CVE-2005/CVE-2005-23xx/CVE-2005-2347.json

@@ -1,16 +0,0 @@
-{
-  "id": "CVE-2005-2347",
-  "sourceIdentifier": "security@debian.org",
-  "published": "2025-06-19T11:15:23.593",
-  "lastModified": "2025-06-19T11:15:23.593",
-  "vulnStatus": "Rejected",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
-    }
-  ],
-  "metrics": {},
-  "references": []
-}

CVE-2016/CVE-2016-33xx/CVE-2016-3399.json

@@ -1,16 +0,0 @@
-{
-  "id": "CVE-2016-3399",
-  "sourceIdentifier": "security@debian.org",
-  "published": "2025-06-19T09:15:21.290",
-  "lastModified": "2025-06-19T09:15:21.290",
-  "vulnStatus": "Rejected",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
-    }
-  ],
-  "metrics": {},
-  "references": []
-}

CVE-2020/CVE-2020-138xx/CVE-2020-13880.json

@@ -2,7 +2,7 @@
   "id": "CVE-2020-13880",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-01-05T09:15:08.587",
-  "lastModified": "2025-06-18T16:15:19.850",
+  "lastModified": "2024-11-21T05:02:03.877",
   "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
@@ -36,26 +36,6 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 5.9
-      },
-      {
-        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
-        "type": "Secondary",
-        "cvssData": {
-          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
-          "baseScore": 9.8,
-          "baseSeverity": "CRITICAL",
-          "attackVector": "NETWORK",
-          "attackComplexity": "LOW",
-          "privilegesRequired": "NONE",
-          "userInteraction": "NONE",
-          "scope": "UNCHANGED",
-          "confidentialityImpact": "HIGH",
-          "integrityImpact": "HIGH",
-          "availabilityImpact": "HIGH"
-        },
-        "exploitabilityScore": 3.9,
-        "impactScore": 5.9
       }
     ]
   },
@@ -69,16 +49,6 @@
           "value": "CWE-787"
         }
       ]
-    },
-    {
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
-      "type": "Secondary",
-      "description": [
-        {
-          "lang": "en",
-          "value": "CWE-787"
-        }
-      ]
     }
   ],
   "configurations": [

CVE-2021/CVE-2021-204xx/CVE-2021-20450.json

@@ -2,8 +2,8 @@
   "id": "CVE-2021-20450",
   "sourceIdentifier": "psirt@us.ibm.com",
   "published": "2024-05-03T17:15:07.363",
-  "lastModified": "2025-06-18T15:21:00.173",
+  "lastModified": "2024-12-05T21:15:06.663",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
@@ -51,61 +51,22 @@
       ]
     }
   ],
-  "configurations": [
-    {
-      "nodes": [
-        {
-          "operator": "OR",
-          "negate": false,
-          "cpeMatch": [
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*",
-              "matchCriteriaId": "04E5A9C3-0F44-40C1-B6B6-92839E386F56"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*",
-              "matchCriteriaId": "7AA07D9A-71F7-446A-8A8E-DD8C357666F0"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*",
-              "matchCriteriaId": "4BB85020-BF02-4C91-B494-93FB19185006"
-            }
-          ]
-        }
-      ]
-    }
-  ],
   "references": [
     {
       "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196640",
-      "source": "psirt@us.ibm.com",
+      "source": "psirt@us.ibm.com"
-      "tags": [
-        "Vendor Advisory"
-      ]
     },
     {
       "url": "https://www.ibm.com/support/pages/node/7149876",
-      "source": "psirt@us.ibm.com",
+      "source": "psirt@us.ibm.com"
-      "tags": [
-        "Vendor Advisory"
-      ]
     },
     {
       "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196640",
-      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
-      "tags": [
-        "Vendor Advisory"
-      ]
     },
     {
       "url": "https://www.ibm.com/support/pages/node/7149876",
-      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
-      "tags": [
-        "Vendor Advisory"
-      ]
     }
   ]
 }

CVE-2021/CVE-2021-382xx/CVE-2021-38243.json

@@ -2,7 +2,7 @@
   "id": "CVE-2021-38243",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-09-27T15:15:54.463",
-  "lastModified": "2025-06-18T15:15:19.803",
+  "lastModified": "2024-11-21T06:16:41.073",
   "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
@@ -36,26 +36,6 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 5.9
-      },
-      {
-        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
-        "type": "Secondary",
-        "cvssData": {
-          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
-          "baseScore": 9.8,
-          "baseSeverity": "CRITICAL",
-          "attackVector": "NETWORK",
-          "attackComplexity": "LOW",
-          "privilegesRequired": "NONE",
-          "userInteraction": "NONE",
-          "scope": "UNCHANGED",
-          "confidentialityImpact": "HIGH",
-          "integrityImpact": "HIGH",
-          "availabilityImpact": "HIGH"
-        },
-        "exploitabilityScore": 3.9,
-        "impactScore": 5.9
       }
     ]
   },
@@ -69,16 +49,6 @@
           "value": "NVD-CWE-noinfo"
         }
       ]
-    },
-    {
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
-      "type": "Secondary",
-      "description": [
-        {
-          "lang": "en",
-          "value": "CWE-94"
-        }
-      ]
     }
   ],
   "configurations": [

CVE-2021/CVE-2021-471xx/CVE-2021-47144.json

@@ -2,15 +2,174 @@
   "id": "CVE-2021-47144",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2024-03-25T09:15:08.950",
-  "lastModified": "2025-06-19T14:15:24.327",
+  "lastModified": "2024-12-17T14:49:22.333",
-  "vulnStatus": "Rejected",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: fix refcount leak\n\n[Why]\nthe gem object rfb->base.obj[0] is get according to num_planes\nin amdgpufb_create, but is not put according to num_planes\n\n[How]\nput rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes"
+    },
+    {
+      "lang": "es",
+      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/amdgpu: corrige la fuga de refcount [Por qu\u00e9] el objeto gema rfb->base.obj[0] se obtiene seg\u00fan num_planes en amdgpufb_create, pero no se coloca seg\u00fan num_planes en amdgpufb_create num_planes [C\u00f3mo] poner rfb->base.obj[0] en amdgpu_fbdev_destroy seg\u00fan num_planes"
     }
   ],
-  "metrics": {},
+  "metrics": {
-  "references": []
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "NVD-CWE-Other"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "4.19.193",
+              "matchCriteriaId": "A3FDF344-70E4-41FE-8424-F05D70B8DC0F"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "5.4.0",
+              "versionEndExcluding": "5.4.124",
+              "matchCriteriaId": "F717E3E3-B420-411F-AECC-2D26A9F33F0F"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "5.10.0",
+              "versionEndExcluding": "5.10.42",
+              "matchCriteriaId": "18765089-FB00-4E06-82C2-69FE64CAB42D"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "5.12.0",
+              "versionEndExcluding": "5.12.9",
+              "matchCriteriaId": "B1F28E29-3C08-49BB-BCE1-C601F43C091D"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
+              "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
+              "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/599e5d61ace952b0bb9bd942b198bbd0cfded1d7",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/95a4ec905e51a30c64cf2d78b04a7acbeae5ca94",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/9fdb8ed37a3a44f9c49372b69f87fd5f61cb3240",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/dde2656e0bbb2ac7d83a7bd95a8d5c3c95bbc009",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/fa7e6abc75f3d491bc561734312d065dc9dc2a77",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/599e5d61ace952b0bb9bd942b198bbd0cfded1d7",
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/95a4ec905e51a30c64cf2d78b04a7acbeae5ca94",
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/9fdb8ed37a3a44f9c49372b69f87fd5f61cb3240",
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/dde2656e0bbb2ac7d83a7bd95a8d5c3c95bbc009",
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/fa7e6abc75f3d491bc561734312d065dc9dc2a77",
+      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "tags": [
+        "Patch"
+      ]
+    }
+  ]
 }

CVE-2022/CVE-2022-14xx/CVE-2022-1471.json

@@ -2,7 +2,7 @@
   "id": "CVE-2022-1471",
   "sourceIdentifier": "cve-coordination@google.com",
   "published": "2022-12-01T11:15:10.553",
-  "lastModified": "2025-06-18T09:15:47.243",
+  "lastModified": "2025-02-13T17:15:35.627",
   "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
@@ -116,10 +116,6 @@
         "Third Party Advisory"
       ]
     },
-    {
-      "url": "https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html",
-      "source": "cve-coordination@google.com"
-    },
     {
       "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
       "source": "cve-coordination@google.com",
@@ -140,10 +136,6 @@
       "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc",
       "source": "cve-coordination@google.com"
     },
-    {
-      "url": "https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c",
-      "source": "cve-coordination@google.com"
-    },
     {
       "url": "https://security.netapp.com/advisory/ntap-20230818-0015/",
       "source": "cve-coordination@google.com"

CVE-2022/CVE-2022-215xx/CVE-2022-21505.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-21505",
   "sourceIdentifier": "secalert_us@oracle.com",
   "published": "2024-12-24T19:15:06.763",
-  "lastModified": "2025-06-18T20:42:10.643",
+  "lastModified": "2024-12-27T17:15:06.320",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
@@ -51,47 +51,14 @@
       ]
     }
   ],
-  "configurations": [
-    {
-      "nodes": [
-        {
-          "operator": "OR",
-          "negate": false,
-          "cpeMatch": [
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
-              "matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:oracle:linux:8:-:*:*:*:*:*:*",
-              "matchCriteriaId": "CA9021D6-6027-42E9-A12D-7EA32C5C63F1"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:oracle:linux:9:-:*:*:*:*:*:*",
-              "matchCriteriaId": "9E6116DA-D643-4C6D-8B90-0A41125F1EF0"
-            }
-          ]
-        }
-      ]
-    }
-  ],
   "references": [
     {
       "url": "https://git.kernel.org/linus/543ce63b664e2c2f9533d089a4664b559c3e6b5b",
-      "source": "secalert_us@oracle.com",
+      "source": "secalert_us@oracle.com"
-      "tags": [
-        "Broken Link"
-      ]
     },
     {
       "url": "https://linux.oracle.com/cve/CVE-2022-21505.html",
-      "source": "secalert_us@oracle.com",
+      "source": "secalert_us@oracle.com"
-      "tags": [
-        "Vendor Advisory"
-      ]
     }
   ]
 }

CVE-2022/CVE-2022-289xx/CVE-2022-28975.json

@@ -2,7 +2,7 @@
   "id": "CVE-2022-28975",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-01-09T14:15:45.647",
-  "lastModified": "2025-06-18T17:15:26.230",
+  "lastModified": "2024-11-21T06:58:16.340",
   "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
@@ -36,26 +36,6 @@
         },
         "exploitabilityScore": 2.3,
         "impactScore": 2.7
-      },
-      {
-        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
-        "type": "Secondary",
-        "cvssData": {
-          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
-          "baseScore": 5.4,
-          "baseSeverity": "MEDIUM",
-          "attackVector": "NETWORK",
-          "attackComplexity": "LOW",
-          "privilegesRequired": "LOW",
-          "userInteraction": "REQUIRED",
-          "scope": "CHANGED",
-          "confidentialityImpact": "LOW",
-          "integrityImpact": "LOW",
-          "availabilityImpact": "NONE"
-        },
-        "exploitabilityScore": 2.3,
-        "impactScore": 2.7
       }
     ]
   },
@@ -69,16 +49,6 @@
           "value": "CWE-79"
         }
       ]
-    },
-    {
-      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
-      "type": "Secondary",
-      "description": [
-        {
-          "lang": "en",
-          "value": "CWE-79"
-        }
-      ]
     }
   ],
   "configurations": [

CVE-2022/CVE-2022-432xx/CVE-2022-43216.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-43216",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-04-08T12:15:08.017",
-  "lastModified": "2025-06-18T18:34:07.987",
+  "lastModified": "2024-11-21T07:26:03.743",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Undergoing Analysis",
   "cveTags": [],
   "descriptions": [
     {
@@ -51,52 +51,22 @@
       ]
     }
   ],
-  "configurations": [
-    {
-      "nodes": [
-        {
-          "operator": "OR",
-          "negate": false,
-          "cpeMatch": [
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:a:abrhil:lista_de_asistenci:*:*:*:*:*:*:*:*",
-              "versionEndExcluding": "5.6.2",
-              "matchCriteriaId": "C87E0702-92E1-4AE1-A140-663508A414EC"
-            }
-          ]
-        }
-      ]
-    }
-  ],
   "references": [
     {
       "url": "https://abrhil.com/",
-      "source": "cve@mitre.org",
+      "source": "cve@mitre.org"
-      "tags": [
-        "Product"
-      ]
     },
     {
       "url": "https://github.com/blackarrowsec/advisories/tree/master/2022/CVE-2022-43216",
-      "source": "cve@mitre.org",
+      "source": "cve@mitre.org"
-      "tags": [
-        "Third Party Advisory"
-      ]
     },
     {
       "url": "https://abrhil.com/",
-      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
-      "tags": [
-        "Product"
-      ]
     },
     {
       "url": "https://github.com/blackarrowsec/advisories/tree/master/2022/CVE-2022-43216",
-      "source": "af854a3a-2127-422b-91ae-364da2661108",
+      "source": "af854a3a-2127-422b-91ae-364da2661108"
-      "tags": [
-        "Third Party Advisory"
-      ]
     }
   ]
 }

CVE-2022/CVE-2022-438xx/CVE-2022-43840.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-43840",
   "sourceIdentifier": "psirt@us.ibm.com",
   "published": "2025-04-14T21:15:16.200",
-  "lastModified": "2025-06-19T00:37:04.670",
+  "lastModified": "2025-04-15T21:15:46.440",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
@@ -51,32 +51,10 @@
       ]
     }
   ],
-  "configurations": [
-    {
-      "nodes": [
-        {
-          "operator": "OR",
-          "negate": false,
-          "cpeMatch": [
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:*",
-              "versionStartIncluding": "3.4.0",
-              "versionEndIncluding": "3.4.4",
-              "matchCriteriaId": "682EB2AD-DD53-43FC-8A8E-7A3BDE927467"
-            }
-          ]
-        }
-      ]
-    }
-  ],
   "references": [
     {
       "url": "https://www.ibm.com/support/pages/node/7169766",
-      "source": "psirt@us.ibm.com",
+      "source": "psirt@us.ibm.com"
-      "tags": [
-        "Vendor Advisory"
-      ]
     }
   ]
 }

CVE-2022/CVE-2022-488xx/CVE-2022-48849.json

@@ -2,7 +2,7 @@
   "id": "CVE-2022-48849",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2024-07-16T13:15:12.103",
-  "lastModified": "2025-06-19T13:15:21.690",
+  "lastModified": "2024-11-21T07:34:12.480",
   "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
@@ -91,6 +91,13 @@
         "Patch"
       ]
     },
+    {
+      "url": "https://git.kernel.org/stable/c/fcd1d79aa943fff4fbaa0cce1d576995a7960699",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
     {
       "url": "https://git.kernel.org/stable/c/cb29021be49858059138f75d6311a7c35a9379b2",
       "source": "af854a3a-2127-422b-91ae-364da2661108",

CVE-2022/CVE-2022-489xx/CVE-2022-48935.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-48935",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2024-08-22T04:15:16.877",
-  "lastModified": "2025-06-19T13:15:21.983",
+  "lastModified": "2024-08-23T01:45:31.280",
-  "vulnStatus": "Modified",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -105,6 +105,13 @@
         "Patch"
       ]
     },
+    {
+      "url": "https://git.kernel.org/stable/c/88c795491bf45a8c08a0f94c9ca4f13722e51013",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
     {
       "url": "https://git.kernel.org/stable/c/8ffb8ac3448845f65634889b051bd65e4dee484b",
       "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@@ -112,6 +119,13 @@
         "Patch"
       ]
     },
+    {
+      "url": "https://git.kernel.org/stable/c/b05a24cc453e3cd51b0c79e3c583b5d495eba1d6",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
     {
       "url": "https://git.kernel.org/stable/c/b4fcc081e527aa2ce12e956912fc47e251f6bd27",
       "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

CVE-2022/CVE-2022-489xx/CVE-2022-48941.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-48941",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2024-08-22T04:15:17.967",
-  "lastModified": "2025-06-19T13:15:22.263",
+  "lastModified": "2024-08-22T18:41:37.090",
-  "vulnStatus": "Modified",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -84,6 +84,13 @@
     }
   ],
   "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/05ae1f0fe9c6c5ead08b306e665763a352d20716",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
     {
       "url": "https://git.kernel.org/stable/c/2a3e61de89bab6696aa28b70030eb119968c5586",
       "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

CVE-2022/CVE-2022-491xx/CVE-2022-49152.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-49152",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2025-02-26T07:00:52.440",
-  "lastModified": "2025-06-19T13:15:22.587",
+  "lastModified": "2025-03-13T21:58:23.127",
-  "vulnStatus": "Modified",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -105,12 +105,40 @@
         "Patch"
       ]
     },
+    {
+      "url": "https://git.kernel.org/stable/c/1ac49c8fd49fdf53d3cd8b77eb8ffda08d7fbe22",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/29968329b926d238e3107ec071a250397555d264",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/3e2852eda19ee1a400cd809d7a9322680f34a262",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
     {
       "url": "https://git.kernel.org/stable/c/3e3c658055c002900982513e289398a1aad4a488",
       "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
       "tags": [
         "Patch"
       ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/7521a97b1929042604bef6859f62fa8b4bbc077b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
     }
   ]
 }

CVE-2022/CVE-2022-492xx/CVE-2022-49299.json

@@ -2,15 +2,185 @@
   "id": "CVE-2022-49299",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2025-02-26T07:01:06.727",
-  "lastModified": "2025-06-19T14:15:34.170",
+  "lastModified": "2025-04-14T19:49:30.960",
-  "vulnStatus": "Rejected",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: gadget: don't reset gadget's driver->bus\n\nUDC driver should not touch gadget's driver internals, especially it\nshould not reset driver->bus. This wasn't harmful so far, but since\ncommit fc274c1e9973 (\"USB: gadget: Add a new bus for gadgets\") gadget\nsubsystem got it's own bus and messing with ->bus triggers the\nfollowing NULL pointer dereference:\n\ndwc2 12480000.hsotg: bound driver g_ether\n8<--- cut here ---\nUnable to handle kernel NULL pointer dereference at virtual address 00000000\n[00000000] *pgd=00000000\nInternal error: Oops: 5 [#1] SMP ARM\nModules linked in: ...\nCPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862\nHardware name: Samsung Exynos (Flattened Device Tree)\nPC is at module_add_driver+0x44/0xe8\nLR is at sysfs_do_create_link_sd+0x84/0xe0\n...\nProcess modprobe (pid: 620, stack limit = 0x(ptrval))\n...\n module_add_driver from bus_add_driver+0xf4/0x1e4\n bus_add_driver from driver_register+0x78/0x10c\n driver_register from usb_gadget_register_driver_owner+0x40/0xb4\n usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0\n do_one_initcall from do_init_module+0x44/0x1c8\n do_init_module from load_module+0x19b8/0x1b9c\n load_module from sys_finit_module+0xdc/0xfc\n sys_finit_module from ret_fast_syscall+0x0/0x54\nException stack(0xf1771fa8 to 0xf1771ff0)\n...\ndwc2 12480000.hsotg: new device is high-speed\n---[ end trace 0000000000000000 ]---\n\nFix this by removing driver->bus entry reset."
+    },
+    {
+      "lang": "es",
+      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc2: gadget: no restablezca el controlador UDC del bus del gadget-&gt;controlador no debe tocar los componentes internos del controlador del gadget, especialmente no debe restablecer el controlador UDC del bus del gadget-&gt;controlador. Esto no fue da\u00f1ino hasta ahora, pero desde el commit fc274c1e9973 (\"USB: gadget: Agregar un nuevo bus para gadgets\") el subsistema de gadget tiene su propio bus y jugar con -&gt;bus desencadena la siguiente desreferencia de puntero NULL: dwc2 12480000.hsotg: controlador vinculado g_ether 8&lt;--- corte aqu\u00ed --- No se puede manejar la desreferencia de puntero NULL del kernel en la direcci\u00f3n virtual 00000000 [00000000] *pgd=00000000 Error interno: Oops: 5 [#1] M\u00f3dulos SMP ARM vinculados en: ... CPU: 0 PID: 620 Comm: modprobe No contaminado 5.18.0-rc5-next-20220504 #11862 Nombre del hardware: Samsung Exynos (\u00e1rbol de dispositivos aplanado) La PC est\u00e1 en module_add_driver+0x44/0xe8 LR est\u00e1 en sysfs_do_create_link_sd+0x84/0xe0 ... Procesar modprobe (pid: 620, l\u00edmite de pila = 0x(ptrval)) ... module_add_driver desde bus_add_driver+0xf4/0x1e4 bus_add_driver desde driver_register+0x78/0x10c driver_register desde usb_gadget_register_driver_owner+0x40/0xb4 usb_gadget_register_driver_owner desde do_one_initcall+0x44/0x1e0 do_one_initcall desde do_init_module+0x44/0x1c8 do_init_module desde load_module+0x19b8/0x1b9c load_module desde sys_finit_module+0xdc/0xfc sys_finit_module de ret_fast_syscall+0x0/0x54 Pila de excepciones (0xf1771fa8 a 0xf1771ff0) ... dwc2 12480000.hsotg: el nuevo dispositivo es de alta velocidad ---[ fin de seguimiento 000000000000000 ]--- Solucione esto eliminando el restablecimiento de la entrada del bus del controlador."
     }
   ],
-  "metrics": {},
+  "metrics": {
-  "references": []
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "4.9.318",
+              "matchCriteriaId": "0D4D4067-974D-4560-8320-22FDA399E3F9"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "4.10",
+              "versionEndExcluding": "4.14.283",
+              "matchCriteriaId": "D6823775-2653-4644-A0D4-4E6E68F10C65"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "4.15",
+              "versionEndExcluding": "4.19.247",
+              "matchCriteriaId": "B8CFA0F4-2D75-41F4-9753-87944A08B53B"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "4.20",
+              "versionEndExcluding": "5.4.198",
+              "matchCriteriaId": "3EC49633-14DE-4EBD-BB80-76AE2E3EABB9"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "5.5",
+              "versionEndExcluding": "5.10.122",
+              "matchCriteriaId": "1B42AA01-44D8-4572-95E6-FF8E374CF9C5"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "5.11",
+              "versionEndExcluding": "5.15.47",
+              "matchCriteriaId": "FC042EE3-4864-4325-BE0B-4BCDBF11AA61"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "5.16",
+              "versionEndExcluding": "5.17.15",
+              "matchCriteriaId": "53E7AA2E-2FB4-45CA-A22B-08B4EDBB51AD"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+              "versionStartIncluding": "5.18",
+              "versionEndExcluding": "5.18.4",
+              "matchCriteriaId": "FA6D643C-6D6A-4821-8A8D-B5776B8F0103"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    }
+  ]
 }

