{"vulnerability": "CVE-2022-4992", "sightings": [{"uuid": "5e029a79-9119-4597-bf8c-2da6d43d3bb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49929", "type": "seen", "source": "https://t.me/cvedetector/24240", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-49929 - \"RDMA rxe Memory Reference Count Leak Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2022-49929 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nRDMA/rxe: Fix mr leak in RESPST_ERR_RNR  \n  \nrxe_recheck_mr() will increase mr's ref_cnt, so we should call rxe_put(mr)  \nto drop mr's ref_cnt in RESPST_ERR_RNR to avoid below warning:  \n  \n  WARNING: CPU: 0 PID: 4156 at drivers/infiniband/sw/rxe/rxe_pool.c:259 __rxe_cleanup+0x1df/0x240 [rdma_rxe]  \n...  \n  Call Trace:  \n   rxe_dereg_mr+0x4c/0x60 [rdma_rxe]  \n   ib_dereg_mr_user+0xa8/0x200 [ib_core]  \n   ib_mr_pool_destroy+0x77/0xb0 [ib_core]  \n   nvme_rdma_destroy_queue_ib+0x89/0x240 [nvme_rdma]  \n   nvme_rdma_free_queue+0x40/0x50 [nvme_rdma]  \n   nvme_rdma_teardown_io_queues.part.0+0xc3/0x120 [nvme_rdma]  \n   nvme_rdma_error_recovery_work+0x4d/0xf0 [nvme_rdma]  \n   process_one_work+0x582/0xa40  \n   ? pwq_dec_nr_in_flight+0x100/0x100  \n   ? rwlock_bug.part.0+0x60/0x60  \n   worker_thread+0x2a9/0x700  \n   ? process_one_work+0xa40/0xa40  \n   kthread+0x168/0x1a0  \n   ? kthread_complete_and_exit+0x20/0x20  \n   ret_from_fork+0x22/0x30 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:29.000000Z"}, {"uuid": "7bd564df-88b1-4420-b6cd-c07e2e24f8d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49927", "type": "seen", "source": "https://t.me/cvedetector/24243", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-49927 - Linux NFS kmemleak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-49927 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnfs4: Fix kmemleak when allocate slot failed  \n  \nIf one of the slot allocate failed, should cleanup all the other  \nallocated slots, otherwise, the allocated slots will leak:  \n  \n  unreferenced object 0xffff8881115aa100 (size 64):  \n    comm \"\"mount.nfs\"\", pid 679, jiffies 4294744957 (age 115.037s)  \n    hex dump (first 32 bytes):  \n      00 cc 19 73 81 88 ff ff 00 a0 5a 11 81 88 ff ff  ...s......Z.....  \n      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................  \n    backtrace:  \n      [<000000007a4c434a] nfs4_find_or_create_slot+0x8e/0x130  \n      [<000000005472a39c] nfs4_realloc_slot_table+0x23f/0x270  \n      [<00000000cd8ca0eb] nfs40_init_client+0x4a/0x90  \n      [<00000000128486db] nfs4_init_client+0xce/0x270  \n      [<000000008d2cacad] nfs4_set_client+0x1a2/0x2b0  \n      [<000000000e593b52] nfs4_create_server+0x300/0x5f0  \n      [<00000000e4425dd2] nfs4_try_get_tree+0x65/0x110  \n      [<00000000d3a6176f] vfs_get_tree+0x41/0xf0  \n      [<0000000016b5ad4c] path_mount+0x9b3/0xdd0  \n      [<00000000494cae71] __x64_sys_mount+0x190/0x1d0  \n      [<000000005d56bdec] do_syscall_64+0x35/0x80  \n      [<00000000687c9ae4] entry_SYSCALL_64_after_hwframe+0x46/0xb0 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:34.000000Z"}, {"uuid": "76247181-b718-4664-b530-067de86c2f70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49924", "type": "seen", "source": "https://t.me/cvedetector/24242", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-49924 - Linux Kernel NFC FDP Memory Leak\", \n  \"Content\": \"CVE ID : CVE-2022-49924 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnfc: fdp: Fix potential memory leak in fdp_nci_send()  \n  \nfdp_nci_send() will call fdp_nci_i2c_write that will not free skb in  \nthe function. As a result, when fdp_nci_i2c_write() finished, the skb  \nwill memleak. fdp_nci_send() should free skb after fdp_nci_i2c_write()  \nfinished. