd]\n process_one_work+0x1ed/0x390\n worker_thread+0x4a/0x3d0\n kthread+0x12a/0x150\n ret_from_fork+0x22/0x30\n\nFixing it by checking the return value of try_module_get()\nin nbd_alloc_config(). As nbd_alloc_config() may return ERR_PTR(-ENODEV),\nassign nbd-\u003econfig only when nbd_alloc_config() succeeds to ensure\nthe value of nbd-\u003econfig is binary (valid or NULL).\n\nAlso adding a debug message to check the reference counter\nof nbd_config during module removal."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:34:38.163Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/165cf2e0019fa6cedc75b456490c41494c34abb4"
},
{
"url": "https://git.kernel.org/stable/c/2573f2375b64280be977431701ed5d33b75b9ad0"
},
{
"url": "https://git.kernel.org/stable/c/8a7da4ced236ce6637fe70f14ca18e718d4bf9e9"
},
{
"url": "https://git.kernel.org/stable/c/122e4adaff2439f1cc18cc7e931980fa7560df5c"
},
{
"url": "https://git.kernel.org/stable/c/71c142f910da44421213ade601bcbd23ceae19fa"
},
{
"url": "https://git.kernel.org/stable/c/2888fa41985f93ed0a6837cfbb06bcbfd7fa2314"
},
{
"url": "https://git.kernel.org/stable/c/d09525720dd5201756f698bee1076de9aefd4602"
},
{
"url": "https://git.kernel.org/stable/c/c55b2b983b0fa012942c3eb16384b2b722caa810"
}
],
"title": "nbd: fix race between nbd_alloc_config() and module removal",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49300",
"datePublished": "2025-02-26T02:10:35.594Z",
"dateReserved": "2025-02-26T02:08:31.534Z",
"dateUpdated": "2025-10-01T19:46:59.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-49365 (GCVE-0-2022-49365)
Vulnerability from cvelistv5 – Published: 2025-02-26 02:11 – Updated: 2025-10-01 19:46
VLAI?
EPSS
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq()
The > ARRAY_SIZE() should be >= ARRAY_SIZE() to prevent an out of bounds
access.
Severity ?
5.5 (Medium)
CWE
- CWE-193 - Off-by-one Error
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
734d5ce02cb069cccedc993d8f1dc0ea41cfa3dd , < ec9ec3bc08b18c5b1b2feafd306ea7c348013898
(git)
Affected: e27c41d5b0681c597ac1894f4e02cf626e062250 , < b0808b7a04157b3f56e919f27023fec37a075fad (git) Affected: e27c41d5b0681c597ac1894f4e02cf626e062250 , < 607c5cd1a08e196d9f2bd3b25a8083ed27ad7ceb (git) Affected: e27c41d5b0681c597ac1894f4e02cf626e062250 , < a35faec3db0e13aac8ea720bc1a3503081dd5a3d (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:42:38.034710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:53.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec9ec3bc08b18c5b1b2feafd306ea7c348013898",
"status": "affected",
"version": "734d5ce02cb069cccedc993d8f1dc0ea41cfa3dd",
"versionType": "git"
},
{
"lessThan": "b0808b7a04157b3f56e919f27023fec37a075fad",
"status": "affected",
"version": "e27c41d5b0681c597ac1894f4e02cf626e062250",
"versionType": "git"
},
{
"lessThan": "607c5cd1a08e196d9f2bd3b25a8083ed27ad7ceb",
"status": "affected",
"version": "e27c41d5b0681c597ac1894f4e02cf626e062250",
"versionType": "git"
},
{
"lessThan": "a35faec3db0e13aac8ea720bc1a3503081dd5a3d",
"status": "affected",
"version": "e27c41d5b0681c597ac1894f4e02cf626e062250",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.4",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Off by one in dm_dmub_outbox1_low_irq()\n\nThe \u003e ARRAY_SIZE() should be \u003e= ARRAY_SIZE() to prevent an out of bounds\naccess."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:36:08.886Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec9ec3bc08b18c5b1b2feafd306ea7c348013898"
},
{
"url": "https://git.kernel.org/stable/c/b0808b7a04157b3f56e919f27023fec37a075fad"
},
{
"url": "https://git.kernel.org/stable/c/607c5cd1a08e196d9f2bd3b25a8083ed27ad7ceb"
},
{
"url": "https://git.kernel.org/stable/c/a35faec3db0e13aac8ea720bc1a3503081dd5a3d"
}
],
"title": "drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49365",
"datePublished": "2025-02-26T02:11:10.768Z",
"dateReserved": "2025-02-26T02:08:31.554Z",
"dateUpdated": "2025-10-01T19:46:53.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…