CVE-2022/CVE-2022-493xx/CVE-2022-49352.json

@@ -2,7 +2,7 @@
   "id": "CVE-2022-49352",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2025-02-26T07:01:11.920",
-  "lastModified": "2025-06-19T13:15:23.173",
+  "lastModified": "2025-02-26T07:01:11.920",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -17,6 +17,10 @@
   ],
   "metrics": {},
   "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/0ab308d72af7548f21e4499d025c25887da0c26a",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
     {
       "url": "https://git.kernel.org/stable/c/1bcce88da60eccc946c0f4ed942b0f08cd565778",
       "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

CVE-2022/CVE-2022-494xx/CVE-2022-49412.json

@@ -2,8 +2,8 @@
   "id": "CVE-2022-49412",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2025-02-26T07:01:17.703",
-  "lastModified": "2025-06-19T13:15:23.390",
+  "lastModified": "2025-03-24T19:52:31.537",
-  "vulnStatus": "Modified",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
@@ -105,6 +105,13 @@
         "Patch"
       ]
     },
+    {
+      "url": "https://git.kernel.org/stable/c/7d172b9dc913e161d8ff88770eea01701ff553de",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
     {
       "url": "https://git.kernel.org/stable/c/8abc8763b11c35e03cc91d59fd0cd28d39f88ca9",
       "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@@ -112,6 +119,13 @@
         "Patch"
       ]
     },
+    {
+      "url": "https://git.kernel.org/stable/c/97be7d13fbd4001eeab49b1be6399f23a8c66160",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+      "tags": [
+        "Patch"
+      ]
+    },
     {
       "url": "https://git.kernel.org/stable/c/a16c65cca7d2c7ff965fdd3adc8df2156529caf1",
       "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

CVE-2022/CVE-2022-494xx/CVE-2022-49418.json

@@ -2,7 +2,7 @@
   "id": "CVE-2022-49418",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2025-02-26T07:01:18.260",
-  "lastModified": "2025-06-19T13:15:23.660",
+  "lastModified": "2025-02-26T07:01:18.260",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -24,6 +24,10 @@
     {
       "url": "https://git.kernel.org/stable/c/c3ed222745d9ad7b69299b349a64ba533c64a34f",
       "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/eb1fe9600b86c24a789046bfc5c6851dda119280",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
     }
   ]
 }

CVE-2022/CVE-2022-495xx/CVE-2022-49558.json

@@ -2,7 +2,7 @@
   "id": "CVE-2022-49558",
   "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   "published": "2025-02-26T07:01:31.597",
-  "lastModified": "2025-06-19T13:15:23.990",
+  "lastModified": "2025-02-26T07:01:31.597",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -37,6 +37,10 @@
       "url": "https://git.kernel.org/stable/c/b09e6ccf0d12f9356e8e3508d3e3dce126298538",
       "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
     },
+    {
+      "url": "https://git.kernel.org/stable/c/c73955a09408e7374d9abfd0e78ce3de9cda0635",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
     {
       "url": "https://git.kernel.org/stable/c/f9a43007d3f7ba76d5e7f9421094f00f2ef202f8",
       "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

CVE-2022/CVE-2022-499xx/CVE-2022-49934.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-49934",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:19.400",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix UAF in ieee80211_scan_rx()\n\nieee80211_scan_rx() tries to access scan_req->flags after a\nnull check, but a UAF is observed when the scan is completed\nand __ieee80211_scan_completed() executes, which then calls\ncfg80211_scan_done() leading to the freeing of scan_req.\n\nSince scan_req is rcu_dereference()'d, prevent the racing in\n__ieee80211_scan_completed() by ensuring that from mac80211's\nPOV it is no longer accessed from an RCU read critical section\nbefore we call cfg80211_scan_done()."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/4abc8c07a065ecf771827bde3c63fbbe4aa0c08b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5d20c6f932f2758078d0454729129c894fe353e7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/60deb9f10eec5c6a20252ed36238b55d8b614a2c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/6eb181a64fdabf10be9e54de728876667da20255",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/78a07732fbb0934d14827d8f09b9aa6a49ee1aa9",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9ad48cbf8b07f10c1e4a7a262b32a9179ae9dd2d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c0445feb80a4d0854898118fa01073701f8d356b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e0ff39448cea654843744c72c6780293c5082cb1",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49935.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49935",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:20.340",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/dma-resv: check if the new fence is really later\n\nPreviously when we added a fence to a dma_resv object we always\nassumed the the newer than all the existing fences.\n\nWith Jason's work to add an UAPI to explicit export/import that's not\nnecessary the case any more. So without this check we would allow\nuserspace to force the kernel into an use after free error.\n\nSince the change is very small and defensive it's probably a good\nidea to backport this to stable kernels as well just in case others\nare using the dma_resv object in the same way."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/a3f7c10a269d5b77dd5822ade822643ced3057f0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c4c798fe98adceb642050819cb57cbc8f5c27870",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49936.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-49936",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:20.450",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Prevent nested device-reset calls\n\nAutomatic kernel fuzzing revealed a recursive locking violation in\nusb-storage:\n\n============================================\nWARNING: possible recursive locking detected\n5.18.0 #3 Not tainted\n--------------------------------------------\nkworker/1:3/1205 is trying to acquire lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\nbut task is already holding lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\n...\n\nstack backtrace:\nCPU: 1 PID: 1205 Comm: kworker/1:3 Not tainted 5.18.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n<TASK>\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_deadlock_bug kernel/locking/lockdep.c:2988 [inline]\ncheck_deadlock kernel/locking/lockdep.c:3031 [inline]\nvalidate_chain kernel/locking/lockdep.c:3816 [inline]\n__lock_acquire.cold+0x152/0x3ca kernel/locking/lockdep.c:5053\nlock_acquire kernel/locking/lockdep.c:5665 [inline]\nlock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5630\n__mutex_lock_common kernel/locking/mutex.c:603 [inline]\n__mutex_lock+0x14f/0x1610 kernel/locking/mutex.c:747\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\nusb_reset_device+0x37d/0x9a0 drivers/usb/core/hub.c:6109\nr871xu_dev_remove+0x21a/0x270 drivers/staging/rtl8712/usb_intf.c:622\nusb_unbind_interface+0x1bd/0x890 drivers/usb/core/driver.c:458\ndevice_remove drivers/base/dd.c:545 [inline]\ndevice_remove+0x11f/0x170 drivers/base/dd.c:537\n__device_release_driver drivers/base/dd.c:1222 [inline]\ndevice_release_driver_internal+0x1a7/0x2f0 drivers/base/dd.c:1248\nusb_driver_release_interface+0x102/0x180 drivers/usb/core/driver.c:627\nusb_forced_unbind_intf+0x4d/0xa0 drivers/usb/core/driver.c:1118\nusb_reset_device+0x39b/0x9a0 drivers/usb/core/hub.c:6114\n\nThis turned out not to be an error in usb-storage but rather a nested\ndevice reset attempt.  That is, as the rtl8712 driver was being\nunbound from a composite device in preparation for an unrelated USB\nreset (that driver does not have pre_reset or post_reset callbacks),\nits ->remove routine called usb_reset_device() -- thus nesting one\nreset call within another.\n\nPerforming a reset as part of disconnect processing is a questionable\npractice at best.  However, the bug report points out that the USB\ncore does not have any protection against nested resets.  Adding a\nreset_in_progress flag and testing it will prevent such errors in the\nfuture."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/1b29498669914c7f9afb619722421418a753d372",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9c6d778800b921bde3bff3cff5003d1650f942d1",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c548b99e1c37db6f7df86ecfe9a1f895d6c5966e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/cc9a12e12808af178c600cc485338bac2e37d2a8",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d5eb850b3e8836197a38475840725260b9783e94",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d90419b8b8322b6924f6da9da952647f2dadc21b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/df1875084898b15cbc42f712e93d7f113ae6271b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49937.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-49937",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:20.570",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mceusb: Use new usb_control_msg_*() routines\n\nAutomatic kernel fuzzing led to a WARN about invalid pipe direction in\nthe mceusb driver:\n\n------------[ cut here ]------------\nusb 6-1: BOGUS control dir, pipe 80000380 doesn't match bRequestType 40\nWARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410\nusb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410\nModules linked in:\nCPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-00208-g69cb6c6556ad #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410\nCode: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e8\n44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 <0f> 0b\ne9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 ff 41\nRSP: 0018:ffffc900032becf0 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000\nRDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90\nRBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 0000000000000000\nR10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000\nR13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500\nFS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0\nCall Trace:\n<TASK>\nusb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58\nusb_internal_control_msg drivers/usb/core/message.c:102 [inline]\nusb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153\nmceusb_gen1_init drivers/media/rc/mceusb.c:1431 [inline]\nmceusb_dev_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807\n\nThe reason for the warning is clear enough; the driver sends an\nunusual read request on endpoint 0 but does not set the USB_DIR_IN bit\nin the bRequestType field.\n\nMore importantly, the whole situation can be avoided and the driver\nsimplified by converting it over to the relatively new\nusb_control_msg_recv() and usb_control_msg_send() routines.  That's\nwhat this fix does."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/587f793c64d99d92be8ef01c4c69d885a3f2edb6",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/608e58a0f4617977178131f5f68a3fce1d3f5316",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/75913c562f5ba4cf397d835c63f443879167c6f6",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d69c738ac9310b56e84c51c8f09fc018a8291bc6",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49938.json

@@ -1,29 +0,0 @@
-{
-  "id": "CVE-2022-49938",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:20.683",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix small mempool leak in SMB2_negotiate()\n\nIn some cases of failure (dialect mismatches) in SMB2_negotiate(), after\nthe request is sent, the checks would return -EIO when they should be\nrather setting rc = -EIO and jumping to neg_exit to free the response\nbuffer from mempool."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/27893dfc1285f80f80f46b3b8c95f5d15d2e66d0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/38a6b469bf22f153282fbe7d702a24e9eb43f50e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9e3c9efa7caf16e5acc05eab5e4d0a714e1610b0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49939.json

@@ -1,45 +0,0 @@
-{
-  "id": "CVE-2022-49939",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:20.793",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix UAF of ref->proc caused by race condition\n\nA transaction of type BINDER_TYPE_WEAK_HANDLE can fail to increment the\nreference for a node. In this case, the target proc normally releases\nthe failed reference upon close as expected. However, if the target is\ndying in parallel the call will race with binder_deferred_release(), so\nthe target could have released all of its references by now leaving the\ncleanup of the new failed reference unhandled.\n\nThe transaction then ends and the target proc gets released making the\nref->proc now a dangling pointer. Later on, ref->node is closed and we\nattempt to take spin_lock(&ref->proc->inner_lock), which leads to the\nuse-after-free bug reported below. Let's fix this by cleaning up the\nfailed reference on the spot instead of relying on the target to do so.\n\n  ==================================================================\n  BUG: KASAN: use-after-free in _raw_spin_lock+0xa8/0x150\n  Write of size 4 at addr ffff5ca207094238 by task kworker/1:0/590\n\n  CPU: 1 PID: 590 Comm: kworker/1:0 Not tainted 5.19.0-rc8 #10\n  Hardware name: linux,dummy-virt (DT)\n  Workqueue: events binder_deferred_func\n  Call trace:\n   dump_backtrace.part.0+0x1d0/0x1e0\n   show_stack+0x18/0x70\n   dump_stack_lvl+0x68/0x84\n   print_report+0x2e4/0x61c\n   kasan_report+0xa4/0x110\n   kasan_check_range+0xfc/0x1a4\n   __kasan_check_write+0x3c/0x50\n   _raw_spin_lock+0xa8/0x150\n   binder_deferred_func+0x5e0/0x9b0\n   process_one_work+0x38c/0x5f0\n   worker_thread+0x9c/0x694\n   kthread+0x188/0x190\n   ret_from_fork+0x10/0x20"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/06e5b43ca4dab06a92bf4c2f33766e6fb11b880a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/229f47603dd306bc0eb1a831439adb8e48bb0eae",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/30d0901b307f27d36b2655fb3048cf31ee0e89c0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/603a47f2ae56bf68288784d3c0a8c5b8e0a827ed",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9629f2dfdb1dad294b468038ff8e161e94d0b609",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a0e44c64b6061dda7e00b7c458e4523e2331b739",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c2a4b5dc8fa71af73bab704d0cac42ac39767ed6",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49940.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-49940",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:20.917",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()\n\nA null pointer dereference can happen when attempting to access the\n\"gsm->receive()\" function in gsmld_receive_buf(). Currently, the code\nassumes that gsm->recieve is only called after MUX activation.\nSince the gsmld_receive_buf() function can be accessed without the need to\ninitialize the MUX, the gsm->receive() function will not be set and a\nNULL pointer dereference will occur.\n\nFix this by avoiding the call to \"gsm->receive()\" in case the function is\nnot initialized by adding a sanity check.\n\nCall Trace:\n <TASK>\n gsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861\n tiocsti drivers/tty/tty_io.c:2293 [inline]\n tty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/309aea4b6b813f6678c3a547cfd7fe3a76ffa976",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5a82cf64f8ad63caf6bf115642ce44ddbc64311e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5aa37f9510345a812c0998bcbbc4d88d1dcc4d8b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f16c6d2e58a4c2b972efcf9eb12390ee0ba3befb",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49941.json

