Vulnerabilities > Linux > Linux Kernel > 3.10.2

DATE CVE VULNERABILITY TITLE RISK
2025-02-26 CVE-2022-49546 Memory Leak vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xffffc900002a9000 (size 4096): comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s) hex dump (first 32 bytes): 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............ 04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..>............. backtrace: [<0000000016a8ef9f>] __vmalloc_node_range+0x101/0x170 [<000000002b66b6c0>] __vmalloc_node+0xb4/0x160 [<00000000ad40107d>] crash_prepare_elf64_headers+0x8e/0xcd0 [<0000000019afff23>] crash_load_segments+0x260/0x470 [<0000000019ebe95c>] bzImage64_load+0x814/0xad0 [<0000000093e16b05>] arch_kexec_kernel_image_load+0x1be/0x2a0 [<000000009ef2fc88>] kimage_file_alloc_init+0x2ec/0x5a0 [<0000000038f5a97a>] __do_sys_kexec_file_load+0x28d/0x530 [<0000000087c19992>] do_syscall_64+0x3b/0x90 [<0000000066e063a4>] entry_SYSCALL_64_after_hwframe+0x44/0xae In crash_prepare_elf64_headers(), a buffer is allocated via vmalloc() to store elf headers.
local
low complexity
linux CWE-401
5.5
2025-02-26 CVE-2022-49563 Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key.
local
low complexity
linux CWE-191
5.5
2025-02-26 CVE-2022-49564 Integer Underflow (Wrap or Wraparound) vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key.
local
low complexity
linux CWE-191
5.5
2025-02-26 CVE-2022-49567 Use of Uninitialized Resource vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix uninit-value in mpol_rebind_policy() mpol_set_nodemask()(mm/mempolicy.c) does not set up nodemask when pol->mode is MPOL_LOCAL.
local
low complexity
linux CWE-908
5.5
2025-02-26 CVE-2022-49568 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops->destroy A KVM device cleanup happens in either of two callbacks: 1) destroy() which is called when the VM is being destroyed; 2) release() which is called when a device fd is closed. Most KVM devices use 1) but Book3s's interrupt controller KVM devices (XICS, XIVE, XIVE-native) use 2) as they need to close and reopen during the machine execution.
local
low complexity
linux CWE-476
5.5
2025-02-26 CVE-2022-49572 Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. While reading sysctl_tcp_slow_start_after_idle, it can be changed concurrently.
local
high complexity
linux CWE-362
4.7
2025-02-26 CVE-2022-49573 Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_early_retrans. While reading sysctl_tcp_early_retrans, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
local
high complexity
linux CWE-362
4.7
2025-02-26 CVE-2022-49575 Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. While reading sysctl_tcp_thin_linear_timeouts, it can be changed concurrently.
local
high complexity
linux CWE-362
4.7
2025-02-26 CVE-2022-49586 Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_fastopen. While reading sysctl_tcp_fastopen, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
local
high complexity
linux CWE-362
4.7
2025-02-26 CVE-2022-49597 Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_base_mss. While reading sysctl_tcp_base_mss, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
local
high complexity
linux CWE-362
4.7