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:33.000000Z"}, {"uuid": "86270c70-0f9e-4977-8d2b-36a110e84a18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49928", "type": "seen", "source": "https://t.me/cvedetector/24239", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-49928 - Linux Kernel SUNRPC Null Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-49928 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nSUNRPC: Fix null-ptr-deref when xps sysfs alloc failed  \n  \nThere is a null-ptr-deref when xps sysfs alloc failed:  \n  BUG: KASAN: null-ptr-deref in sysfs_do_create_link_sd+0x40/0xd0  \n  Read of size 8 at addr 0000000000000030 by task gssproxy/457  \n  \n  CPU: 5 PID: 457 Comm: gssproxy Not tainted 6.0.0-09040-g02357b27ee03 #9  \n  Call Trace:  \n     \n   dump_stack_lvl+0x34/0x44  \n   kasan_report+0xa3/0x120  \n   sysfs_do_create_link_sd+0x40/0xd0  \n   rpc_sysfs_client_setup+0x161/0x1b0  \n   rpc_new_client+0x3fc/0x6e0  \n   rpc_create_xprt+0x71/0x220  \n   rpc_create+0x1d4/0x350  \n   gssp_rpc_create+0xc3/0x160  \n   set_gssp_clnt+0xbc/0x140  \n   write_gssp+0x116/0x1a0  \n   proc_reg_write+0xd6/0x130  \n   vfs_write+0x177/0x690  \n   ksys_write+0xb9/0x150  \n   do_syscall_64+0x35/0x80  \n   entry_SYSCALL_64_after_hwframe+0x46/0xb0  \n  \nWhen the xprt_switch sysfs alloc failed, should not add xprt and  \nswitch sysfs to it, otherwise, maybe null-ptr-deref; also initialize  \nthe 'xps_sysfs' to NULL to avoid oops when destroy it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:28.000000Z"}, {"uuid": "f7b0785b-a438-4bad-9cf6-5fe2c96f0d25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49926", "type": "seen", "source": "https://t.me/cvedetector/24238", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-49926 - Linux kernel - DSA Loop Memory Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-49926 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: dsa: Fix possible memory leaks in dsa_loop_init()  \n  \nkmemleak reported memory leaks in dsa_loop_init():  \n  \nkmemleak: 12 new suspected memory leaks  \n  \nunreferenced object 0xffff8880138ce000 (size 2048):  \n  comm \"modprobe\", pid 390, jiffies 4295040478 (age 238.976s)  \n  backtrace:  \n    [<000000006a94f1d5] kmalloc_trace+0x26/0x60  \n    [<00000000a9c44622] phy_device_create+0x5d/0x970  \n    [<00000000d0ee2afc] get_phy_device+0xf3/0x2b0  \n    [<00000000dca0c71f] __fixed_phy_register.part.0+0x92/0x4e0  \n    [<000000008a834798] fixed_phy_register+0x84/0xb0  \n    [<0000000055223fcb] dsa_loop_init+0xa9/0x116 [dsa_loop]  \n    ...  \n  \nThere are two reasons for memleak in dsa_loop_init().  \n  \nFirst, fixed_phy_register() create and register phy_device:  \n  \nfixed_phy_register()  \n  get_phy_device()  \n    phy_device_create() # freed by phy_device_free()  \n  phy_device_register() # freed by phy_device_remove()  \n  \nBut fixed_phy_unregister() only calls phy_device_remove().  \nSo the memory allocated in phy_device_create() is leaked.  \n  \nSecond, when mdio_driver_register() fail in dsa_loop_init(),  \nit just returns and there is no cleanup for phydevs.  \n  \nFix the problems by catching the error of mdio_driver_register()  \nin dsa_loop_init(), then calling both fixed_phy_unregister() and  \nphy_device_free() to release phydevs.  \nAlso add a function for phydevs cleanup to avoid duplacate. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:28.000000Z"}, {"uuid": "190085f2-f15d-45a9-a78d-4fa62b56c802", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49925", "type": "seen", "source": "https://t.me/cvedetector/24237", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-49925 - \"Linux RDMA Core Null Pointer Dereference Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2022-49925 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nRDMA/core: Fix null-ptr-deref in ib_core_cleanup()  \n  \nKASAN reported a null-ptr-deref error:  \n  \n  KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]  \n  CPU: 1 PID: 379  \n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)  \n  RIP: 0010:destroy_workqueue+0x2f/0x740  \n  RSP: 0018:ffff888016137df8 EFLAGS: 00000202  \n  ...  \n  Call Trace:  \n   ib_core_cleanup+0xa/0xa1 [ib_core]  \n   __do_sys_delete_module.constprop.0+0x34f/0x5b0  \n   do_syscall_64+0x3a/0x90  \n   entry_SYSCALL_64_after_hwframe+0x63/0xcd  \n  RIP: 0033:0x7fa1a0d221b7  \n  ...  \n  \nIt is because the fail of roce_gid_mgmt_init() is ignored:  \n  \n ib_core_init()  \n   roce_gid_mgmt_init()  \n     gid_cache_wq = alloc_ordered_workqueue # fail  \n ...  \n ib_core_cleanup()  \n   roce_gid_mgmt_cleanup()  \n     destroy_workqueue(gid_cache_wq)  \n     # destroy an unallocated wq  \n  \nFix this by catching the fail of roce_gid_mgmt_init() in ib_core_init(). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:27.000000Z"}, {"uuid": "2781619b-8c98-4990-a724-09b48c7e9f6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49923", "type": "seen", "source": "https://t.me/cvedetector/24249", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-49923 - Linux Kernel NXP NCI Memory Leak\", \n  \"Content\": \"CVE ID : CVE-2022-49923 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnfc: nxp-nci: Fix potential memory leak in nxp_nci_send()  \n  \nnxp_nci_send() will call nxp_nci_i2c_write(), and only free skb when  \nnxp_nci_i2c_write() failed. However, even if the nxp_nci_i2c_write()  \nrun succeeds, the skb will not be freed in nxp_nci_i2c_write(). As the  \nresult, the skb will memleak. nxp_nci_send() should also free the skb  \nwhen nxp_nci_i2c_write() succeeds. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:42.000000Z"}, {"uuid": "93e352a3-2da8-4951-bb18-8006be8e98f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49920", "type": "seen", "source": "https://t.me/cvedetector/24245", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-49920 - Linux kernel Netfilter Netlink Notifier Race Condition\", \n  \"Content\": \"CVE ID : CVE-2022-49920 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnetfilter: nf_tables: netlink notifier might race to release objects  \n  \ncommit release path is invoked via call_rcu and it runs lockless to  \nrelease the objects after rcu grace period. The netlink notifier handler  \nmight win race to remove objects that the transaction context is still  \nreferencing from the commit release path.  \n  \nCall rcu_barrier() to ensure pending rcu callbacks run to completion  \nif the list of transactions to be destroyed is not empty. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:36.000000Z"}, {"uuid": "527893bf-00aa-4b82-a448-587f195628e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49922", "type": "seen", "source": "https://t.me/cvedetector/24246", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-49922 - Linux Kernel NFC Driver Memory Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-49922 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()  \n  \nnfcmrvl_i2c_nci_send() will be called by nfcmrvl_nci_send(), and skb  \nshould be freed in nfcmrvl_i2c_nci_send(). However, nfcmrvl_nci_send()  \nwill only free skb when i2c_master_send() return >=0, which means skb  \nwill memleak when i2c_master_send() failed. Free skb no matter whether  \ni2c_master_send() succeeds. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:37.000000Z"}, {"uuid": "68d822df-2fe1-4508-a7a3-9bb732c04a93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49921", "type": "seen", "source": "https://t.me/cvedetector/24247", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-49921 - Linux Kernel Net Scheduler Use After Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-49921 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: sched: Fix use after free in red_enqueue()  \n  \nWe can't use \"skb\" again after passing it to qdisc_enqueue().  This is  \nbasically identical to commit 2f09707d0c97 (\"sch_sfb: Also store skb  \nlen before calling child enqueue\"). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:40.000000Z"}, {"uuid": "860032eb-4346-46ea-8915-de4ab68a496e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-4992", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mndssvv4wc2r", "content": "", "creation_timestamp": "2026-06-03T00:06:08.222050Z"}, {"uuid": "21754b9f-eaab-4acb-9fe5-3ba55e3b4aac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49923", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "8827135f-0c31-475a-94c5-eb719dbeb42a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49924", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}]}