@@ -1,16 +0,0 @@
-{
-  "id": "CVE-2022-49941",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:21.030",
-  "lastModified": "2025-06-18T15:15:20.837",
-  "vulnStatus": "Rejected",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
-    }
-  ],
-  "metrics": {},
-  "references": []
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49942.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-49942",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:21.147",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected\n\nWhen we are not connected to a channel, sending channel \"switch\"\nannouncement doesn't make any sense.\n\nThe BSS list is empty in that case. This causes the for loop in\ncfg80211_get_bss() to be bypassed, so the function returns NULL\n(check line 1424 of net/wireless/scan.c), causing the WARN_ON()\nin ieee80211_ibss_csa_beacon() to get triggered (check line 500\nof net/mac80211/ibss.c), which was consequently reported on the\nsyzkaller dashboard.\n\nThus, check if we have an existing connection before generating\nthe CSA beacon in ieee80211_ibss_finish_csa()."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/15bc8966b6d3a5b9bfe4c9facfa02f2b69b1e5f0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/1691a48aef0a82d1754b9853dae7e3f5cacdf70b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/552ba102a6898630a7d16887f29e606d6fabe508",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/66689c5c02acd4d76c28498fe220998610aec61e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/864e280cb3a9a0f5212b16ef5057c4e692f7039d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/cdb9a8da9b84800eb15506cd9363cf0cf059e677",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d9eb37db6a28b59a95a3461450ee209654c5f95b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/dd649b49219a0388cc10fc40e4c2ea681566a780",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49943.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49943",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:21.267",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix obscure lockdep violation for udc_mutex\n\nA recent commit expanding the scope of the udc_lock mutex in the\ngadget core managed to cause an obscure and slightly bizarre lockdep\nviolation.  In abbreviated form:\n\n======================================================\nWARNING: possible circular locking dependency detected\n5.19.0-rc7+ #12510 Not tainted\n------------------------------------------------------\nudevadm/312 is trying to acquire lock:\nffff80000aae1058 (udc_lock){+.+.}-{3:3}, at: usb_udc_uevent+0x54/0xe0\n\nbut task is already holding lock:\nffff000002277548 (kn->active#4){++++}-{0:0}, at: kernfs_seq_start+0x34/0xe0\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #3 (kn->active#4){++++}-{0:0}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __kernfs_remove+0x268/0x380\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 kernfs_remove_by_name_ns+0x58/0xac\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sysfs_remove_file_ns+0x18/0x24\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 device_del+0x15c/0x440\n\n-> #2 (device_links_lock){+.+.}-{3:3}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __mutex_lock+0x9c/0x430\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mutex_lock_nested+0x38/0x64\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 device_link_remove+0x3c/0xa0\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 _regulator_put.part.0+0x168/0x190\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regulator_put+0x3c/0x54\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 devm_regulator_release+0x14/0x20\n\n-> #1 (regulator_list_mutex){+.+.}-{3:3}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __mutex_lock+0x9c/0x430\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mutex_lock_nested+0x38/0x64\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regulator_lock_dependent+0x54/0x284\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regulator_enable+0x34/0x80\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 phy_power_on+0x24/0x130\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __dwc2_lowlevel_hw_enable+0x100/0x130\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dwc2_lowlevel_hw_enable+0x18/0x40\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 dwc2_hsotg_udc_start+0x6c/0x2f0\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 gadget_bind_driver+0x124/0x1f4\n\n-> #0 (udc_lock){+.+.}-{3:3}:\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __lock_acquire+0x1298/0x20cc\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire.part.0+0xe0/0x230\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 lock_acquire+0x68/0x84\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __mutex_lock+0x9c/0x430\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 mutex_lock_nested+0x38/0x64\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 usb_udc_uevent+0x54/0xe0\n\nEvidently this was caused by the scope of udc_mutex being too large.\nThe mutex is only meant to protect udc->driver along with a few other\nthings.  As far as I can tell, there's no reason for the mutex to be\nheld while the gadget core calls a gadget driver's ->bind or ->unbind\nroutine, or while a UDC is being started or stopped.  (This accounts\nfor link #1 in the chain above, where the mutex is held while the\ndwc2_hsotg_udc is started as part of driver probing.)\n\nGadget drivers' ->disconnect callbacks are problematic.  Even though\nusb_gadget_disconnect() will now acquire the udc_mutex, there's a\nwindow in usb_gadget_bind_driver() between the times when the mutex is\nreleased and the ->bind callback is invoked.  If a disconnect occurred\nduring that window, we could call the driver's ->disconnect routine\nbefore its ->bind routine.  To prevent this from happening, it will be\nnecessary to prevent a UDC from connecting while it has no gadget\ndriver.  This should be done already but it doesn't seem to be;\ncurrently usb_gadget_connect() has no check for this.  Such a check\nwill have to be added later.\n\nSome degree of mutual exclusion is required in soft_connect_store(),\nwhich can dereference udc->driver at arbitrary times since it is a\nsysfs callback.  The solution here is to acquire the gadget's device\nlock rather than the udc_mutex.  Since the driver core guarantees that\nthe device lock is always held during driver binding and unbinding,\nthis will make the accesses in soft_connect_store() mutually exclusive\nwith any changes to udc->driver.\n\nLastly, it turns out there is one place which should hold the\nudc_mutex but currently does not: The function_show() routine needs\nprotection while it dereferences udc->driver.  The missing lock and\nunlock calls are added."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/1016fc0c096c92dd0e6e0541daac7a7868169903",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/1a065e4673cbdd9f222a05f85e17d78ea50c8d9c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49944.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49944",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:21.377",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"usb: typec: ucsi: add a common function ucsi_unregister_connectors()\"\n\nThe recent commit 87d0e2f41b8c (\"usb: typec: ucsi: add a common\nfunction ucsi_unregister_connectors()\") introduced a regression that\ncaused NULL dereference at reading the power supply sysfs.  It's a\nstale sysfs entry that should have been removed but remains with NULL\nops.  The commit changed the error handling to skip the entries after\na NULL con->wq, and this leaves the power device unreleased.\n\nFor addressing the regression, the straight revert is applied here.\nFurther code improvements can be done from the scratch again."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/3d4044c9e6d2e3f11f1f8b5e0ee8647d3eb1afad",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5f73aa2cf8bef4a39baa1591c3144ede4788826e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49945.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-49945",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:21.483",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (gpio-fan) Fix array out of bounds access\n\nThe driver does not check if the cooling state passed to\ngpio_fan_set_cur_state() exceeds the maximum cooling state as\nstored in fan_data->num_speeds. Since the cooling state is later\nused as an array index in set_fan_speed(), an array out of bounds\naccess can occur.\nThis can be exploited by setting the state of the thermal cooling device\nto arbitrary values, causing for example a kernel oops when unavailable\nmemory is accessed this way.\n\nExample kernel oops:\n[  807.987276] Unable to handle kernel paging request at virtual address ffffff80d0588064\n[  807.987369] Mem abort info:\n[  807.987398]   ESR = 0x96000005\n[  807.987428]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  807.987477]   SET = 0, FnV = 0\n[  807.987507]   EA = 0, S1PTW = 0\n[  807.987536]   FSC = 0x05: level 1 translation fault\n[  807.987570] Data abort info:\n[  807.987763]   ISV = 0, ISS = 0x00000005\n[  807.987801]   CM = 0, WnR = 0\n[  807.987832] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000001165000\n[  807.987872] [ffffff80d0588064] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[  807.987961] Internal error: Oops: 96000005 [#1] PREEMPT SMP\n[  807.987992] Modules linked in: cmac algif_hash aes_arm64 algif_skcipher af_alg bnep hci_uart btbcm bluetooth ecdh_generic ecc 8021q garp stp llc snd_soc_hdmi_codec brcmfmac vc4 brcmutil cec drm_kms_helper snd_soc_core cfg80211 snd_compress bcm2835_codec(C) snd_pcm_dmaengine syscopyarea bcm2835_isp(C) bcm2835_v4l2(C) sysfillrect v4l2_mem2mem bcm2835_mmal_vchiq(C) raspberrypi_hwmon sysimgblt videobuf2_dma_contig videobuf2_vmalloc fb_sys_fops videobuf2_memops rfkill videobuf2_v4l2 videobuf2_common i2c_bcm2835 snd_bcm2835(C) videodev snd_pcm snd_timer snd mc vc_sm_cma(C) gpio_fan uio_pdrv_genirq uio drm fuse drm_panel_orientation_quirks backlight ip_tables x_tables ipv6\n[  807.988508] CPU: 0 PID: 1321 Comm: bash Tainted: G         C        5.15.56-v8+ #1575\n[  807.988548] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT)\n[  807.988574] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  807.988608] pc : set_fan_speed.part.5+0x34/0x80 [gpio_fan]\n[  807.988654] lr : gpio_fan_set_cur_state+0x34/0x50 [gpio_fan]\n[  807.988691] sp : ffffffc008cf3bd0\n[  807.988710] x29: ffffffc008cf3bd0 x28: ffffff80019edac0 x27: 0000000000000000\n[  807.988762] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800747c920\n[  807.988787] x23: 000000000000000a x22: ffffff800369f000 x21: 000000001999997c\n[  807.988854] x20: ffffff800369f2e8 x19: ffffff8002ae8080 x18: 0000000000000000\n[  807.988877] x17: 0000000000000000 x16: 0000000000000000 x15: 000000559e271b70\n[  807.988938] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[  807.988960] x11: 0000000000000000 x10: ffffffc008cf3c20 x9 : ffffffcfb60c741c\n[  807.989018] x8 : 000000000000000a x7 : 00000000ffffffc9 x6 : 0000000000000009\n[  807.989040] x5 : 000000000000002a x4 : 0000000000000000 x3 : ffffff800369f2e8\n[  807.989062] x2 : 000000000000e780 x1 : 0000000000000001 x0 : ffffff80d0588060\n[  807.989084] Call trace:\n[  807.989091]  set_fan_speed.part.5+0x34/0x80 [gpio_fan]\n[  807.989113]  gpio_fan_set_cur_state+0x34/0x50 [gpio_fan]\n[  807.989199]  cur_state_store+0x84/0xd0\n[  807.989221]  dev_attr_store+0x20/0x38\n[  807.989262]  sysfs_kf_write+0x4c/0x60\n[  807.989282]  kernfs_fop_write_iter+0x130/0x1c0\n[  807.989298]  new_sync_write+0x10c/0x190\n[  807.989315]  vfs_write+0x254/0x378\n[  807.989362]  ksys_write+0x70/0xf8\n[  807.989379]  __arm64_sys_write+0x24/0x30\n[  807.989424]  invoke_syscall+0x4c/0x110\n[  807.989442]  el0_svc_common.constprop.3+0xfc/0x120\n[  807.989458]  do_el0_svc+0x2c/0x90\n[  807.989473]  el0_svc+0x24/0x60\n[  807.989544]  el0t_64_sync_handler+0x90/0xb8\n[  807.989558]  el0t_64_sync+0x1a0/0x1a4\n[  807.989579] Code: b9403801 f9402800 7100003f 8b35cc00 (b9400416)\n[  807.989627] ---[ end t\n---truncated---"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/3263984c7acdcb0658155b05a724ed45a10de76d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/3ff866455e1e263a9ac1958095fd440984248e2f",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/517dba798793e69b510779c3cde7224a65f3ed1d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/53196e0376205ed49b75bfd0475af5e0fbd20156",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/7756eb1ed124753f4d64f761fc3d84290dffcb4d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c8ae6a18708f260ccdeef6ba53af7548457dc26c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e9f6972ab40a82bd7f6d36800792ba2e084474d8",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f233d2be38dbbb22299192292983037f01ab363c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49946.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-49946",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:21.610",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Prevent out-of-bounds access\n\nThe while loop in raspberrypi_discover_clocks() relies on the assumption\nthat the id of the last clock element is zero. Because this data comes\nfrom the Videocore firmware and it doesn't guarantuee such a behavior\nthis could lead to out-of-bounds access. So fix this by providing\na sentinel element."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/bc163555603e4ae9c817675ad80d618a4cdbfa2d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c8b04b731d43366824841ebdca4ac715f95e0ea4",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/fcae47b2d23c81603b01f56cf8db63ed64599d34",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/ff0b144d4b0a9fbd6efe4d2c0a4b6c9bae2138d2",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49947.json

@@ -1,29 +0,0 @@
-{
-  "id": "CVE-2022-49947",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:21.717",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix alloc->vma_vm_mm null-ptr dereference\n\nSyzbot reported a couple issues introduced by commit 44e602b4e52f\n(\"binder_alloc: add missing mmap_lock calls when using the VMA\"), in\nwhich we attempt to acquire the mmap_lock when alloc->vma_vm_mm has not\nbeen initialized yet.\n\nThis can happen if a binder_proc receives a transaction without having\npreviously called mmap() to setup the binder_proc->alloc space in [1].\nAlso, a similar issue occurs via binder_alloc_print_pages() when we try\nto dump the debugfs binder stats file in [2].\n\nSample of syzbot's crash report:\n  ==================================================================\n  KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\n  CPU: 0 PID: 3755 Comm: syz-executor229 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0\n  syz-executor229[3755] cmdline: ./syz-executor2294415195\n  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022\n  RIP: 0010:__lock_acquire+0xd83/0x56d0 kernel/locking/lockdep.c:4923\n  [...]\n  Call Trace:\n   <TASK>\n   lock_acquire kernel/locking/lockdep.c:5666 [inline]\n   lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631\n   down_read+0x98/0x450 kernel/locking/rwsem.c:1499\n   mmap_read_lock include/linux/mmap_lock.h:117 [inline]\n   binder_alloc_new_buf_locked drivers/android/binder_alloc.c:405 [inline]\n   binder_alloc_new_buf+0xa5/0x19e0 drivers/android/binder_alloc.c:593\n   binder_transaction+0x242e/0x9a80 drivers/android/binder.c:3199\n   binder_thread_write+0x664/0x3220 drivers/android/binder.c:3986\n   binder_ioctl_write_read drivers/android/binder.c:5036 [inline]\n   binder_ioctl+0x3470/0x6d00 drivers/android/binder.c:5323\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:870 [inline]\n   __se_sys_ioctl fs/ioctl.c:856 [inline]\n   __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\n   do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n   do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n   entry_SYSCALL_64_after_hwframe+0x63/0xcd\n   [...]\n  ==================================================================\n\nFix these issues by setting up alloc->vma_vm_mm pointer during open()\nand caching directly from current->mm. This guarantees we have a valid\nreference to take the mmap_lock during scenarios described above.\n\n[1] https://syzkaller.appspot.com/bug?extid=f7dc54e5be28950ac459\n[2] https://syzkaller.appspot.com/bug?extid=a75ebe0452711c9e56d9"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/1da52815d5f1b654c89044db0cdc6adce43da1f1",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/81203ab7a6ef843a2b904a0a494f28c457d44d27",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/b2a97babb0a510f8921891f9e70c5a5ef33cadac",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49948.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-49948",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:21.827",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: Clear selection before changing the font\n\nWhen changing the console font with ioctl(KDFONTOP) the new font size\ncan be bigger than the previous font. A previous selection may thus now\nbe outside of the new screen size and thus trigger out-of-bounds\naccesses to graphics memory if the selection is removed in\nvc_do_resize().\n\nPrevent such out-of-memory accesses by dropping the selection before the\nvarious con_font_set() console handlers are called."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/1cf1930369c9dc428d827b60260c53271bff3285",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/2535431ae967ad17585513649625fea7db28d4db",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/566f9c9f89337792070b5a6062dff448b3e7977f",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/989201bb8c00b222235aff04e6200230d29dc7bb",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c555cf04684fde39b5b0dd9fd80730030ee10c4a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c904fe03c4bd1f356a58797d39e2a5d0ca15cefc",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e9ba4611ddf676194385506222cce7b0844e708e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f74b4a41c5d7c9522469917e3072e55d435efd9e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49949.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49949",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:21.947",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Fix memory leak in firmware upload\n\nIn the case of firmware-upload, an instance of struct fw_upload is\nallocated in firmware_upload_register(). This data needs to be freed\nin fw_dev_release(). Create a new fw_upload_free() function in\nsysfs_upload.c to handle the firmware-upload specific memory frees\nand incorporate the missing kfree call for the fw_upload structure."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/789bba82f63c3e81dce426ba457fc7905b30ac6e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/baf92485d111be828e1ab84a995515b604b938e5",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49950.json

@@ -1,37 +0,0 @@
-{
-  "id": "CVE-2022-49950",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:22.050",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix memory corruption on open\n\nThe probe session-duplication overflow check incremented the session\ncount also when there were no more available sessions so that memory\nbeyond the fixed-size slab-allocated session array could be corrupted in\nfastrpc_session_alloc() on open()."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/5cf2a57c7a01a0d7bdecf875a63682f542891b1b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/cf20c3533efc89578ace94fa20a9e63446223c72",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d245f43aab2b61195d8ebb64cef7b5a08c590ab4",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e0578e603065f120a8759b75e0d6c216c7078a39",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f8632b8bb53ebc005d8f24a68a0c1f9678c0e908",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49951.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49951",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:22.167",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Fix use-after-free during unregister\n\nIn the following code within firmware_upload_unregister(), the call to\ndevice_unregister() could result in the dev_release function freeing the\nfw_upload_priv structure before it is dereferenced for the call to\nmodule_put(). This bug was found by the kernel test robot using\nCONFIG_KASAN while running the firmware selftests.\n\n  device_unregister(&fw_sysfs->dev);\n  module_put(fw_upload_priv->module);\n\nThe problem is fixed by copying fw_upload_priv->module to a local variable\nfor use when calling device_unregister()."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/8b40c38e37492b5bdf8e95b46b5cca9517a9957a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d380d40930a674c520a5b55f3be1eb17dc634ebc",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49952.json

@@ -1,37 +0,0 @@
-{
-  "id": "CVE-2022-49952",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:22.277",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix memory corruption on probe\n\nAdd the missing sanity check on the probed-session count to avoid\ncorrupting memory beyond the fixed-size slab-allocated session array\nwhen there are more than FASTRPC_MAX_SESSIONS sessions defined in the\ndevicetree."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0e33b0f322fecd7a92d9dc186535cdf97940a856",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9baa1415d9abdd1e08362ea2dcfadfacee8690b5",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c0425c2facd9166fa083f90c9f3187ace0c7837a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c99bc901d5eb9fbdd7bd39f625e170ce97390336",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/ec186b9f4aa2e6444d5308a6cc268aada7007639",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49953.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49953",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:22.397",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: cm3605: Fix an error handling path in cm3605_probe()\n\nThe commit in Fixes also introduced a new error handling path which should\ngoto the existing error handling path.\nOtherwise some resources leak."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/160905549e663019e26395ed9d66c24ee2cf5187",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/3f7f49d8135cfe137c81316af64678f4dca1b82b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49954.json

@@ -1,37 +0,0 @@
-{
-  "id": "CVE-2022-49954",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:22.500",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag\n\nsyzbot is reporting hung task at __input_unregister_device() [1], for\niforce_close() waiting at wait_event_interruptible() with dev->mutex held\nis blocking input_disconnect_device() from __input_unregister_device().\n\nIt seems that the cause is simply that commit c2b27ef672992a20 (\"Input:\niforce - wait for command completion when closing the device\") forgot to\ncall wake_up() after clear_bit().\n\nFix this problem by introducing a helper that calls clear_bit() followed\nby wake_up_all()."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/98e01215708b6d416345465c09dce2bd4868c67a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/b271090eea3899399e2adcf79c9c95367d472b03",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/b533b9d3a0d1327cbb31c201dc8dbbf98c8bfe3c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d186c65599bff0222da37b9215784ddfe39f9e1b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/df1b53bc799d58f79701c465505a206c72ad4ab8",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49955.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49955",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:22.630",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Fix RTAS MSR[HV] handling for Cell\n\nThe semi-recent changes to MSR handling when entering RTAS (firmware)\ncause crashes on IBM Cell machines. An example trace:\n\n  kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0)\n  BUG: Unable to handle kernel instruction fetch\n  Faulting instruction address: 0x2fff01a8\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell\n  Modules linked in:\n  CPU: 0 PID: 0 Comm: swapper/0 Tainted: G        W          6.0.0-rc2-00433-gede0a8d3307a #207\n  NIP:  000000002fff01a8 LR: 0000000000032608 CTR: 0000000000000000\n  REGS: c0000000015236b0 TRAP: 0400   Tainted: G        W           (6.0.0-rc2-00433-gede0a8d3307a)\n  MSR:  0000000008001002 <ME,RI>  CR: 00000000  XER: 20000000\n  ...\n  NIP 0x2fff01a8\n  LR  0x32608\n  Call Trace:\n    0xc00000000143c5f8 (unreliable)\n    .rtas_call+0x224/0x320\n    .rtas_get_boot_time+0x70/0x150\n    .read_persistent_clock64+0x114/0x140\n    .read_persistent_wall_and_boot_offset+0x24/0x80\n    .timekeeping_init+0x40/0x29c\n    .start_kernel+0x674/0x8f0\n    start_here_common+0x1c/0x50\n\nUnlike PAPR platforms where RTAS is only used in guests, on the IBM Cell\nmachines Linux runs with MSR[HV] set but also uses RTAS, provided by\nSLOF.\n\nFix it by copying the MSR[HV] bit from the MSR value we've just read\nusing mfmsr into the value used for RTAS.\n\nIt seems like we could also fix it using an #ifdef CELL to set MSR[HV],\nbut that doesn't work because it's possible to build a single kernel\nimage that runs on both Cell native and pseries."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/8b08d4f97233d8e58fff2fd9d5f86397a49733c5",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/91926d8b7e71aaf5f84f0cf208fc5a8b7a761050",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49956.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-49956",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:22.773",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix use after free bugs\n\n_Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl()\nfunctions don't do anything except free the \"pcmd\" pointer.  It\nresults in a use after free.  Delete them."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/19e3f69d19801940abc2ac37c169882769ed9770",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/376e15487fec837301d888068a3fcc82efb6171a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/7dce6b0ee7d78667d6c831ced957a08769973063",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9fd6170c5e2d0ccd027abe26f6f5ffc528e1bb27",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/b1727def850904e4b8ba384043775672841663a1",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d0aac7146e96bf39e79c65087d21dfa02ef8db38",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/dc02aaf950015850e7589696521c7fca767cea77",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e230a4455ac3e9b112f0367d1b8e255e141afae0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49957.json

@@ -1,45 +0,0 @@
-{
-  "id": "CVE-2022-49957",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:22.897",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: fix strp_init() order and cleanup\n\nstrp_init() is called just a few lines above this csk->sk_user_data\ncheck, it also initializes strp->work etc., therefore, it is\nunnecessary to call strp_done() to cancel the freshly initialized\nwork.\n\nAnd if sk_user_data is already used by KCM, psock->strp should not be\ntouched, particularly strp->work state, so we need to move strp_init()\nafter the csk->sk_user_data check.\n\nThis also makes a lockdep warning reported by syzbot go away."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0946ff31d1a8778787bf6708beb20f38715267cc",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/1b6666964ca1de93a7bf06e122bcf3616dbd33a9",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/473f394953216614087f4179e55cdf0cf616a13b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/55fb8c3baa8071c5d533a9ad48624e44e2a04ef5",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/8fc29ff3910f3af08a7c40a75d436b5720efe2bf",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a8a0c321319ad64a5427d6172cd9c23b4d6ca1e8",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f865976baa85915c7672f351b74d5974b93215f6",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49958.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-49958",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:23.013",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix netdevice reference leaks in attach_default_qdiscs()\n\nIn attach_default_qdiscs(), if a dev has multiple queues and queue 0 fails\nto attach qdisc because there is no memory in attach_one_default_qdisc().\nThen dev->qdisc will be noop_qdisc by default. But the other queues may be\nable to successfully attach to default qdisc.\n\nIn this case, the fallback to noqueue process will be triggered. If the\noriginal attached qdisc is not released and a new one is directly\nattached, this will cause netdevice reference leaks.\n\nThe following is the bug log:\n\nveth0: default qdisc (fq_codel) fail, fallback to noqueue\nunregister_netdevice: waiting for veth0 to become free. Usage count = 32\nleaked reference.\n qdisc_alloc+0x12e/0x210\n qdisc_create_dflt+0x62/0x140\n attach_one_default_qdisc.constprop.41+0x44/0x70\n dev_activate+0x128/0x290\n __dev_open+0x12a/0x190\n __dev_change_flags+0x1a2/0x1f0\n dev_change_flags+0x23/0x60\n do_setlink+0x332/0x1150\n __rtnl_newlink+0x52f/0x8e0\n rtnl_newlink+0x43/0x70\n rtnetlink_rcv_msg+0x140/0x3b0\n netlink_rcv_skb+0x50/0x100\n netlink_unicast+0x1bb/0x290\n netlink_sendmsg+0x37c/0x4e0\n sock_sendmsg+0x5f/0x70\n ____sys_sendmsg+0x208/0x280\n\nFix this bug by clearing any non-noop qdiscs that may have been assigned\nbefore trying to re-attach."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0c6c522857151ac00150fd01baeebf231fb7d142",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/44dfa645895a56f65461249deb5b81cd16560e2a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a420d587260185407eda9c5766cfa9bdd5c39a56",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f612466ebecb12a00d9152344ddda6f6345f04dc",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49959.json

@@ -1,29 +0,0 @@
-{
-  "id": "CVE-2022-49959",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:23.127",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix memory leak at failed datapath creation\n\novs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids()\nallocates array via kmalloc.\nIf for some reason new_vport() fails during ovs_dp_cmd_new()\ndp->upcall_portids must be freed.\nAdd missing kfree.\n\nKmemleak example:\nunreferenced object 0xffff88800c382500 (size 64):\n  comm \"dump_state\", pid 323, jiffies 4294955418 (age 104.347s)\n  hex dump (first 32 bytes):\n    5e c2 79 e4 1f 7a 38 c7 09 21 38 0c 80 88 ff ff  ^.y..z8..!8.....\n    03 00 00 00 0a 00 00 00 14 00 00 00 28 00 00 00  ............(...\n  backtrace:\n    [<0000000071bebc9f>] ovs_dp_set_upcall_portids+0x38/0xa0\n    [<000000000187d8bd>] ovs_dp_change+0x63/0xe0\n    [<000000002397e446>] ovs_dp_cmd_new+0x1f0/0x380\n    [<00000000aa06f36e>] genl_family_rcv_msg_doit+0xea/0x150\n    [<000000008f583bc4>] genl_rcv_msg+0xdc/0x1e0\n    [<00000000fa10e377>] netlink_rcv_skb+0x50/0x100\n    [<000000004959cece>] genl_rcv+0x24/0x40\n    [<000000004699ac7f>] netlink_unicast+0x23e/0x360\n    [<00000000c153573e>] netlink_sendmsg+0x24e/0x4b0\n    [<000000006f4aa380>] sock_sendmsg+0x62/0x70\n    [<00000000d0068654>] ____sys_sendmsg+0x230/0x270\n    [<0000000012dacf7d>] ___sys_sendmsg+0x88/0xd0\n    [<0000000011776020>] __sys_sendmsg+0x59/0xa0\n    [<000000002e8f2dc1>] do_syscall_64+0x3b/0x90\n    [<000000003243e7cb>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/a87406f4adee9c53b311d8a1ba2849c69e29a6d0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c0c1c0241917459644326a1a3102207c871ae159",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/ca54b2bfaab385778e55a9fd33f6c31e7f743b48",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49960.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49960",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:23.237",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: fix null pointer dereference\n\nAsus chromebook CX550 crashes during boot on v5.17-rc1 kernel.\nThe root cause is null pointer defeference of bi_next\nin tgl_get_bw_info() in drivers/gpu/drm/i915/display/intel_bw.c.\n\nBUG: kernel NULL pointer dereference, address: 000000000000002e\nPGD 0 P4D 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 1 Comm: swapper/0 Tainted: G     U            5.17.0-rc1\nHardware name: Google Delbin/Delbin, BIOS Google_Delbin.13672.156.3 05/14/2021\nRIP: 0010:tgl_get_bw_info+0x2de/0x510\n...\n[    2.554467] Call Trace:\n[    2.554467]  <TASK>\n[    2.554467]  intel_bw_init_hw+0x14a/0x434\n[    2.554467]  ? _printk+0x59/0x73\n[    2.554467]  ? _dev_err+0x77/0x91\n[    2.554467]  i915_driver_hw_probe+0x329/0x33e\n[    2.554467]  i915_driver_probe+0x4c8/0x638\n[    2.554467]  i915_pci_probe+0xf8/0x14e\n[    2.554467]  ? _raw_spin_unlock_irqrestore+0x12/0x2c\n[    2.554467]  pci_device_probe+0xaa/0x142\n[    2.554467]  really_probe+0x13f/0x2f4\n[    2.554467]  __driver_probe_device+0x9e/0xd3\n[    2.554467]  driver_probe_device+0x24/0x7c\n[    2.554467]  __driver_attach+0xba/0xcf\n[    2.554467]  ? driver_attach+0x1f/0x1f\n[    2.554467]  bus_for_each_dev+0x8c/0xc0\n[    2.554467]  bus_add_driver+0x11b/0x1f7\n[    2.554467]  driver_register+0x60/0xea\n[    2.554467]  ? mipi_dsi_bus_init+0x16/0x16\n[    2.554467]  i915_init+0x2c/0xb9\n[    2.554467]  ? mipi_dsi_bus_init+0x16/0x16\n[    2.554467]  do_one_initcall+0x12e/0x2b3\n[    2.554467]  do_initcall_level+0xd6/0xf3\n[    2.554467]  do_initcalls+0x4e/0x79\n[    2.554467]  kernel_init_freeable+0xed/0x14d\n[    2.554467]  ? rest_init+0xc1/0xc1\n[    2.554467]  kernel_init+0x1a/0x120\n[    2.554467]  ret_from_fork+0x1f/0x30\n[    2.554467]  </TASK>\n...\nKernel panic - not syncing: Fatal exception\n\n(cherry picked from commit c247cd03898c4c43c3bce6d4014730403bc13032)"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/458ec0c8f35963626ccd51c3d50b752de5f1b9d4",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c2798203315f4729bab0b917bf4c17a159abf9f8",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49961.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49961",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:23.347",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO\n\nPrecision markers need to be propagated whenever we have an ARG_CONST_*\nstyle argument, as the verifier cannot consider imprecise scalars to be\nequivalent for the purposes of states_equal check when such arguments\nrefine the return value (in this case, set mem_size for PTR_TO_MEM). The\nresultant mem_size for the R0 is derived from the constant value, and if\nthe verifier incorrectly prunes states considering them equivalent where\nsuch arguments exist (by seeing that both registers have reg->precise as\nfalse in regsafe), we can end up with invalid programs passing the\nverifier which can do access beyond what should have been the correct\nmem_size in that explored state.\n\nTo show a concrete example of the problem:\n\n0000000000000000 <prog>:\n       0:       r2 = *(u32 *)(r1 + 80)\n       1:       r1 = *(u32 *)(r1 + 76)\n       2:       r3 = r1\n       3:       r3 += 4\n       4:       if r3 > r2 goto +18 <LBB5_5>\n       5:       w2 = 0\n       6:       *(u32 *)(r1 + 0) = r2\n       7:       r1 = *(u32 *)(r1 + 0)\n       8:       r2 = 1\n       9:       if w1 == 0 goto +1 <LBB5_3>\n      10:       r2 = -1\n\n0000000000000058 <LBB5_3>:\n      11:       r1 = 0 ll\n      13:       r3 = 0\n      14:       call bpf_ringbuf_reserve\n      15:       if r0 == 0 goto +7 <LBB5_5>\n      16:       r1 = r0\n      17:       r1 += 16777215\n      18:       w2 = 0\n      19:       *(u8 *)(r1 + 0) = r2\n      20:       r1 = r0\n      21:       r2 = 0\n      22:       call bpf_ringbuf_submit\n\n00000000000000b8 <LBB5_5>:\n      23:       w0 = 0\n      24:       exit\n\nFor the first case, the single line execution's exploration will prune\nthe search at insn 14 for the branch insn 9's second leg as it will be\nverified first using r2 = -1 (UINT_MAX), while as w1 at insn 9 will\nalways be 0 so at runtime we don't get error for being greater than\nUINT_MAX/4 from bpf_ringbuf_reserve. The verifier during regsafe just\nsees reg->precise as false for both r2 registers in both states, hence\nconsiders them equal for purposes of states_equal.\n\nIf we propagated precise markers using the backtracking support, we\nwould use the precise marking to then ensure that old r2 (UINT_MAX) was\nwithin the new r2 (1) and this would never be true, so the verification\nwould rightfully fail.\n\nThe end result is that the out of bounds access at instruction 19 would\nbe permitted without this fix.\n\nNote that reg->precise is always set to true when user does not have\nCAP_BPF (or when subprog count is greater than 1 (i.e. use of any static\nor global functions)), hence this is only a problem when precision marks\nneed to be explicitly propagated (i.e. privileged users with CAP_BPF).\n\nA simplified test case has been included in the next patch to prevent\nfuture regressions."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/2459615a8d7f44ac81f0965bc094e55ccb254717",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/2fc31465c5373b5ca4edf2e5238558cb62902311",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49962.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49962",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:23.457",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix null pointer dereference in remove if xHC has only one roothub\n\nThe remove path in xhci platform driver tries to remove and put both main\nand shared hcds even if only a main hcd exists (one roothub)\n\nThis causes a null pointer dereference in reboot for those controllers.\n\nCheck that the shared_hcd exists before trying to remove it."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/4a593a62a9e3a25ab4bc37f612e4edec144f7f43",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/7081b2f34ff291ada012bd6abacaf7d51c4cf73f",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49963.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49963",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:23.570",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/ttm: fix CCS handling\n\nCrucible + recent Mesa seems to sometimes hit:\n\nGEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER)\n\nAnd it looks like we can also trigger this with gem_lmem_swapping, if we\nmodify the test to use slightly larger object sizes.\n\nLooking closer it looks like we have the following issues in\nmigrate_copy():\n\n  - We are using plain integer in various places, which we can easily\n    overflow with a large object.\n\n  - We pass the entire object size (when the src is lmem) into\n    emit_pte() and then try to copy it, which doesn't work, since we\n    only have a few fixed sized windows in which to map the pages and\n    perform the copy. With an object > 8M we therefore aren't properly\n    copying the pages. And then with an object > 64M we trigger the\n    GEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER).\n\nSo it looks like our copy handling for any object > 8M (which is our\nCHUNK_SZ) is currently broken on DG2.\n\nTestcase: igt@gem_lmem_swapping\n(cherry picked from commit 8676145eb2f53a9940ff70910caf0125bd8a4bc2)"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/8d905254162965c8e6be697d82c7dbf5d08f574d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/97434cb55bd884bd268626ec41489f79b261b2d4",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49964.json

@@ -1,41 +0,0 @@
-{
-  "id": "CVE-2022-49964",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:23.677",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level\n\nThough acpi_find_last_cache_level() always returned signed value and the\ndocument states it will return any errors caused by lack of a PPTT table,\nit never returned negative values before.\n\nCommit 0c80f9e165f8 (\"ACPI: PPTT: Leave the table mapped for the runtime usage\")\nhowever changed it by returning -ENOENT if no PPTT was found. The value\nreturned from acpi_find_last_cache_level() is then assigned to unsigned\nfw_level.\n\nIt will result in the number of cache leaves calculated incorrectly as\na huge value which will then cause the following warning from __alloc_pages\nas the order would be great than MAX_ORDER because of incorrect and huge\ncache leaves value.\n\n  |  WARNING: CPU: 0 PID: 1 at mm/page_alloc.c:5407 __alloc_pages+0x74/0x314\n  |  Modules linked in:\n  |  CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-10393-g7c2a8d3ac4c0 #73\n  |  pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  |  pc : __alloc_pages+0x74/0x314\n  |  lr : alloc_pages+0xe8/0x318\n  |  Call trace:\n  |   __alloc_pages+0x74/0x314\n  |   alloc_pages+0xe8/0x318\n  |   kmalloc_order_trace+0x68/0x1dc\n  |   __kmalloc+0x240/0x338\n  |   detect_cache_attributes+0xe0/0x56c\n  |   update_siblings_masks+0x38/0x284\n  |   store_cpu_topology+0x78/0x84\n  |   smp_prepare_cpus+0x48/0x134\n  |   kernel_init_freeable+0xc4/0x14c\n  |   kernel_init+0x2c/0x1b4\n  |   ret_from_fork+0x10/0x20\n\nFix the same by changing fw_level to be signed integer and return the\nerror from init_cache_level() early in case of error."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/1668c38ef2e5bb80dbee88afcecfcdc3e7abc2aa",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/29906311b351e5398aff2c5dc209f8b6c9d6a410",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/43b9af72751a98cb9c074b170fc244714aeb59d5",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a754ee1c66bd0a23e613f0bf865053b29cb90e16",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e75d18cecbb3805895d8ed64da4f78575ec96043",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/fcab25a6b0ace130589d810390d1ce3698b53604",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49965.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49965",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:23.797",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics\n\nWithout these, potential memory leak may be induced."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/22a75c616f1971c23838506b14971a4ef4a66bd7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/4bac1c846eff8042dd59ddecd0a43f3b9de5fd23",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49966.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-49966",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:23.903",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid\n\nTo avoid any potential memory leak."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0a2d922a5618377cdf8fa476351362733ef55342",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/4d21584ac6392aa66171b7efd647ecd1a447556b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/60d522f317078381ff8a3599fe808f96fc256cd5",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a89e753d5a9f3b321f4a3098e2755c5aabcff0af",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49967.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49967",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:24.013",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a data-race around bpf_jit_limit.\n\nWhile reading bpf_jit_limit, it can be changed concurrently via sysctl,\nWRITE_ONCE() in __do_proc_doulongvec_minmax(). The size of bpf_jit_limit\nis long, so we need to add a paired READ_ONCE() to avoid load-tearing."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0947ae1121083d363d522ff7518ee72b55bd8d29",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/ba632ad0bacb13197a8f38e7526448974e87f292",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49968.json

@@ -1,41 +0,0 @@
-{
-  "id": "CVE-2022-49968",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:24.123",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nieee802154/adf7242: defer destroy_workqueue call\n\nThere is a possible race condition (use-after-free) like below\n\n  (FREE)                     |  (USE)\n  adf7242_remove             |  adf7242_channel\n   cancel_delayed_work_sync  |\n    destroy_workqueue (1)    |   adf7242_cmd_rx\n                             |    mod_delayed_work (2)\n                             |\n\nThe root cause for this race is that the upper layer (ieee802154) is\nunaware of this detaching event and the function adf7242_channel can\nbe called without any checks.\n\nTo fix this, we can add a flag write at the beginning of adf7242_remove\nand add flag check in adf7242_channel. Or we can just defer the\ndestructive operation like other commit 3e0588c291d6 (\"hamradio: defer\nax25 kfree after unregister_netdev\") which let the\nieee802154_unregister_hw() to handle the synchronization. This patch\ntakes the second option.\n\nruns\")"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/15f3b89bd521d5770d36a61fc04a77c293138ba6",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/23a29932715ca43bceb2eae1bdb770995afe7271",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9f8558c5c642c62c450c98c99b7d18a709fff485",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/afe7116f6d3b888778ed6d95e3cf724767b9aedf",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/bed12d7531df1417fc92c691999ff95e03835008",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49969.json

@@ -1,41 +0,0 @@
-{
-  "id": "CVE-2022-49969",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:24.237",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: clear optc underflow before turn off odm clock\n\n[Why]\nAfter ODM clock off, optc underflow bit will be kept there always and clear not work.\nWe need to clear that before clock off.\n\n[How]\nClear that if have when clock off."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/3101839b080137c367f3f88c2a040f791de880aa",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/3c1dfeaeb3b4e3ea656041da1241e6ee3c3b3202",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/443687798d6f094412b7312b64b3bb4d99aedff7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5ee30bcfdb32526233d2572f3d9ec371928679f1",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/814b756d4ec3a8728debb116cf49005feada7750",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/b2a93490201300a749ad261b5c5d05cb50179c44",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49970.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-49970",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:24.357",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cgroup: Fix kernel BUG in purge_effective_progs\n\nSyzkaller reported a triggered kernel BUG as follows:\n\n  ------------[ cut here ]------------\n  kernel BUG at kernel/bpf/cgroup.c:925!\n  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 1 PID: 194 Comm: detach Not tainted 5.19.0-14184-g69dac8e431af #8\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n  rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__cgroup_bpf_detach+0x1f2/0x2a0\n  Code: 00 e8 92 60 30 00 84 c0 75 d8 4c 89 e0 31 f6 85 f6 74 19 42 f6 84\n  28 48 05 00 00 02 75 0e 48 8b 80 c0 00 00 00 48 85 c0 75 e5 <0f> 0b 48\n  8b 0c5\n  RSP: 0018:ffffc9000055bdb0 EFLAGS: 00000246\n  RAX: 0000000000000000 RBX: ffff888100ec0800 RCX: ffffc900000f1000\n  RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888100ec4578\n  RBP: 0000000000000000 R08: ffff888100ec0800 R09: 0000000000000040\n  R10: 0000000000000000 R11: 0000000000000000 R12: ffff888100ec4000\n  R13: 000000000000000d R14: ffffc90000199000 R15: ffff888100effb00\n  FS:  00007f68213d2b80(0000) GS:ffff88813bc80000(0000)\n  knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 000055f74a0e5850 CR3: 0000000102836000 CR4: 00000000000006e0\n  Call Trace:\n   <TASK>\n   cgroup_bpf_prog_detach+0xcc/0x100\n   __sys_bpf+0x2273/0x2a00\n   __x64_sys_bpf+0x17/0x20\n   do_syscall_64+0x3b/0x90\n   entry_SYSCALL_64_after_hwframe+0x63/0xcd\n  RIP: 0033:0x7f68214dbcb9\n  Code: 08 44 89 e0 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 48 89 f8 48 89\n  f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\n  f0 ff8\n  RSP: 002b:00007ffeb487db68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141\n  RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f68214dbcb9\n  RDX: 0000000000000090 RSI: 00007ffeb487db70 RDI: 0000000000000009\n  RBP: 0000000000000003 R08: 0000000000000012 R09: 0000000b00000003\n  R10: 00007ffeb487db70 R11: 0000000000000246 R12: 00007ffeb487dc20\n  R13: 0000000000000004 R14: 0000000000000001 R15: 000055f74a1011b0\n   </TASK>\n  Modules linked in:\n  ---[ end trace 0000000000000000 ]---\n\nRepetition steps:\n\nFor the following cgroup tree,\n\n  root\n   |\n  cg1\n   |\n  cg2\n\n  1. attach prog2 to cg2, and then attach prog1 to cg1, both bpf progs\n     attach type is NONE or OVERRIDE.\n  2. write 1 to /proc/thread-self/fail-nth for failslab.\n  3. detach prog1 for cg1, and then kernel BUG occur.\n\nFailslab injection will cause kmalloc fail and fall back to\npurge_effective_progs. The problem is that cg2 have attached another prog,\nso when go through cg2 layer, iteration will add pos to 1, and subsequent\noperations will be skipped by the following condition, and cg will meet\nNULL in the end.\n\n  `if (pos && !(cg->bpf.flags[atype] & BPF_F_ALLOW_MULTI))`\n\nThe NULL cg means no link or prog match, this is as expected, and it's not\na bug. So here just skip the no match situation."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/222bd95c89b135fde21f0bd0cb5cc1611c0c576c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/7d6620f107bae6ed687ff07668e8e8f855487aa9",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a1a05d3ae58299b040da4d5b27e72e81c2132e0b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c5f975e3ebfa57be13393c585a4b58ea707023cb",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49971.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49971",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:24.473",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix a potential gpu_metrics_table memory leak\n\nMemory is allocated for gpu_metrics_table in\nsmu_v13_0_4_init_smc_tables(), but not freed in\nsmu_v13_0_4_fini_smc_tables(). This may cause memory leaks, fix it."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/4b25bdb54578f3b96ff055e5d27bc1cb82950e51",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5afb76522a0af0513b6dc01f84128a73206b051b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49972.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49972",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:24.570",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix corrupted packets for XDP_SHARED_UMEM\n\nFix an issue in XDP_SHARED_UMEM mode together with aligned mode where\npackets are corrupted for the second and any further sockets bound to\nthe same umem. In other words, this does not affect the first socket\nbound to the umem. The culprit for this bug is that the initialization\nof the DMA addresses for the pre-populated xsk buffer pool entries was\nnot performed for any socket but the first one bound to the umem. Only\nthe linear array of DMA addresses was populated. Fix this by populating\nthe DMA addresses in the xsk buffer pool for every socket bound to the\nsame umem."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/2c75891d56ab6fe5ba0d415bfad91d514a4027cd",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/58ca14ed98c87cfe0d1408cc65a9745d9e9b7a56",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49973.json

@@ -1,29 +0,0 @@
-{
-  "id": "CVE-2022-49973",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:24.673",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nskmsg: Fix wrong last sg check in sk_msg_recvmsg()\n\nFix one kernel NULL pointer dereference as below:\n\n[  224.462334] Call Trace:\n[  224.462394]  __tcp_bpf_recvmsg+0xd3/0x380\n[  224.462441]  ? sock_has_perm+0x78/0xa0\n[  224.462463]  tcp_bpf_recvmsg+0x12e/0x220\n[  224.462494]  inet_recvmsg+0x5b/0xd0\n[  224.462534]  __sys_recvfrom+0xc8/0x130\n[  224.462574]  ? syscall_trace_enter+0x1df/0x2e0\n[  224.462606]  ? __do_page_fault+0x2de/0x500\n[  224.462635]  __x64_sys_recvfrom+0x24/0x30\n[  224.462660]  do_syscall_64+0x5d/0x1d0\n[  224.462709]  entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nIn commit 9974d37ea75f (\"skmsg: Fix invalid last sg check in\nsk_msg_recvmsg()\"), we change last sg check to sg_is_last(),\nbut in sockmap redirection case (without stream_parser/stream_verdict/\nskb_verdict), we did not mark the end of the scatterlist. Check the\nsk_msg_alloc, sk_msg_page_add, and bpf_msg_push_data functions, they all\ndo not mark the end of sg. They are expected to use sg.end for end\njudgment. So the judgment of '(i != msg_rx->sg.end)' is added back here."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/10ee118a1756141f8e9c87aa7344ed12b41630a8",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/583585e48d965338e73e1eb383768d16e0922d73",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/de22cba333d8699ad77e79f862fe1320cb1284de",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49974.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49974",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:24.783",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nintendo: fix rumble worker null pointer deref\n\nWe can dereference a null pointer trying to queue work to a destroyed\nworkqueue.\n\nIf the device is disconnected, nintendo_hid_remove is called, in which\nthe rumble_queue is destroyed. Avoid using that queue to defer rumble\nwork once the controller state is set to JOYCON_CTLR_STATE_REMOVED.\n\nThis eliminates the null pointer dereference."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/1ff89e06c2e5fab30274e4b02360d4241d6e605e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/7c6e6c334154be16740b44dcd7638fb510b9bd91",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49975.json

@@ -1,37 +0,0 @@
-{
-  "id": "CVE-2022-49975",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:24.893",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Don't redirect packets with invalid pkt_len\n\nSyzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any\nskbs, that is, the flow->head is null.\nThe root cause, as the [2] says, is because that bpf_prog_test_run_skb()\nrun a bpf prog which redirects empty skbs.\nSo we should determine whether the length of the packet modified by bpf\nprog or others like bpf_prog_test is valid before forwarding it directly."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/6204bf78b2a903b96ba43afff6abc0b04d6e0462",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/72f2dc8993f10262092745a88cb2dd0fef094f23",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/8b68e53d56697a59b5c53893b53f508bbdf272a0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a75987714bd2d8e59840667a28e15c1fa5c47554",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/fd1894224407c484f652ad456e1ce423e89bb3eb",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49976.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49976",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:25.007",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS\n\nThe x86-android-tablets handling for the Chuwi Hi8 is only necessary with\nthe Android BIOS and it is causing problems with the Windows BIOS version.\n\nSpecifically when trying to register the already present touchscreen\nx86_acpi_irq_helper_get() calls acpi_unregister_gsi(), this breaks\nthe working of the touchscreen and also leads to an oops:\n\n[   14.248946] ------------[ cut here ]------------\n[   14.248954] remove_proc_entry: removing non-empty directory 'irq/75', leaking at least 'MSSL0001:00'\n[   14.248983] WARNING: CPU: 3 PID: 440 at fs/proc/generic.c:718 remove_proc_entry\n...\n[   14.249293]  unregister_irq_proc+0xe0/0x100\n[   14.249305]  free_desc+0x29/0x70\n[   14.249312]  irq_free_descs+0x4b/0x80\n[   14.249320]  mp_unmap_irq+0x5c/0x60\n[   14.249329]  acpi_unregister_gsi_ioapic+0x2a/0x40\n[   14.249338]  x86_acpi_irq_helper_get+0x4b/0x190 [x86_android_tablets]\n[   14.249355]  x86_android_tablet_init+0x178/0xe34 [x86_android_tablets]\n\nAdd an init callback for the Chuwi Hi8, which detects when the Windows BIOS\nis in use and exits with -ENODEV in that case, fixing this."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/2986c51540ed50ac654ffb5a772e546c02628c91",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c77b724cddfb8ac1291a60e3e68937e62cbfc5e0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49977.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-49977",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:25.120",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead\n\nftrace_startup does not remove ops from ftrace_ops_list when\nftrace_startup_enable fails:\n\nregister_ftrace_function\n  ftrace_startup\n    __register_ftrace_function\n      ...\n      add_ftrace_ops(&ftrace_ops_list, ops)\n      ...\n    ...\n    ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1\n    ...\n  return 0 // ops is in the ftrace_ops_list.\n\nWhen ftrace_disabled = 1, unregister_ftrace_function simply returns without doing anything:\nunregister_ftrace_function\n  ftrace_shutdown\n    if (unlikely(ftrace_disabled))\n            return -ENODEV;  // return here, __unregister_ftrace_function is not executed,\n                             // as a result, ops is still in the ftrace_ops_list\n    __unregister_ftrace_function\n    ...\n\nIf ops is dynamically allocated, it will be free later, in this case,\nis_ftrace_trampoline accesses NULL pointer:\n\nis_ftrace_trampoline\n  ftrace_ops_trampoline\n    do_for_each_ftrace_op(op, ftrace_ops_list) // OOPS! op may be NULL!\n\nSyzkaller reports as follows:\n[ 1203.506103] BUG: kernel NULL pointer dereference, address: 000000000000010b\n[ 1203.508039] #PF: supervisor read access in kernel mode\n[ 1203.508798] #PF: error_code(0x0000) - not-present page\n[ 1203.509558] PGD 800000011660b067 P4D 800000011660b067 PUD 130fb8067 PMD 0\n[ 1203.510560] Oops: 0000 [#1] SMP KASAN PTI\n[ 1203.511189] CPU: 6 PID: 29532 Comm: syz-executor.2 Tainted: G    B   W         5.10.0 #8\n[ 1203.512324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n[ 1203.513895] RIP: 0010:is_ftrace_trampoline+0x26/0xb0\n[ 1203.514644] Code: ff eb d3 90 41 55 41 54 49 89 fc 55 53 e8 f2 00 fd ff 48 8b 1d 3b 35 5d 03 e8 e6 00 fd ff 48 8d bb 90 00 00 00 e8 2a 81 26 00 <48> 8b ab 90 00 00 00 48 85 ed 74 1d e8 c9 00 fd ff 48 8d bb 98 00\n[ 1203.518838] RSP: 0018:ffffc900012cf960 EFLAGS: 00010246\n[ 1203.520092] RAX: 0000000000000000 RBX: 000000000000007b RCX: ffffffff8a331866\n[ 1203.521469] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000010b\n[ 1203.522583] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8df18b07\n[ 1203.523550] R10: fffffbfff1be3160 R11: 0000000000000001 R12: 0000000000478399\n[ 1203.524596] R13: 0000000000000000 R14: ffff888145088000 R15: 0000000000000008\n[ 1203.525634] FS:  00007f429f5f4700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000\n[ 1203.526801] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1203.527626] CR2: 000000000000010b CR3: 0000000170e1e001 CR4: 00000000003706e0\n[ 1203.528611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 1203.529605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n\nTherefore, when ftrace_startup_enable fails, we need to rollback registration\nprocess and remove ops from ftrace_ops_list."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/4c34a2a6c9927c239dd2e295a03d49b37b618d2c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/8569b4ada1e0b9bfaa125bd0c0967918b6560fa2",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/934e49f7d696afdae9f979abe3f308408184e17b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c3b0f72e805f0801f05fa2aa52011c4bfc694c44",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d81bd6671f45fde4c3ac7fd7733c6e3082ae9d8e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/dbd8c8fc60480e3faa3ae7e27ebe03371ecd1b77",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/ddffe882d74ef43a3494f0ab0c24baf076c45f96",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e4ae97295984ff1b9b340ed18ae1b066f36b7835",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49978.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-49978",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:25.243",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fb_pm2fb: Avoid potential divide by zero error\n\nIn `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be\ncopied from user, then go through `fb_set_var()` and\n`info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`.\nAlong the path, `var->pixclock` won't be modified. This function checks\nwhether reciprocal of `var->pixclock` is too high. If `var->pixclock` is\nzero, there will be a divide by zero error. So, it is necessary to check\nwhether denominator is zero to avoid crash. As this bug is found by\nSyzkaller, logs are listed below.\n\ndivide error in pm2fb_check_var\nCall Trace:\n <TASK>\n fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0f1174f4972ea9fad6becf8881d71adca8e9ca91",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/19f953e7435644b81332dd632ba1b2d80b1e37af",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/34c3dea1189525cd533071ed5c176fc4ea8d982b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/3ec326a6a0d4667585ca595f438c7293e5ced7c4",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/7d9591b32a9092fc6391a316b56e8016c6181c3d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/7f88cdfea8d7f4dbaf423d808241403b2bb945e4",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/8fc778ee2fb2853f7a3531fa7273349640d8e4e9",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/cb4bb011a683532841344ca7f281b5e04389b4f8",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49979.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-49979",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:25.363",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix refcount bug in sk_psock_get (2)\n\nSyzkaller reports refcount bug as follows:\n------------[ cut here ]------------\nrefcount_t: saturated; leaking memory.\nWARNING: CPU: 1 PID: 3605 at lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19\nModules linked in:\nCPU: 1 PID: 3605 Comm: syz-executor208 Not tainted 5.18.0-syzkaller-03023-g7e062cda7d90 #0\n <TASK>\n __refcount_add_not_zero include/linux/refcount.h:163 [inline]\n __refcount_inc_not_zero include/linux/refcount.h:227 [inline]\n refcount_inc_not_zero include/linux/refcount.h:245 [inline]\n sk_psock_get+0x3bc/0x410 include/linux/skmsg.h:439\n tls_data_ready+0x6d/0x1b0 net/tls/tls_sw.c:2091\n tcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4983\n tcp_data_queue+0x25f2/0x4c90 net/ipv4/tcp_input.c:5057\n tcp_rcv_state_process+0x1774/0x4e80 net/ipv4/tcp_input.c:6659\n tcp_v4_do_rcv+0x339/0x980 net/ipv4/tcp_ipv4.c:1682\n sk_backlog_rcv include/net/sock.h:1061 [inline]\n __release_sock+0x134/0x3b0 net/core/sock.c:2849\n release_sock+0x54/0x1b0 net/core/sock.c:3404\n inet_shutdown+0x1e0/0x430 net/ipv4/af_inet.c:909\n __sys_shutdown_sock net/socket.c:2331 [inline]\n __sys_shutdown_sock net/socket.c:2325 [inline]\n __sys_shutdown+0xf1/0x1b0 net/socket.c:2343\n __do_sys_shutdown net/socket.c:2351 [inline]\n __se_sys_shutdown net/socket.c:2349 [inline]\n __x64_sys_shutdown+0x50/0x70 net/socket.c:2349\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n </TASK>\n\nDuring SMC fallback process in connect syscall, kernel will\nreplaces TCP with SMC. In order to forward wakeup\nsmc socket waitqueue after fallback, kernel will sets\nclcsk->sk_user_data to origin smc socket in\nsmc_fback_replace_callbacks().\n\nLater, in shutdown syscall, kernel will calls\nsk_psock_get(), which treats the clcsk->sk_user_data\nas psock type, triggering the refcnt warning.\n\nSo, the root cause is that smc and psock, both will use\nsk_user_data field. So they will mismatch this field\neasily.\n\nThis patch solves it by using another bit(defined as\nSK_USER_DATA_PSOCK) in PTRMASK, to mark whether\nsk_user_data points to a psock object or not.\nThis patch depends on a PTRMASK introduced in commit f1ff5ce2cd5e\n(\"net, sk_msg: Clear sk_user_data pointer on clone if tagged\").\n\nFor there will possibly be more flags in the sk_user_data field,\nthis patch also refactor sk_user_data flags code to be more generic\nto improve its maintainability."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/2a0133723f9ebeb751cfce19f74ec07e108bef1f",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/61cc798591a36ca27eb7d8d6c09bf20e50a59968",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/86026be8535c16fcc5e4f960286faf04d7f77815",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a5d1cb908131e939bd8b63b8e5e23365bbc2edaf",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49980.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49980",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:25.480",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix use-after-free Read in usb_udc_uevent()\n\nThe syzbot fuzzer found a race between uevent callbacks and gadget\ndriver unregistration that can cause a use-after-free bug:\n\n---------------------------------------------------------------\nBUG: KASAN: use-after-free in usb_udc_uevent+0x11f/0x130\ndrivers/usb/gadget/udc/core.c:1732\nRead of size 8 at addr ffff888078ce2050 by task udevd/2968\n\nCPU: 1 PID: 2968 Comm: udevd Not tainted 5.19.0-rc4-next-20220628-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google\n06/29/2022\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:317 [inline]\n print_report.cold+0x2ba/0x719 mm/kasan/report.c:433\n kasan_report+0xbe/0x1f0 mm/kasan/report.c:495\n usb_udc_uevent+0x11f/0x130 drivers/usb/gadget/udc/core.c:1732\n dev_uevent+0x290/0x770 drivers/base/core.c:2424\n---------------------------------------------------------------\n\nThe bug occurs because usb_udc_uevent() dereferences udc->driver but\ndoes so without acquiring the udc_lock mutex, which protects this\nfield.  If the gadget driver is unbound from the udc concurrently with\nuevent processing, the driver structure may be accessed after it has\nbeen deallocated.\n\nTo prevent the race, we make sure that the routine holds the mutex\naround the racing accesses."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/2191c00855b03aa59c20e698be713d952d51fc18",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f44b0b95d50fffeca036e1ba36770390e0b519dd",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49981.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-49981",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:25.597",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hidraw: fix memory leak in hidraw_release()\n\nFree the buffered reports before deleting the list entry.\n\nBUG: memory leak\nunreferenced object 0xffff88810e72f180 (size 32):\n  comm \"softirq\", pid 0, jiffies 4294945143 (age 16.080s)\n  hex dump (first 32 bytes):\n    64 f3 c6 6a d1 88 07 04 00 00 00 00 00 00 00 00  d..j............\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [<ffffffff814ac6c3>] kmemdup+0x23/0x50 mm/util.c:128\n    [<ffffffff8357c1d2>] kmemdup include/linux/fortify-string.h:440 [inline]\n    [<ffffffff8357c1d2>] hidraw_report_event+0xa2/0x150 drivers/hid/hidraw.c:521\n    [<ffffffff8356ddad>] hid_report_raw_event+0x27d/0x740 drivers/hid/hid-core.c:1992\n    [<ffffffff8356e41e>] hid_input_report+0x1ae/0x270 drivers/hid/hid-core.c:2065\n    [<ffffffff835f0d3f>] hid_irq_in+0x1ff/0x250 drivers/hid/usbhid/hid-core.c:284\n    [<ffffffff82d3c7f9>] __usb_hcd_giveback_urb+0xf9/0x230 drivers/usb/core/hcd.c:1670\n    [<ffffffff82d3cc26>] usb_hcd_giveback_urb+0x1b6/0x1d0 drivers/usb/core/hcd.c:1747\n    [<ffffffff82ef1e14>] dummy_timer+0x8e4/0x14c0 drivers/usb/gadget/udc/dummy_hcd.c:1988\n    [<ffffffff812f50a8>] call_timer_fn+0x38/0x200 kernel/time/timer.c:1474\n    [<ffffffff812f5586>] expire_timers kernel/time/timer.c:1519 [inline]\n    [<ffffffff812f5586>] __run_timers.part.0+0x316/0x430 kernel/time/timer.c:1790\n    [<ffffffff812f56e4>] __run_timers kernel/time/timer.c:1768 [inline]\n    [<ffffffff812f56e4>] run_timer_softirq+0x44/0x90 kernel/time/timer.c:1803\n    [<ffffffff848000e6>] __do_softirq+0xe6/0x2ea kernel/softirq.c:571\n    [<ffffffff81246db0>] invoke_softirq kernel/softirq.c:445 [inline]\n    [<ffffffff81246db0>] __irq_exit_rcu kernel/softirq.c:650 [inline]\n    [<ffffffff81246db0>] irq_exit_rcu+0xc0/0x110 kernel/softirq.c:662\n    [<ffffffff84574f02>] sysvec_apic_timer_interrupt+0xa2/0xd0 arch/x86/kernel/apic/apic.c:1106\n    [<ffffffff84600c8b>] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649\n    [<ffffffff8458a070>] native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]\n    [<ffffffff8458a070>] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]\n    [<ffffffff8458a070>] acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]\n    [<ffffffff8458a070>] acpi_idle_do_entry+0xc0/0xd0 drivers/acpi/processor_idle.c:554"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/1bea0bbf66001b0c7bf239a4d70eaf47824d3feb",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/52a3c62a815161c2dcf38ac421f6c41d8679462b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/53c7c4d5d40b45c127cb1193bf3e9670f844c3cf",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/7e2fa79226580b035b00260d9f240ab9bda4af5d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a5623a203cffe2d2b84d2f6c989d9017db1856af",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c06b013f5cbfeafe0a9cfa5a7128604c34e0e517",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/dfd27a737283313a3e626e97b9d9b2d8d6a94188",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f5b7e9611cffec345d62d5bdd8b6e30e89956818",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49982.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-49982",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:25.720",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix memory leak in pvr_probe\n\nThe error handling code in pvr2_hdw_create forgets to unregister the\nv4l2 device. When pvr2_hdw_create returns back to pvr2_context_create,\nit calls pvr2_context_destroy to destroy context, but mp->hdw is NULL,\nwhich leads to that pvr2_hdw_destroy directly returns.\n\nFix this by adding v4l2_device_unregister to decrease the refcount of\nusb interface."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/2fe46195d2f0d5d09ea65433aefe47a4d0d0ff4d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/466b67c0543b2ae67814d053f6e29b39be6b33bb",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/491762b3250fb06a0c97b5198656ea48359eaeed",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/945a9a8e448b65bec055d37eba58f711b39f66f0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/ba7dd8a9686a61a34b3a7b922ce721378d4740d0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/bacb37bdc2a21c8f7fdc83dcc0dea2f4ca1341fb",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c02d2a91a85c4c4d05826cd1ea74a9b8d42e4280",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f2f6e67522916f53ad8ccd4dbe68dcf76e9776e5",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49983.json

@@ -1,37 +0,0 @@
-{
-  "id": "CVE-2022-49983",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:25.840",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: Set the DMA mask for the udmabuf device (v2)\n\nIf the DMA mask is not set explicitly, the following warning occurs\nwhen the userspace tries to access the dma-buf via the CPU as\nreported by syzbot here:\n\nWARNING: CPU: 1 PID: 3595 at kernel/dma/mapping.c:188\n__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188\nModules linked in:\nCPU: 0 PID: 3595 Comm: syz-executor249 Not tainted\n5.17.0-rc2-syzkaller-00316-g0457e5153e0e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS\nGoogle 01/01/2011\nRIP: 0010:__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188\nCode: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 71 4c 8b 3d c0\n83 b5 0d e9 db fe ff ff e8 b6 0f 13 00 0f 0b e8 af 0f 13 00 <0f> 0b 45\n   31 e4 e9 54 ff ff ff e8 a0 0f 13 00 49 8d 7f 50 48 b8 00\nRSP: 0018:ffffc90002a07d68 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88807e25e2c0 RSI: ffffffff81649e91 RDI: ffff88801b848408\nRBP: ffff88801b848000 R08: 0000000000000002 R09: ffff88801d86c74f\nR10: ffffffff81649d72 R11: 0000000000000001 R12: 0000000000000002\nR13: ffff88801d86c680 R14: 0000000000000001 R15: 0000000000000000\nFS:  0000555556e30300(0000) GS:ffff8880b9d00000(0000)\nknlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200000cc CR3: 000000001d74a000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n dma_map_sgtable+0x70/0xf0 kernel/dma/mapping.c:264\n get_sg_table.isra.0+0xe0/0x160 drivers/dma-buf/udmabuf.c:72\n begin_cpu_udmabuf+0x130/0x1d0 drivers/dma-buf/udmabuf.c:126\n dma_buf_begin_cpu_access+0xfd/0x1d0 drivers/dma-buf/dma-buf.c:1164\n dma_buf_ioctl+0x259/0x2b0 drivers/dma-buf/dma-buf.c:363\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f62fcf530f9\nCode: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89\nf7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\nf0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffe3edab9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f62fcf530f9\nRDX: 0000000020000200 RSI: 0000000040086200 RDI: 0000000000000006\nRBP: 00007f62fcf170e0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f62fcf17170\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n </TASK>\n\nv2: Dont't forget to deregister if DMA mask setup fails."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/63d8c1933ed280717f934e2bc2edd869bb66f329",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/872875c9ecf8fa2e1d82bb2f2f1963f571aa8959",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9e9fa6a9198b767b00f48160800128e83a038f9f",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e658538c610c6047b3c9f552e73801894d9284b1",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f2f6ea1a8da1317430a84701fc0170449ee88315",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49984.json

@@ -1,41 +0,0 @@
-{
-  "id": "CVE-2022-49984",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:25.953",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report\n\nIt is possible for a malicious device to forgo submitting a Feature\nReport.  The HID Steam driver presently makes no prevision for this\nand de-references the 'struct hid_report' pointer obtained from the\nHID devices without first checking its validity.  Let's change that."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/989560b6d9e00d99e07bc33067fa1c770994bf4d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c20d03b82a2e3ddbb555dad4d4f3374a9763222c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/cd11d1a6114bd4bc6450ae59f6e110ec47362126",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/dc815761948ab5b8c94db6cb53c95103588f16ae",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/dee1e51b54794e90763e70a3c78f27ba4fa930ec",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/fa2b822d86be5b5ad54fe4fa2daca464e71ff90a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49985.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-49985",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:26.067",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Don't use tnum_range on array range checking for poke descriptors\n\nHsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which\nis based on a customized syzkaller:\n\n  BUG: KASAN: slab-out-of-bounds in bpf_int_jit_compile+0x1257/0x13f0\n  Read of size 8 at addr ffff888004e90b58 by task syz-executor.0/1489\n  CPU: 1 PID: 1489 Comm: syz-executor.0 Not tainted 5.19.0 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n  1.13.0-1ubuntu1.1 04/01/2014\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x9c/0xc9\n   print_address_description.constprop.0+0x1f/0x1f0\n   ? bpf_int_jit_compile+0x1257/0x13f0\n   kasan_report.cold+0xeb/0x197\n   ? kvmalloc_node+0x170/0x200\n   ? bpf_int_jit_compile+0x1257/0x13f0\n   bpf_int_jit_compile+0x1257/0x13f0\n   ? arch_prepare_bpf_dispatcher+0xd0/0xd0\n   ? rcu_read_lock_sched_held+0x43/0x70\n   bpf_prog_select_runtime+0x3e8/0x640\n   ? bpf_obj_name_cpy+0x149/0x1b0\n   bpf_prog_load+0x102f/0x2220\n   ? __bpf_prog_put.constprop.0+0x220/0x220\n   ? find_held_lock+0x2c/0x110\n   ? __might_fault+0xd6/0x180\n   ? lock_downgrade+0x6e0/0x6e0\n   ? lock_is_held_type+0xa6/0x120\n   ? __might_fault+0x147/0x180\n   __sys_bpf+0x137b/0x6070\n   ? bpf_perf_link_attach+0x530/0x530\n   ? new_sync_read+0x600/0x600\n   ? __fget_files+0x255/0x450\n   ? lock_downgrade+0x6e0/0x6e0\n   ? fput+0x30/0x1a0\n   ? ksys_write+0x1a8/0x260\n   __x64_sys_bpf+0x7a/0xc0\n   ? syscall_enter_from_user_mode+0x21/0x70\n   do_syscall_64+0x3b/0x90\n   entry_SYSCALL_64_after_hwframe+0x63/0xcd\n  RIP: 0033:0x7f917c4e2c2d\n\nThe problem here is that a range of tnum_range(0, map->max_entries - 1) has\nlimited ability to represent the concrete tight range with the tnum as the\nset of resulting states from value + mask can result in a superset of the\nactual intended range, and as such a tnum_in(range, reg->var_off) check may\nyield true when it shouldn't, for example tnum_range(0, 2) would result in\n00XX -> v = 0000, m = 0011 such that the intended set of {0, 1, 2} is here\nrepresented by a less precise superset of {0, 1, 2, 3}. As the register is\nknown const scalar, really just use the concrete reg->var_off.value for the\nupper index check."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/4f672112f8665102a5842c170be1713f8ff95919",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a36df92c7ff7ecde2fb362241d0ab024dddd0597",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a657182a5c5150cdfacb6640aad1d2712571a409",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e8979807178434db8ceaa84dfcd44363e71e50bb",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49986.json

@@ -1,41 +0,0 @@
-{
-  "id": "CVE-2022-49986",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:26.183",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq\n\nstorvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as it\ndoesn't need to make forward progress under memory pressure.  Marking this\nworkqueue as WQ_MEM_RECLAIM may cause deadlock while flushing a\nnon-WQ_MEM_RECLAIM workqueue.  In the current state it causes the following\nwarning:\n\n[   14.506347] ------------[ cut here ]------------\n[   14.506354] workqueue: WQ_MEM_RECLAIM storvsc_error_wq_0:storvsc_remove_lun is flushing !WQ_MEM_RECLAIM events_freezable_power_:disk_events_workfn\n[   14.506360] WARNING: CPU: 0 PID: 8 at <-snip->kernel/workqueue.c:2623 check_flush_dependency+0xb5/0x130\n[   14.506390] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.4.0-1086-azure #91~18.04.1-Ubuntu\n[   14.506391] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022\n[   14.506393] Workqueue: storvsc_error_wq_0 storvsc_remove_lun\n[   14.506395] RIP: 0010:check_flush_dependency+0xb5/0x130\n\t\t<-snip->\n[   14.506408] Call Trace:\n[   14.506412]  __flush_work+0xf1/0x1c0\n[   14.506414]  __cancel_work_timer+0x12f/0x1b0\n[   14.506417]  ? kernfs_put+0xf0/0x190\n[   14.506418]  cancel_delayed_work_sync+0x13/0x20\n[   14.506420]  disk_block_events+0x78/0x80\n[   14.506421]  del_gendisk+0x3d/0x2f0\n[   14.506423]  sr_remove+0x28/0x70\n[   14.506427]  device_release_driver_internal+0xef/0x1c0\n[   14.506428]  device_release_driver+0x12/0x20\n[   14.506429]  bus_remove_device+0xe1/0x150\n[   14.506431]  device_del+0x167/0x380\n[   14.506432]  __scsi_remove_device+0x11d/0x150\n[   14.506433]  scsi_remove_device+0x26/0x40\n[   14.506434]  storvsc_remove_lun+0x40/0x60\n[   14.506436]  process_one_work+0x209/0x400\n[   14.506437]  worker_thread+0x34/0x400\n[   14.506439]  kthread+0x121/0x140\n[   14.506440]  ? process_one_work+0x400/0x400\n[   14.506441]  ? kthread_park+0x90/0x90\n[   14.506443]  ret_from_fork+0x35/0x40\n[   14.506445] ---[ end trace 2d9633159fdc6ee7 ]---"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/46fcb0fc884db78a0384be92cc2a51927e6581b8",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/828f57ac75eaccd6607ee4d1468d34e983e32c68",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/b4c928ace9a123629eeb14ec5d7ee8f73e5ac668",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/b692c238ddfa61f00d97c4c1f021425d132ba96f",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/cd2a50d0a097a42b6de283377da98ff757505120",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d957e7ffb2c72410bcc1a514153a46719255a5da",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49987.json

@@ -1,45 +0,0 @@
-{
-  "id": "CVE-2022-49987",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:26.303",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: call __md_stop_writes in md_stop\n\nFrom the link [1], we can see raid1d was running even after the path\nraid_dtr -> md_stop -> __md_stop.\n\nLet's stop write first in destructor to align with normal md-raid to\nfix the KASAN issue.\n\n[1]. https://lore.kernel.org/linux-raid/CAPhsuW5gc4AakdGNdF8ubpezAuDLFOYUO_sfMZcec6hQFm8nhg@mail.gmail.com/T/#m7f12bf90481c02c6d2da68c64aeed4779b7df74a"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0dd84b319352bb8ba64752d4e45396d8b13e6018",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/1678ca35b80a94d474fdc31e2497ce5d7ed52512",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/661c01b2181d9413c799127f13143583b69f20fd",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/690b5c90fd2d81fd1d2b6110fa36783232f6dce2",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/8e7fb19f1a744fd34e982633ced756fee0498ef7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a5a58fab556bfe618b4c9719eb85712d78c6cb10",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f42a9819ba84bed2e609a4dff56af37063dcabdc",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49988.json

@@ -1,16 +0,0 @@
-{
-  "id": "CVE-2022-49988",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:26.420",
-  "lastModified": "2025-06-18T15:15:20.923",
-  "vulnStatus": "Rejected",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
-    }
-  ],
-  "metrics": {},
-  "references": []
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49989.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-49989",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:26.530",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: fix error exit of privcmd_ioctl_dm_op()\n\nThe error exit of privcmd_ioctl_dm_op() is calling unlock_pages()\npotentially with pages being NULL, leading to a NULL dereference.\n\nAdditionally lock_pages() doesn't check for pin_user_pages_fast()\nhaving been completely successful, resulting in potentially not\nlocking all pages into memory. This could result in sporadic failures\nwhen using the related memory in user mode.\n\nFix all of that by calling unlock_pages() always with the real number\nof pinned pages, which will be zero in case pages being NULL, and by\nchecking the number of pages pinned by pin_user_pages_fast() matching\nthe expected number of pages."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/45d47bd9b96e7874b98dbcc7602fe2826c5d62a6",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/6de50db104af0dc921f593fd95c55db86a52ceef",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c2b7bae7c90051fd6a679d5dee00400d67ebbf4a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c5deb27895e017a0267de0a20d140ad5fcc55a54",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49990.json

@@ -1,41 +0,0 @@
-{
-  "id": "CVE-2022-49990",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:26.637",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390: fix double free of GS and RI CBs on fork() failure\n\nThe pointers for guarded storage and runtime instrumentation control\nblocks are stored in the thread_struct of the associated task. These\npointers are initially copied on fork() via arch_dup_task_struct()\nand then cleared via copy_thread() before fork() returns. If fork()\nhappens to fail after the initial task dup and before copy_thread(),\nthe newly allocated task and associated thread_struct memory are\nfreed via free_task() -> arch_release_task_struct(). This results in\na double free of the guarded storage and runtime info structs\nbecause the fields in the failed task still refer to memory\nassociated with the source task.\n\nThis problem can manifest as a BUG_ON() in set_freepointer() (with\nCONFIG_SLAB_FREELIST_HARDENED enabled) or KASAN splat (if enabled)\nwhen running trinity syscall fuzz tests on s390x. To avoid this\nproblem, clear the associated pointer fields in\narch_dup_task_struct() immediately after the new task is copied.\nNote that the RI flag is still cleared in copy_thread() because it\nresides in thread stack memory and that is where stack info is\ncopied."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/13cccafe0edcd03bf1c841de8ab8a1c8e34f77d9",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/25a95303b9e513cd2978aacc385d06e6fec23d07",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/297ae7e87a87a001dd3dfeac1cb26a42fd929708",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/8195e065abf3df84eb0ad2987e76a40f21d1791c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/cacd522e6652fbc2dc0cc6ae11c4e30782fef14b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/fbdc482d43eda40a70de4b0155843d5472f6de62",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49991.json

@@ -1,29 +0,0 @@
-{
-  "id": "CVE-2022-49991",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:26.753",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte\n\nIn MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the page\ncache are installed in the ptes.  But hugepage_add_new_anon_rmap is called\nfor them mistakenly because they're not vm_shared.  This will corrupt the\npage->mapping used by page cache code."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/3ada1b3e58db255a14ec73a59d7913e84dc5a8a4",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/ab74ef708dc51df7cf2b8a890b9c6990fac5c0c6",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/da60ddd80d09f8371fbba1a238a4b318d13ba698",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49992.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49992",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:26.870",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mprotect: only reference swap pfn page if type match\n\nYu Zhao reported a bug after the commit \"mm/swap: Add swp_offset_pfn() to\nfetch PFN from swap entry\" added a check in swp_offset_pfn() for swap type [1]:\n\n  kernel BUG at include/linux/swapops.h:117!\n  CPU: 46 PID: 5245 Comm: EventManager_De Tainted: G S         O L 6.0.0-dbg-DEV #2\n  RIP: 0010:pfn_swap_entry_to_page+0x72/0xf0\n  Code: c6 48 8b 36 48 83 fe ff 74 53 48 01 d1 48 83 c1 08 48 8b 09 f6\n  c1 01 75 7b 66 90 48 89 c1 48 8b 09 f6 c1 01 74 74 5d c3 eb 9e <0f> 0b\n  48 ba ff ff ff ff 03 00 00 00 eb ae a9 ff 0f 00 00 75 13 48\n  RSP: 0018:ffffa59e73fabb80 EFLAGS: 00010282\n  RAX: 00000000ffffffe8 RBX: 0c00000000000000 RCX: ffffcd5440000000\n  RDX: 1ffffffffff7a80a RSI: 0000000000000000 RDI: 0c0000000000042b\n  RBP: ffffa59e73fabb80 R08: ffff9965ca6e8bb8 R09: 0000000000000000\n  R10: ffffffffa5a2f62d R11: 0000030b372e9fff R12: ffff997b79db5738\n  R13: 000000000000042b R14: 0c0000000000042b R15: 1ffffffffff7a80a\n  FS:  00007f549d1bb700(0000) GS:ffff99d3cf680000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000440d035b3180 CR3: 0000002243176004 CR4: 00000000003706e0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   <TASK>\n   change_pte_range+0x36e/0x880\n   change_p4d_range+0x2e8/0x670\n   change_protection_range+0x14e/0x2c0\n   mprotect_fixup+0x1ee/0x330\n   do_mprotect_pkey+0x34c/0x440\n   __x64_sys_mprotect+0x1d/0x30\n\nIt triggers because pfn_swap_entry_to_page() could be called upon e.g. a\ngenuine swap entry.\n\nFix it by only calling it when it's a write migration entry where the page*\nis used.\n\n[1] https://lore.kernel.org/lkml/CAOUHufaVC2Za-p8m0aiHw6YkheDcrO-C3wRGixwDS32VTS+k1w@mail.gmail.com/"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/3d2f78f08cd8388035ac375e731ec1ac1b79b09d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5fcf81e308d1f4ae95f31690d2a80b7061385ff9",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49993.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-49993",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:26.977",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: Check for overflow while configuring loop\n\nThe userspace can configure a loop using an ioctl call, wherein\na configuration of type loop_config is passed (see lo_ioctl()'s\ncase on line 1550 of drivers/block/loop.c). This proceeds to call\nloop_configure() which in turn calls loop_set_status_from_info()\n(see line 1050 of loop.c), passing &config->info which is of type\nloop_info64*. This function then sets the appropriate values, like\nthe offset.\n\nloop_device has lo_offset of type loff_t (see line 52 of loop.c),\nwhich is typdef-chained to long long, whereas loop_info64 has\nlo_offset of type __u64 (see line 56 of include/uapi/linux/loop.h).\n\nThe function directly copies offset from info to the device as\nfollows (See line 980 of loop.c):\n\tlo->lo_offset = info->lo_offset;\n\nThis results in an overflow, which triggers a warning in iomap_iter()\ndue to a call to iomap_iter_done() which has:\n\tWARN_ON_ONCE(iter->iomap.offset > iter->pos);\n\nThus, check for negative value during loop_set_status_from_info().\n\nBug report: https://syzkaller.appspot.com/bug?id=c620fe14aac810396d3c3edc9ad73848bf69a29e"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0455bef69028c65065f16bb04635591b2374249b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/18e28817cb516b39de6281f6db9b0618b2cc7b42",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/6858933131d0dadac071c4d33335a9ea4b8e76cf",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9be7fa7ead18a48940df7b59d993bbc8b9055c15",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a217715338fd48f72114725aa7a40e484a781ca7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/adf0112d9b8acb03485624220b4934f69bf13369",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/b40877b8562c5720d0a7fce20729f56b75a3dede",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c490a0b5a4f36da3918181a8acdc6991d967c5f3",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49994.json

@@ -1,29 +0,0 @@
-{
-  "id": "CVE-2022-49994",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:27.107",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbootmem: remove the vmemmap pages from kmemleak in put_page_bootmem\n\nThe vmemmap pages is marked by kmemleak when allocated from memblock. \nRemove it from kmemleak when freeing the page.  Otherwise, when we reuse\nthe page, kmemleak may report such an error and then stop working.\n\n kmemleak: Cannot insert 0xffff98fb6eab3d40 into the object search tree (overlaps existing)\n kmemleak: Kernel memory leak detector disabled\n kmemleak: Object 0xffff98fb6be00000 (size 335544320):\n kmemleak:   comm \"swapper\", pid 0, jiffies 4294892296\n kmemleak:   min_count = 0\n kmemleak:   count = 0\n kmemleak:   flags = 0x1\n kmemleak:   checksum = 0\n kmemleak:   backtrace:"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/16a12ee619e39e8112f61b603255c16b73b6264b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9ae15c4ba2be1e5a62503b6d873e84beb5fcbb5a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/dd0ff4d12dd284c334f7e9b07f8f335af856ac78",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49995.json

@@ -1,29 +0,0 @@
-{
-  "id": "CVE-2022-49995",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:27.227",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwriteback: avoid use-after-free after removing device\n\nWhen a disk is removed, bdi_unregister gets called to stop further\nwriteback and wait for associated delayed work to complete.  However,\nwb_inode_writeback_end() may schedule bandwidth estimation dwork after\nthis has completed, which can result in the timer attempting to access the\njust freed bdi_writeback.\n\nFix this by checking if the bdi_writeback is alive, similar to when\nscheduling writeback work.\n\nSince this requires wb->work_lock, and wb_inode_writeback_end() may get\ncalled from interrupt, switch wb->work_lock to an irqsafe lock."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/9a6c710f3bc10bc9cc23e1c080b53245b7f9d5b7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f87904c075515f3e1d8f4a7115869d3b914674fd",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f96b9f7c1676923bce871e728bb49c0dfa5013cc",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49996.json

@@ -1,29 +0,0 @@
-{
-  "id": "CVE-2022-49996",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:27.337",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix possible memory leak in btrfs_get_dev_args_from_path()\n\nIn btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail if\nthe path is invalid. In this case, btrfs_get_dev_args_from_path()\nreturns directly without freeing args->uuid and args->fsid allocated\nbefore, which causes memory leak.\n\nTo fix these possible leaks, when btrfs_get_bdev_and_sb() fails,\nbtrfs_put_dev_args_from_path() is called to clean up the memory."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/4b124ad87244cd7f0883c5eaa38d2326b2154cad",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5f52402c77013e4a826394b807dd5ea4dc83bd72",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9ea0106a7a3d8116860712e3f17cd52ce99f6707",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49997.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-49997",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:27.447",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lantiq_xrx200: restore buffer if memory allocation failed\n\nIn a situation where memory allocation fails, an invalid buffer address\nis stored. When this descriptor is used again, the system panics in the\nbuild_skb() function when accessing memory."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/3ef2786e32d93e562cd40601248a14ae090de873",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c9c3b1775f80fa21f5bff874027d2ccb10f5d90c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49998.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-49998",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:27.557",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix locking in rxrpc's sendmsg\n\nFix three bugs in the rxrpc's sendmsg implementation:\n\n (1) rxrpc_new_client_call() should release the socket lock when returning\n     an error from rxrpc_get_call_slot().\n\n (2) rxrpc_wait_for_tx_window_intr() will return without the call mutex\n     held in the event that we're interrupted by a signal whilst waiting\n     for tx space on the socket or relocking the call mutex afterwards.\n\n     Fix this by: (a) moving the unlock/lock of the call mutex up to\n     rxrpc_send_data() such that the lock is not held around all of\n     rxrpc_wait_for_tx_window*() and (b) indicating to higher callers\n     whether we're return with the lock dropped.  Note that this means\n     recvmsg() will not block on this call whilst we're waiting.\n\n (3) After dropping and regaining the call mutex, rxrpc_send_data() needs\n     to go and recheck the state of the tx_pending buffer and the\n     tx_total_len check in case we raced with another sendmsg() on the same\n     call.\n\nThinking on this some more, it might make sense to have different locks for\nsendmsg() and recvmsg().  There's probably no need to make recvmsg() wait\nfor sendmsg().  It does mean that recvmsg() can return MSG_EOR indicating\nthat a call is dead before a sendmsg() to that call returns - but that can\ncurrently happen anyway.\n\nWithout fix (2), something like the following can be induced:\n\n\tWARNING: bad unlock balance detected!\n\t5.16.0-rc6-syzkaller #0 Not tainted\n\t-------------------------------------\n\tsyz-executor011/3597 is trying to release lock (&call->user_mutex) at:\n\t[<ffffffff885163a3>] rxrpc_do_sendmsg+0xc13/0x1350 net/rxrpc/sendmsg.c:748\n\tbut there are no more locks to release!\n\n\tother info that might help us debug this:\n\tno locks held by syz-executor011/3597.\n\t...\n\tCall Trace:\n\t <TASK>\n\t __dump_stack lib/dump_stack.c:88 [inline]\n\t dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n\t print_unlock_imbalance_bug include/trace/events/lock.h:58 [inline]\n\t __lock_release kernel/locking/lockdep.c:5306 [inline]\n\t lock_release.cold+0x49/0x4e kernel/locking/lockdep.c:5657\n\t __mutex_unlock_slowpath+0x99/0x5e0 kernel/locking/mutex.c:900\n\t rxrpc_do_sendmsg+0xc13/0x1350 net/rxrpc/sendmsg.c:748\n\t rxrpc_sendmsg+0x420/0x630 net/rxrpc/af_rxrpc.c:561\n\t sock_sendmsg_nosec net/socket.c:704 [inline]\n\t sock_sendmsg+0xcf/0x120 net/socket.c:724\n\t ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409\n\t ___sys_sendmsg+0xf3/0x170 net/socket.c:2463\n\t __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492\n\t do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n\t do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n\t entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n[Thanks to Hawkins Jiawei and Khalid Masum for their attempts to fix this]"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/091dc91e119fdd61432347231724f4e861c6b465",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/2bc769b8edb158be7379d15f36e23d66cf850053",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/79e2ca7aa96e80961828ab6312264633b66183cc",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/b0f571ecd7943423c25947439045f0d352ca3dbf",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-499xx/CVE-2022-49999.json

@@ -1,29 +0,0 @@
-{
-  "id": "CVE-2022-49999",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:27.673",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix space cache corruption and potential double allocations\n\nWhen testing space_cache v2 on a large set of machines, we encountered a\nfew symptoms:\n\n1. \"unable to add free space :-17\" (EEXIST) errors.\n2. Missing free space info items, sometimes caught with a \"missing free\n   space info for X\" error.\n3. Double-accounted space: ranges that were allocated in the extent tree\n   and also marked as free in the free space tree, ranges that were\n   marked as allocated twice in the extent tree, or ranges that were\n   marked as free twice in the free space tree. If the latter made it\n   onto disk, the next reboot would hit the BUG_ON() in\n   add_new_free_space().\n4. On some hosts with no on-disk corruption or error messages, the\n   in-memory space cache (dumped with drgn) disagreed with the free\n   space tree.\n\nAll of these symptoms have the same underlying cause: a race between\ncaching the free space for a block group and returning free space to the\nin-memory space cache for pinned extents causes us to double-add a free\nrange to the space cache. This race exists when free space is cached\nfrom the free space tree (space_cache=v2) or the extent tree\n(nospace_cache, or space_cache=v1 if the cache needs to be regenerated).\nstruct btrfs_block_group::last_byte_to_unpin and struct\nbtrfs_block_group::progress are supposed to protect against this race,\nbut commit d0c2f4fa555e (\"btrfs: make concurrent fsyncs wait less when\nwaiting for a transaction commit\") subtly broke this by allowing\nmultiple transactions to be unpinning extents at the same time.\n\nSpecifically, the race is as follows:\n\n1. An extent is deleted from an uncached block group in transaction A.\n2. btrfs_commit_transaction() is called for transaction A.\n3. btrfs_run_delayed_refs() -> __btrfs_free_extent() runs the delayed\n   ref for the deleted extent.\n4. __btrfs_free_extent() -> do_free_extent_accounting() ->\n   add_to_free_space_tree() adds the deleted extent back to the free\n   space tree.\n5. do_free_extent_accounting() -> btrfs_update_block_group() ->\n   btrfs_cache_block_group() queues up the block group to get cached.\n   block_group->progress is set to block_group->start.\n6. btrfs_commit_transaction() for transaction A calls\n   switch_commit_roots(). It sets block_group->last_byte_to_unpin to\n   block_group->progress, which is block_group->start because the block\n   group hasn't been cached yet.\n7. The caching thread gets to our block group. Since the commit roots\n   were already switched, load_free_space_tree() sees the deleted extent\n   as free and adds it to the space cache. It finishes caching and sets\n   block_group->progress to U64_MAX.\n8. btrfs_commit_transaction() advances transaction A to\n   TRANS_STATE_SUPER_COMMITTED.\n9. fsync calls btrfs_commit_transaction() for transaction B. Since\n   transaction A is already in TRANS_STATE_SUPER_COMMITTED and the\n   commit is for fsync, it advances.\n10. btrfs_commit_transaction() for transaction B calls\n    switch_commit_roots(). This time, the block group has already been\n    cached, so it sets block_group->last_byte_to_unpin to U64_MAX.\n11. btrfs_commit_transaction() for transaction A calls\n    btrfs_finish_extent_commit(), which calls unpin_extent_range() for\n    the deleted extent. It sees last_byte_to_unpin set to U64_MAX (by\n    transaction B!), so it adds the deleted extent to the space cache\n    again!\n\nThis explains all of our symptoms above:\n\n* If the sequence of events is exactly as described above, when the free\n  space is re-added in step 11, it will fail with EEXIST.\n* If another thread reallocates the deleted extent in between steps 7\n  and 11, then step 11 will silently re-add that space to the space\n  cache as free even though it is actually allocated. Then, if that\n  space is allocated *again*, the free space tree will be corrupted\n  (namely, the wrong item will be deleted).\n* If we don't catch this free space tree corr\n---truncated---"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/92dc4c1a8e58bcc7a183a4c86b055c24cc88d967",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a2e54eb64229f07f917b05d0c323604fda9b89f7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/ced8ecf026fd8084cf175530ff85c76d6085d715",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50000.json

@@ -1,29 +0,0 @@
-{
-  "id": "CVE-2022-50000",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:27.817",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: fix stuck flows on cleanup due to pending work\n\nTo clear the flow table on flow table free, the following sequence\nnormally happens in order:\n\n  1) gc_step work is stopped to disable any further stats/del requests.\n  2) All flow table entries are set to teardown state.\n  3) Run gc_step which will queue HW del work for each flow table entry.\n  4) Waiting for the above del work to finish (flush).\n  5) Run gc_step again, deleting all entries from the flow table.\n  6) Flow table is freed.\n\nBut if a flow table entry already has pending HW stats or HW add work\nstep 3 will not queue HW del work (it will be skipped), step 4 will wait\nfor the pending add/stats to finish, and step 5 will queue HW del work\nwhich might execute after freeing of the flow table.\n\nTo fix the above, this patch flushes the pending work, then it sets the\nteardown flag to all flows in the flowtable and it forces a garbage\ncollector run to queue work to remove the flows from hardware, then it\nflushes this new pending work and (finally) it forces another garbage\ncollector run to remove the entry from the software flowtable.\n\nStack trace:\n[47773.882335] BUG: KASAN: use-after-free in down_read+0x99/0x460\n[47773.883634] Write of size 8 at addr ffff888103b45aa8 by task kworker/u20:6/543704\n[47773.885634] CPU: 3 PID: 543704 Comm: kworker/u20:6 Not tainted 5.12.0-rc7+ #2\n[47773.886745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n[47773.888438] Workqueue: nf_ft_offload_del flow_offload_work_handler [nf_flow_table]\n[47773.889727] Call Trace:\n[47773.890214]  dump_stack+0xbb/0x107\n[47773.890818]  print_address_description.constprop.0+0x18/0x140\n[47773.892990]  kasan_report.cold+0x7c/0xd8\n[47773.894459]  kasan_check_range+0x145/0x1a0\n[47773.895174]  down_read+0x99/0x460\n[47773.899706]  nf_flow_offload_tuple+0x24f/0x3c0 [nf_flow_table]\n[47773.907137]  flow_offload_work_handler+0x72d/0xbe0 [nf_flow_table]\n[47773.913372]  process_one_work+0x8ac/0x14e0\n[47773.921325]\n[47773.921325] Allocated by task 592159:\n[47773.922031]  kasan_save_stack+0x1b/0x40\n[47773.922730]  __kasan_kmalloc+0x7a/0x90\n[47773.923411]  tcf_ct_flow_table_get+0x3cb/0x1230 [act_ct]\n[47773.924363]  tcf_ct_init+0x71c/0x1156 [act_ct]\n[47773.925207]  tcf_action_init_1+0x45b/0x700\n[47773.925987]  tcf_action_init+0x453/0x6b0\n[47773.926692]  tcf_exts_validate+0x3d0/0x600\n[47773.927419]  fl_change+0x757/0x4a51 [cls_flower]\n[47773.928227]  tc_new_tfilter+0x89a/0x2070\n[47773.936652]\n[47773.936652] Freed by task 543704:\n[47773.937303]  kasan_save_stack+0x1b/0x40\n[47773.938039]  kasan_set_track+0x1c/0x30\n[47773.938731]  kasan_set_free_info+0x20/0x30\n[47773.939467]  __kasan_slab_free+0xe7/0x120\n[47773.940194]  slab_free_freelist_hook+0x86/0x190\n[47773.941038]  kfree+0xce/0x3a0\n[47773.941644]  tcf_ct_flow_table_cleanup_work\n\nOriginal patch description and stack trace by Paul Blakey."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/89e135a36a9eb81412b5459df94a80995ce62eef",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/8fbdec08dbf7d7ab8e35bdc65eb4394bc82d1e26",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9afb4b27349a499483ae0134282cefd0c90f480f",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50001.json

@@ -1,41 +0,0 @@
-{
-  "id": "CVE-2022-50001",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:27.950",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_tproxy: restrict to prerouting hook\n\nTPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.\nThis fixes a crash (null dereference) when using tproxy from e.g. output."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0b21edf4cc13516716848e0a4fdf726aa2a62cd9",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/18bbc3213383a82b05383827f4b1b882e3f0a5a5",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/343fed6b0daeb528ae5c9d4d84d9ff763ac95619",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/83ef55c4281f1b4c6bd4457c2e96ccd1c9e80200",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9a1d92cbeac3335fee99fa865b8c5b0f2e71a8f7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/eaba3f9b672c3a3f820da8ee9584b9520674eafa",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50002.json

@@ -1,25 +0,0 @@
-{
-  "id": "CVE-2022-50002",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:28.063",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY\n\nOnly set MLX5_LAG_FLAG_NDEVS_READY if both netdevices are registered.\nDoing so guarantees that both ldev->pf[MLX5_LAG_P0].dev and\nldev->pf[MLX5_LAG_P1].dev have valid pointers when\nMLX5_LAG_FLAG_NDEVS_READY is set.\n\nThe core issue is asymmetry in setting MLX5_LAG_FLAG_NDEVS_READY and\nclearing it. Setting it is done wrongly when both\nldev->pf[MLX5_LAG_P0].dev and ldev->pf[MLX5_LAG_P1].dev are set;\nclearing it is done right when either of ldev->pf[i].netdev is cleared.\n\nConsider the following scenario:\n1. PF0 loads and sets ldev->pf[MLX5_LAG_P0].dev to a valid pointer\n2. PF1 loads and sets both ldev->pf[MLX5_LAG_P1].dev and\n   ldev->pf[MLX5_LAG_P1].netdev with valid pointers. This results in\n   MLX5_LAG_FLAG_NDEVS_READY is set.\n3. PF0 is unloaded before setting dev->pf[MLX5_LAG_P0].netdev.\n   MLX5_LAG_FLAG_NDEVS_READY remains set.\n\nFurther execution of mlx5_do_bond() will result in null pointer\ndereference when calling mlx5_lag_is_multipath()\n\nThis patch fixes the following call trace actually encountered:\n\n[ 1293.475195] BUG: kernel NULL pointer dereference, address: 00000000000009a8\n[ 1293.478756] #PF: supervisor read access in kernel mode\n[ 1293.481320] #PF: error_code(0x0000) - not-present page\n[ 1293.483686] PGD 0 P4D 0\n[ 1293.484434] Oops: 0000 [#1] SMP PTI\n[ 1293.485377] CPU: 1 PID: 23690 Comm: kworker/u16:2 Not tainted 5.18.0-rc5_for_upstream_min_debug_2022_05_05_10_13 #1\n[ 1293.488039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 1293.490836] Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n[ 1293.492448] RIP: 0010:mlx5_lag_is_multipath+0x5/0x50 [mlx5_core]\n[ 1293.494044] Code: e8 70 40 ff e0 48 8b 14 24 48 83 05 5c 1a 1b 00 01 e9 19 ff ff ff 48 83 05 47 1a 1b 00 01 eb d7 0f 1f 44 00 00 0f 1f 44 00 00 <48> 8b 87 a8 09 00 00 48 85 c0 74 26 48 83 05 a7 1b 1b 00 01 41 b8\n[ 1293.498673] RSP: 0018:ffff88811b2fbe40 EFLAGS: 00010202\n[ 1293.500152] RAX: ffff88818a94e1c0 RBX: ffff888165eca6c0 RCX: 0000000000000000\n[ 1293.501841] RDX: 0000000000000001 RSI: ffff88818a94e1c0 RDI: 0000000000000000\n[ 1293.503585] RBP: 0000000000000000 R08: ffff888119886740 R09: ffff888165eca73c\n[ 1293.505286] R10: 0000000000000018 R11: 0000000000000018 R12: ffff88818a94e1c0\n[ 1293.506979] R13: ffff888112729800 R14: 0000000000000000 R15: ffff888112729858\n[ 1293.508753] FS:  0000000000000000(0000) GS:ffff88852cc40000(0000) knlGS:0000000000000000\n[ 1293.510782] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1293.512265] CR2: 00000000000009a8 CR3: 00000001032d4002 CR4: 0000000000370ea0\n[ 1293.514001] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 1293.515806] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/4c040acf5744e87a7b3490f9ec8bedd0d15c9f29",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/a6e675a66175869b7d87c0e1dd0ddf93e04f8098",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50003.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-50003",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:28.173",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: prohibit usage of non-balanced queue id\n\nFix the following scenario:\n1. ethtool -L $IFACE rx 8 tx 96\n2. xdpsock -q 10 -t -z\n\nAbove refers to a case where user would like to attach XSK socket in\ntxonly mode at a queue id that does not have a corresponding Rx queue.\nAt this moment ice's XSK logic is tightly bound to act on a \"queue pair\",\ne.g. both Tx and Rx queues at a given queue id are disabled/enabled and\nboth of them will get XSK pool assigned, which is broken for the presented\nqueue configuration. This results in the splat included at the bottom,\nwhich is basically an OOB access to Rx ring array.\n\nTo fix this, allow using the ids only in scope of \"combined\" queues\nreported by ethtool. However, logic should be rewritten to allow such\nconfigurations later on, which would end up as a complete rewrite of the\ncontrol path, so let us go with this temporary fix.\n\n[420160.558008] BUG: kernel NULL pointer dereference, address: 0000000000000082\n[420160.566359] #PF: supervisor read access in kernel mode\n[420160.572657] #PF: error_code(0x0000) - not-present page\n[420160.579002] PGD 0 P4D 0\n[420160.582756] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[420160.588396] CPU: 10 PID: 21232 Comm: xdpsock Tainted: G           OE     5.19.0-rc7+ #10\n[420160.597893] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[420160.609894] RIP: 0010:ice_xsk_pool_setup+0x44/0x7d0 [ice]\n[420160.616968] Code: f3 48 83 ec 40 48 8b 4f 20 48 8b 3f 65 48 8b 04 25 28 00 00 00 48 89 44 24 38 31 c0 48 8d 04 ed 00 00 00 00 48 01 c1 48 8b 11 <0f> b7 92 82 00 00 00 48 85 d2 0f 84 2d 75 00 00 48 8d 72 ff 48 85\n[420160.639421] RSP: 0018:ffffc9002d2afd48 EFLAGS: 00010282\n[420160.646650] RAX: 0000000000000050 RBX: ffff88811d8bdd00 RCX: ffff888112c14ff8\n[420160.655893] RDX: 0000000000000000 RSI: ffff88811d8bdd00 RDI: ffff888109861000\n[420160.665166] RBP: 000000000000000a R08: 000000000000000a R09: 0000000000000000\n[420160.674493] R10: 000000000000889f R11: 0000000000000000 R12: 000000000000000a\n[420160.683833] R13: 000000000000000a R14: 0000000000000000 R15: ffff888117611828\n[420160.693211] FS:  00007fa869fc1f80(0000) GS:ffff8897e0880000(0000) knlGS:0000000000000000\n[420160.703645] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[420160.711783] CR2: 0000000000000082 CR3: 00000001d076c001 CR4: 00000000007706e0\n[420160.721399] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[420160.731045] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[420160.740707] PKRU: 55555554\n[420160.745960] Call Trace:\n[420160.750962]  <TASK>\n[420160.755597]  ? kmalloc_large_node+0x79/0x90\n[420160.762703]  ? __kmalloc_node+0x3f5/0x4b0\n[420160.769341]  xp_assign_dev+0xfd/0x210\n[420160.775661]  ? shmem_file_read_iter+0x29a/0x420\n[420160.782896]  xsk_bind+0x152/0x490\n[420160.788943]  __sys_bind+0xd0/0x100\n[420160.795097]  ? exit_to_user_mode_prepare+0x20/0x120\n[420160.802801]  __x64_sys_bind+0x16/0x20\n[420160.809298]  do_syscall_64+0x38/0x90\n[420160.815741]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[420160.823731] RIP: 0033:0x7fa86a0dd2fb\n[420160.830264] Code: c3 66 0f 1f 44 00 00 48 8b 15 69 8b 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bc 0f 1f 44 00 00 f3 0f 1e fa b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 3d 8b 0c 00 f7 d8 64 89 01 48\n[420160.855410] RSP: 002b:00007ffc1146f618 EFLAGS: 00000246 ORIG_RAX: 0000000000000031\n[420160.866366] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa86a0dd2fb\n[420160.876957] RDX: 0000000000000010 RSI: 00007ffc1146f680 RDI: 0000000000000003\n[420160.887604] RBP: 000055d7113a0520 R08: 00007fa868fb8000 R09: 0000000080000000\n[420160.898293] R10: 0000000000008001 R11: 0000000000000246 R12: 000055d7113a04e0\n[420160.909038] R13: 000055d7113a0320 R14: 000000000000000a R15: 0000000000000000\n[420160.919817]  </TASK>\n[420160.925659] Modules linked in: ice(OE) af_packet binfmt_misc\n---truncated---"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/03a3f29fe5b1751ad9b5c892c894183e75a6e4c4",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/1bfdcde723d8ceb2d73291b0415767e7c1cc1d8a",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5a42f112d367bb4700a8a41f5c12724fde6bfbb9",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/fe76b3e674665ea4059337f8f66d20cdfb0168eb",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50004.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-50004",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:28.287",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: policy: fix metadata dst->dev xmit null pointer dereference\n\nWhen we try to transmit an skb with metadata_dst attached (i.e. dst->dev\n== NULL) through xfrm interface we can hit a null pointer dereference[1]\nin xfrmi_xmit2() -> xfrm_lookup_with_ifid() due to the check for a\nloopback skb device when there's no policy which dereferences dst->dev\nunconditionally. Not having dst->dev can be interepreted as it not being\na loopback device, so just add a check for a null dst_orig->dev.\n\nWith this fix xfrm interface's Tx error counters go up as usual.\n\n[1] net-next calltrace captured via netconsole:\n  BUG: kernel NULL pointer dereference, address: 00000000000000c0\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] PREEMPT SMP\n  CPU: 1 PID: 7231 Comm: ping Kdump: loaded Not tainted 5.19.0+ #24\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-1.fc36 04/01/2014\n  RIP: 0010:xfrm_lookup_with_ifid+0x5eb/0xa60\n  Code: 8d 74 24 38 e8 26 a4 37 00 48 89 c1 e9 12 fc ff ff 49 63 ed 41 83 fd be 0f 85 be 01 00 00 41 be ff ff ff ff 45 31 ed 48 8b 03 <f6> 80 c0 00 00 00 08 75 0f 41 80 bc 24 19 0d 00 00 01 0f 84 1e 02\n  RSP: 0018:ffffb0db82c679f0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: ffffd0db7fcad430 RCX: ffffb0db82c67a10\n  RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb0db82c67a80\n  RBP: ffffb0db82c67a80 R08: ffffb0db82c67a14 R09: 0000000000000000\n  R10: 0000000000000000 R11: ffff8fa449667dc8 R12: ffffffff966db880\n  R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000000\n  FS:  00007ff35c83f000(0000) GS:ffff8fa478480000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00000000000000c0 CR3: 000000001ebb7000 CR4: 0000000000350ee0\n  Call Trace:\n   <TASK>\n   xfrmi_xmit+0xde/0x460\n   ? tcf_bpf_act+0x13d/0x2a0\n   dev_hard_start_xmit+0x72/0x1e0\n   __dev_queue_xmit+0x251/0xd30\n   ip_finish_output2+0x140/0x550\n   ip_push_pending_frames+0x56/0x80\n   raw_sendmsg+0x663/0x10a0\n   ? try_charge_memcg+0x3fd/0x7a0\n   ? __mod_memcg_lruvec_state+0x93/0x110\n   ? sock_sendmsg+0x30/0x40\n   sock_sendmsg+0x30/0x40\n   __sys_sendto+0xeb/0x130\n   ? handle_mm_fault+0xae/0x280\n   ? do_user_addr_fault+0x1e7/0x680\n   ? kvm_read_and_reset_apf_flags+0x3b/0x50\n   __x64_sys_sendto+0x20/0x30\n   do_syscall_64+0x34/0x80\n   entry_SYSCALL_64_after_hwframe+0x46/0xb0\n  RIP: 0033:0x7ff35cac1366\n  Code: eb 0b 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89\n  RSP: 002b:00007fff738e4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\n  RAX: ffffffffffffffda RBX: 00007fff738e57b0 RCX: 00007ff35cac1366\n  RDX: 0000000000000040 RSI: 0000557164e4b450 RDI: 0000000000000003\n  RBP: 0000557164e4b450 R08: 00007fff738e7a2c R09: 0000000000000010\n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000040\n  R13: 00007fff738e5770 R14: 00007fff738e4030 R15: 0000001d00000001\n   </TASK>\n  Modules linked in: netconsole veth br_netfilter bridge bonding virtio_net [last unloaded: netconsole]\n  CR2: 00000000000000c0"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/17ecd4a4db4783392edd4944f5e8268205083f70",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/2761612bcde9776dd93ce60ce55ef0b7c7329153",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/96f2758a6d028d1ac08616de9c3c7ff2a122ecf1",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e26d676c1f9f335510780b566a10475c47ce03d0",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50005.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-50005",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:28.397",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout\n\nWhen the pn532 uart device is detaching, the pn532_uart_remove()\nis called. But there are no functions in pn532_uart_remove() that\ncould delete the cmd_timeout timer, which will cause use-after-free\nbugs. The process is shown below:\n\n    (thread 1)                  |        (thread 2)\n                                |  pn532_uart_send_frame\npn532_uart_remove               |    mod_timer(&pn532->cmd_timeout,...)\n  ...                           |    (wait a time)\n  kfree(pn532) //FREE           |    pn532_cmd_timeout\n                                |      pn532_uart_send_frame\n                                |        pn532->... //USE\n\nThis patch adds del_timer_sync() in pn532_uart_remove() in order to\nprevent the use-after-free bugs. What's more, the pn53x_unregister_nfc()\nis well synchronized, it sets nfc_dev->shutting_down to true and there\nare no syscalls could restart the cmd_timeout timer."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/2c71f5d55a86fd5969428abf525c1ae6b1c7b0f5",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/50403ee6daddf0d7a14e9d3b51a377c39a08ec8c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9c34c33893db7a80d0e4b55c23d3b65e29609cfb",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f1e941dbf80a9b8bab0bffbc4cbe41cc7f4c6fb6",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50006.json

@@ -1,33 +0,0 @@
-{
-  "id": "CVE-2022-50006",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:28.503",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2 fix problems with __nfs42_ssc_open\n\nA destination server while doing a COPY shouldn't accept using the\npassed in filehandle if its not a regular filehandle.\n\nIf alloc_file_pseudo() has failed, we need to decrement a reference\non the newly created inode, otherwise it leaks."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/5626f95356111602ad26fc05445a4d1f818a0992",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5e49ea099850feadcbf33c74b4f514a3e8049b91",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c2a47f6903e270c308c40ad4a23c17b30a54373c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/fcfc8be1e9cf2f12b50dce8b579b3ae54443a014",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50007.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-50007",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:28.617",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix refcount leak in __xfrm_policy_check()\n\nThe issue happens on an error path in __xfrm_policy_check(). When the\nfetching process of the object `pols[1]` fails, the function simply\nreturns 0, forgetting to decrement the reference count of `pols[0]`,\nwhich is incremented earlier by either xfrm_sk_policy_lookup() or\nxfrm_policy_lookup(). This may result in memory leaks.\n\nFix it by decreasing the reference count of `pols[0]` in that path."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0769491a8acd3e85ca4c3f65080eac2c824262df",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/1305d7d4f35ca6f214a2d23b075aa6a924cff3be",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/18e6b6e2555c93f5ca09f2b85ef1fa025c8accea",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/26ad2398fe4984f4f6f930bcb3bc9047fa77265b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/63da7a2bbf3f28094920e0b8a17d2571a9bd842d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/8f94b933103ee1bda119543369cc18a1be5536db",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9c9cb23e00ddf45679b21b4dacc11d1ae7961ebe",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d66c052879791313f90c0584420f196a038fb8b8",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50008.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-50008",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:28.737",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: don't call disarm_kprobe() for disabled kprobes\n\nThe assumption in __disable_kprobe() is wrong, and it could try to disarm\nan already disarmed kprobe and fire the WARN_ONCE() below. [0]  We can\neasily reproduce this issue.\n\n1. Write 0 to /sys/kernel/debug/kprobes/enabled.\n\n  # echo 0 > /sys/kernel/debug/kprobes/enabled\n\n2. Run execsnoop.  At this time, one kprobe is disabled.\n\n  # /usr/share/bcc/tools/execsnoop &\n  [1] 2460\n  PCOMM            PID    PPID   RET ARGS\n\n  # cat /sys/kernel/debug/kprobes/list\n  ffffffff91345650  r  __x64_sys_execve+0x0    [FTRACE]\n  ffffffff91345650  k  __x64_sys_execve+0x0    [DISABLED][FTRACE]\n\n3. Write 1 to /sys/kernel/debug/kprobes/enabled, which changes\n   kprobes_all_disarmed to false but does not arm the disabled kprobe.\n\n  # echo 1 > /sys/kernel/debug/kprobes/enabled\n\n  # cat /sys/kernel/debug/kprobes/list\n  ffffffff91345650  r  __x64_sys_execve+0x0    [FTRACE]\n  ffffffff91345650  k  __x64_sys_execve+0x0    [DISABLED][FTRACE]\n\n4. Kill execsnoop, when __disable_kprobe() calls disarm_kprobe() for the\n   disabled kprobe and hits the WARN_ONCE() in __disarm_kprobe_ftrace().\n\n  # fg\n  /usr/share/bcc/tools/execsnoop\n  ^C\n\nActually, WARN_ONCE() is fired twice, and __unregister_kprobe_top() misses\nsome cleanups and leaves the aggregated kprobe in the hash table.  Then,\n__unregister_trace_kprobe() initialises tk->rp.kp.list and creates an\ninfinite loop like this.\n\n  aggregated kprobe.list -> kprobe.list -.\n                                     ^    |\n                                     '.__.'\n\nIn this situation, these commands fall into the infinite loop and result\nin RCU stall or soft lockup.\n\n  cat /sys/kernel/debug/kprobes/list : show_kprobe_addr() enters into the\n                                       infinite loop with RCU.\n\n  /usr/share/bcc/tools/execsnoop : warn_kprobe_rereg() holds kprobe_mutex,\n                                   and __get_valid_kprobe() is stuck in\n\t\t\t\t   the loop.\n\nTo avoid the issue, make sure we don't call disarm_kprobe() for disabled\nkprobes.\n\n[0]\nFailed to disarm kprobe-ftrace at __x64_sys_execve+0x0/0x40 (error -2)\nWARNING: CPU: 6 PID: 2460 at kernel/kprobes.c:1130 __disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129)\nModules linked in: ena\nCPU: 6 PID: 2460 Comm: execsnoop Not tainted 5.19.0+ #28\nHardware name: Amazon EC2 c5.2xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:__disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129)\nCode: 24 8b 02 eb c1 80 3d c4 83 f2 01 00 75 d4 48 8b 75 00 89 c2 48 c7 c7 90 fa 0f 92 89 04 24 c6 05 ab 83 01 e8 e4 94 f0 ff <0f> 0b 8b 04 24 eb b1 89 c6 48 c7 c7 60 fa 0f 92 89 04 24 e8 cc 94\nRSP: 0018:ffff9e6ec154bd98 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff930f7b00 RCX: 0000000000000001\nRDX: 0000000080000001 RSI: ffffffff921461c5 RDI: 00000000ffffffff\nRBP: ffff89c504286da8 R08: 0000000000000000 R09: c0000000fffeffff\nR10: 0000000000000000 R11: ffff9e6ec154bc28 R12: ffff89c502394e40\nR13: ffff89c502394c00 R14: ffff9e6ec154bc00 R15: 0000000000000000\nFS:  00007fe800398740(0000) GS:ffff89c812d80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000c00057f010 CR3: 0000000103b54006 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n<TASK>\n __disable_kprobe (kernel/kprobes.c:1716)\n disable_kprobe (kernel/kprobes.c:2392)\n __disable_trace_kprobe (kernel/trace/trace_kprobe.c:340)\n disable_trace_kprobe (kernel/trace/trace_kprobe.c:429)\n perf_trace_event_unreg.isra.2 (./include/linux/tracepoint.h:93 kernel/trace/trace_event_perf.c:168)\n perf_kprobe_destroy (kernel/trace/trace_event_perf.c:295)\n _free_event (kernel/events/core.c:4971)\n perf_event_release_kernel (kernel/events/core.c:5176)\n perf_release (kernel/events/core.c:5186)\n __fput (fs/file_table.c:321)\n task_work_run (./include/linux/\n---truncated---"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/19cd630712e7c13a3dedfc6986a9b983fed6fd98",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/55c7a91527343d2e0b5647cc308c6e04ddd2aa52",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/6f3c1bc22fc2165461883f506b4d2c3594bd7137",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/744b0d3080709a172f0408aedabd1cedd24c2ee6",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/9c80e79906b4ca440d09e7f116609262bb747909",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/b474ff1b20951f1eac75d100a93861e6da2b522b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/bc3188d8a3b8c08c306a4c851ddb2c92ba4599ca",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/fc91d2db55acdaf0c0075b624e572d3520ca3bc3",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50009.json

@@ -1,29 +0,0 @@
-{
-  "id": "CVE-2022-50009",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:28.857",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null-ptr-deref in f2fs_get_dnode_of_data\n\nThere is issue as follows when test f2fs atomic write:\nF2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock\nF2FS-fs (loop0): invalid crc_offset: 0\nF2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.\nF2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.\n==================================================================\nBUG: KASAN: null-ptr-deref in f2fs_get_dnode_of_data+0xac/0x16d0\nRead of size 8 at addr 0000000000000028 by task rep/1990\n\nCPU: 4 PID: 1990 Comm: rep Not tainted 5.19.0-rc6-next-20220715 #266\nCall Trace:\n <TASK>\n dump_stack_lvl+0x6e/0x91\n print_report.cold+0x49a/0x6bb\n kasan_report+0xa8/0x130\n f2fs_get_dnode_of_data+0xac/0x16d0\n f2fs_do_write_data_page+0x2a5/0x1030\n move_data_page+0x3c5/0xdf0\n do_garbage_collect+0x2015/0x36c0\n f2fs_gc+0x554/0x1d30\n f2fs_balance_fs+0x7f5/0xda0\n f2fs_write_single_data_page+0xb66/0xdc0\n f2fs_write_cache_pages+0x716/0x1420\n f2fs_write_data_pages+0x84f/0x9a0\n do_writepages+0x130/0x3a0\n filemap_fdatawrite_wbc+0x87/0xa0\n file_write_and_wait_range+0x157/0x1c0\n f2fs_do_sync_file+0x206/0x12d0\n f2fs_sync_file+0x99/0xc0\n vfs_fsync_range+0x75/0x140\n f2fs_file_write_iter+0xd7b/0x1850\n vfs_write+0x645/0x780\n ksys_write+0xf1/0x1e0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAs 3db1de0e582c commit changed atomic write way which new a cow_inode for\natomic write file, and also mark cow_inode as FI_ATOMIC_FILE.\nWhen f2fs_do_write_data_page write cow_inode will use cow_inode's cow_inode\nwhich is NULL. Then will trigger null-ptr-deref.\nTo solve above issue, introduce FI_COW_FILE flag for COW inode.\n\nFiexes: 3db1de0e582c(\"f2fs: change the current atomic write way\")"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0f63e33eca6fa29a11c76fa31db5fe1cada5ad6e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/4a2c5b7994960fac29cf8a3f4e62855bae1b27d4",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/7000ad53ec1b17bd2fac76984b7b0c663755cbb7",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50010.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-50010",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:28.970",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: i740fb: Check the argument of i740_calc_vclk()\n\nSince the user can control the arguments of the ioctl() from the user\nspace, under special arguments that may result in a divide-by-zero bug.\n\nIf the user provides an improper 'pixclock' value that makes the argumet\nof i740_calc_vclk() less than 'I740_RFREQ_FIX', it will cause a\ndivide-by-zero bug in:\n    drivers/video/fbdev/i740fb.c:353 p_best = min(15, ilog2(I740_MAX_VCO_FREQ / (freq / I740_RFREQ_FIX)));\n\nThe following log can reveal it:\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN PTI\nRIP: 0010:i740_calc_vclk drivers/video/fbdev/i740fb.c:353 [inline]\nRIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:646 [inline]\nRIP: 0010:i740fb_set_par+0x163f/0x3b70 drivers/video/fbdev/i740fb.c:742\nCall Trace:\n fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189\n\nFix this by checking the argument of i740_calc_vclk() first."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/2b7f559152a33c55f51b569b22efbe5e24886798",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/40bf722f8064f50200b8c4f8946cd625b441dda9",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/4b20c61365140d432dee7da7aa294215e7b900d9",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/59cefb583c984c0da8cf21a4c57d26d5a20dff5c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/656689cb03ada4650016c153346939a1c334b1ae",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/d2d375eb68b4b8de6ea7460483a26fa9de56b443",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e740e787f06671455b59d1e498c9945f7b4e7b3b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/f350812e2d15278f1d867eeb997407782234fb3c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50011.json

@@ -1,29 +0,0 @@
-{
-  "id": "CVE-2022-50011",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:29.093",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvenus: pm_helpers: Fix warning in OPP during probe\n\nFix the following WARN triggered during Venus driver probe on\n5.19.0-rc8-next-20220728:\n\n WARNING: CPU: 7 PID: 339 at drivers/opp/core.c:2471 dev_pm_opp_set_config+0x49c/0x610\n Modules linked in: qcom_spmi_adc5 rtc_pm8xxx qcom_spmi_adc_tm5 leds_qcom_lpg led_class_multicolor\n  qcom_pon qcom_vadc_common venus_core(+) qcom_spmi_temp_alarm v4l2_mem2mem videobuf2_v4l2 msm(+)\n  videobuf2_common crct10dif_ce spi_geni_qcom snd_soc_sm8250 i2c_qcom_geni gpu_sched\n  snd_soc_qcom_common videodev qcom_q6v5_pas soundwire_qcom drm_dp_aux_bus qcom_stats\n  drm_display_helper qcom_pil_info soundwire_bus snd_soc_lpass_va_macro mc qcom_q6v5\n  phy_qcom_snps_femto_v2 qcom_rng snd_soc_lpass_macro_common snd_soc_lpass_wsa_macro\n  lpass_gfm_sm8250 slimbus qcom_sysmon qcom_common qcom_glink_smem qmi_helpers\n  qcom_wdt mdt_loader socinfo icc_osm_l3 display_connector\n  drm_kms_helper qnoc_sm8250 drm fuse ip_tables x_tables ipv6\n CPU: 7 PID: 339 Comm: systemd-udevd Not tainted 5.19.0-rc8-next-20220728 #4\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : dev_pm_opp_set_config+0x49c/0x610\n lr : dev_pm_opp_set_config+0x58/0x610\n sp : ffff8000093c3710\n x29: ffff8000093c3710 x28: ffffbca3959d82b8 x27: ffff8000093c3d00\n x26: ffffbca3959d8e08 x25: ffff4396cac98118 x24: ffff4396c0e24810\n x23: ffff4396c4272c40 x22: ffff4396c0e24810 x21: ffff8000093c3810\n x20: ffff4396cac36800 x19: ffff4396cac96800 x18: 0000000000000000\n x17: 0000000000000003 x16: ffffbca3f4edf198 x15: 0000001cba64a858\n x14: 0000000000000180 x13: 000000000000017e x12: 0000000000000000\n x11: 0000000000000002 x10: 0000000000000a60 x9 : ffff8000093c35c0\n x8 : ffff4396c4273700 x7 : ffff43983efca6c0 x6 : ffff43983efca640\n x5 : 00000000410fd0d0 x4 : ffff4396c4272c40 x3 : ffffbca3f5d1e008\n x2 : 0000000000000000 x1 : ffff4396c2421600 x0 : ffff4396cac96860\n Call trace:\n  dev_pm_opp_set_config+0x49c/0x610\n  devm_pm_opp_set_config+0x18/0x70\n  vcodec_domains_get+0xb8/0x1638 [venus_core]\n  core_get_v4+0x1d8/0x218 [venus_core]\n  venus_probe+0xf4/0x468 [venus_core]\n  platform_probe+0x68/0xd8\n  really_probe+0xbc/0x2a8\n  __driver_probe_device+0x78/0xe0\n  driver_probe_device+0x3c/0xf0\n  __driver_attach+0x70/0x120\n  bus_for_each_dev+0x70/0xc0\n  driver_attach+0x24/0x30\n  bus_add_driver+0x150/0x200\n  driver_register+0x64/0x120\n  __platform_driver_register+0x28/0x38\n  qcom_venus_driver_init+0x24/0x1000 [venus_core]\n  do_one_initcall+0x54/0x1c8\n  do_init_module+0x44/0x1d0\n  load_module+0x16c8/0x1aa0\n  __do_sys_finit_module+0xbc/0x110\n  __arm64_sys_finit_module+0x20/0x30\n  invoke_syscall+0x44/0x108\n  el0_svc_common.constprop.0+0xcc/0xf0\n  do_el0_svc+0x2c/0xb8\n  el0_svc+0x2c/0x88\n  el0t_64_sync_handler+0xb8/0xc0\n  el0t_64_sync+0x18c/0x190\n  qcom-venus: probe of aa00000.video-codec failed with error -16\n\nThe fix is re-ordering the code related to OPP core. The OPP core\nexpects all configuration options to be provided before the OPP\ntable is added."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/0bdec5eed69c73886af4cfbb94b663e1e10b8344",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/1d95af02f23031c2e1cca7607c514b86ce85bc6e",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/8d4eccd78461c3e3555bff67148432bb6c21d059",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50012.json

@@ -1,49 +0,0 @@
-{
-  "id": "CVE-2022-50012",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:29.213",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64: Init jump labels before parse_early_param()\n\nOn 64-bit, calling jump_label_init() in setup_feature_keys() is too\nlate because static keys may be used in subroutines of\nparse_early_param() which is again subroutine of early_init_devtree().\n\nFor example booting with \"threadirqs\":\n\n  static_key_enable_cpuslocked(): static key '0xc000000002953260' used before call to jump_label_init()\n  WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xfc/0x120\n  ...\n  NIP static_key_enable_cpuslocked+0xfc/0x120\n  LR  static_key_enable_cpuslocked+0xf8/0x120\n  Call Trace:\n    static_key_enable_cpuslocked+0xf8/0x120 (unreliable)\n    static_key_enable+0x30/0x50\n    setup_forced_irqthreads+0x28/0x40\n    do_early_param+0xa0/0x108\n    parse_args+0x290/0x4e0\n    parse_early_options+0x48/0x5c\n    parse_early_param+0x58/0x84\n    early_init_devtree+0xd4/0x518\n    early_setup+0xb4/0x214\n\nSo call jump_label_init() just before parse_early_param() in\nearly_init_devtree().\n\n[mpe: Add call trace to change log and minor wording edits.]"
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/4bb1188e2b1ed98fa2b618cc0628ccba63c6c80f",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5e14b04c8459afbeea1eeb74e81af86d7b196a4d",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/8992141cb88f1d99fd11580f4423634700a99240",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/8f9357313cdcadb0a311b44c29d4eaccc7fa632f",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/c4ced9fd10073adc854919976b88ad6004271119",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/ca829e05d3d4f728810cc5e4b468d9ebc7745eb3",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/dac28dff90849af4200b8269fcdc84cdc12fa46c",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/e3c9e9452a8ea12d335b1e59b2c72e1b99c699b8",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}

CVE-2022/CVE-2022-500xx/CVE-2022-50013.json

@@ -1,41 +0,0 @@
-{
-  "id": "CVE-2022-50013",
-  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
-  "published": "2025-06-18T11:15:29.340",
-  "lastModified": "2025-06-18T13:46:52.973",
-  "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
-  "descriptions": [
-    {
-      "lang": "en",
-      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()\n\nAs Dipanjan Das <mail.dipanjan.das@gmail.com> reported, syzkaller\nfound a f2fs bug as below:\n\nRIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295\nCall Trace:\n write_all_xattrs fs/f2fs/xattr.c:487 [inline]\n __f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743\n f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790\n f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86\n __vfs_setxattr+0x115/0x180 fs/xattr.c:182\n __vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216\n __vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277\n vfs_setxattr+0x13f/0x330 fs/xattr.c:303\n setxattr+0x146/0x160 fs/xattr.c:611\n path_setxattr+0x1a7/0x1d0 fs/xattr.c:630\n __do_sys_lsetxattr fs/xattr.c:653 [inline]\n __se_sys_lsetxattr fs/xattr.c:649 [inline]\n __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nNAT entry and nat bitmap can be inconsistent, e.g. one nid is free\nin nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it\nmay trigger BUG_ON() in f2fs_new_node_page(), fix it."
-    }
-  ],
-  "metrics": {},
-  "references": [
-    {
-      "url": "https://git.kernel.org/stable/c/141170b759e03958f296033bb7001be62d1d363b",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/29e734ec33ae4bd7de4018fb0fb0eec808c36b92",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/43ce0a0bda2c54dad91d5a1943554eed9e050f55",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/5a01e45b925a0bc9718eccd33e5920f1a4e44caf",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/800ba8979111184d5194f4233cc83afe683efc54",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    },
-    {
-      "url": "https://git.kernel.org/stable/c/fbfad62b29e9f8f1c1026a806c9e064ec2a7c342",
-      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
-    }
-  ]
-}