{"vulnerability": "cve-2022-4929", "sightings": [{"uuid": "4f8dc6b3-9cd6-4830-9a9a-4815ec6ad2a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-49296", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "fa06164f-027a-4467-9e8e-930297783168", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49296", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "74723598-7ee4-4f8c-93c3-8a49908c22d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49294", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "59257351-faae-4d10-9bd6-11d5f52f3d99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49290", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5430", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49290\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix potential double free on mesh join\n\nWhile commit 6a01afcf8468 (\"mac80211: mesh: Free ie data when leaving\nmesh\") fixed a memory leak on mesh leave / teardown it introduced a\npotential memory corruption caused by a double free when rejoining the\nmesh:\n\n  ieee80211_leave_mesh()\n  -> kfree(sdata->u.mesh.ie);\n  ...\n  ieee80211_join_mesh()\n  -> copy_mesh_setup()\n     -> old_ie = ifmsh->ie;\n     -> kfree(old_ie);\n\nThis double free / kernel panics can be reproduced by using wpa_supplicant\nwith an encrypted mesh (if set up without encryption via \"iw\" then\nifmsh->ie is always NULL, which avoids this issue). And then calling:\n\n  $ iw dev mesh0 mesh leave\n  $ iw dev mesh0 mesh join my-mesh\n\nNote that typically these commands are not used / working when using\nwpa_supplicant. And it seems that wpa_supplicant or wpa_cli are going\nthrough a NETDEV_DOWN/NETDEV_UP cycle between a mesh leave and mesh join\nwhere the NETDEV_UP resets the mesh.ie to NULL via a memcpy of\ndefault_mesh_setup in cfg80211_netdev_notifier_call, which then avoids\nthe memory corruption, too.\n\nThe issue was first observed in an application which was not using\nwpa_supplicant but \"Senf\" instead, which implements its own calls to\nnl80211.\n\nFixing the issue by removing the kfree()'ing of the mesh IE in the mesh\njoin function and leaving it solely up to the mesh leave to free the\nmesh IE.\n\ud83d\udccf Published: 2025-02-26T01:56:27.500Z\n\ud83d\udccf Modified: 2025-02-26T01:56:27.500Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/615716af8644813355e014314a0bc1e961250f5a\n2. https://git.kernel.org/stable/c/c1d9c3628ef0a0ca197595d0f9e01cd3b5dda186\n3. https://git.kernel.org/stable/c/273ebddc5fda2967492cb0b6cdd7d81cfb821b76\n4. https://git.kernel.org/stable/c/3bbd0000d012f92aec423b224784fbf0f7bf40f8\n5. https://git.kernel.org/stable/c/5d3ff9542a40ce034416bca03864709540a36016\n6. https://git.kernel.org/stable/c/12e407a8ef17623823fd0c066fbd7f103953d28d\n7. https://git.kernel.org/stable/c/582d8c60c0c053684f7138875e8150d5749ffc17\n8. https://git.kernel.org/stable/c/46bb87d40683337757a2f902fcd4244b32bb4e86\n9. https://git.kernel.org/stable/c/4a2d4496e15ea5bb5c8e83b94ca8ca7fb045e7d3", "creation_timestamp": "2025-02-26T02:23:31.000000Z"}, {"uuid": "7e6a7a52-11a0-4805-9007-38f493131d7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49292", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5428", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49292\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: oss: Fix PCM OSS buffer allocation overflow\n\nWe've got syzbot reports hitting INT_MAX overflow at vmalloc()\nallocation that is called from snd_pcm_plug_alloc().  Although we\napply the restrictions to input parameters, it's based only on the\nhw_params of the underlying PCM device.  Since the PCM OSS layer\nallocates a temporary buffer for the data conversion, the size may\nbecome unexpectedly large when more channels or higher rates is given;\nin the reported case, it went over INT_MAX, hence it hits WARN_ON().\n\nThis patch is an attempt to avoid such an overflow and an allocation\nfor too large buffers.  First off, it adds the limit of 1MB as the\nupper bound for period bytes.  This must be large enough for all use\ncases, and we really don't want to handle a larger temporary buffer\nthan this size.  The size check is performed at two places, where the\noriginal period bytes is calculated and where the plugin buffer size\nis calculated.\n\nIn addition, the driver uses array_size() and array3_size() for\nmultiplications to catch overflows for the converted period size and\nbuffer bytes.\n\ud83d\udccf Published: 2025-02-26T01:56:28.552Z\n\ud83d\udccf Modified: 2025-02-26T01:56:28.552Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5\n2. https://git.kernel.org/stable/c/0c4190b41a69990666b4000999e27f8f1b2a426b\n3. https://git.kernel.org/stable/c/5ce74ff7059341d8b2f4d01c3383491df63d1898\n4. https://git.kernel.org/stable/c/7a40cbf3579a8e14849ba7ce46309c1992658d2b\n5. https://git.kernel.org/stable/c/fb08bf99195a87c798bc8ae1357337a981faeade\n6. https://git.kernel.org/stable/c/e74a069c6a7bb505f3ade141dddf85f4b0b5145a\n7. https://git.kernel.org/stable/c/efb6402c3c4a7c26d97c92d70186424097b6e366", "creation_timestamp": "2025-02-26T02:23:30.000000Z"}, {"uuid": "8050e288-8ab0-463d-b0c0-9c34da189620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49294", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5423", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49294\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check if modulo is 0 before dividing.\n\n[How & Why]\nIf a value of 0 is read, then this will cause a divide-by-0 panic.\n\ud83d\udccf Published: 2025-02-26T02:01:25.159Z\n\ud83d\udccf Modified: 2025-02-26T02:01:25.159Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/10ef82d6e0af5536ec64770c07f6bbabfdd6977c\n2. https://git.kernel.org/stable/c/96725758eff7b3805e4e94d1443a100757412720\n3. https://git.kernel.org/stable/c/07efce8269a038c37814eb656b4de14aa3015fc6\n4. https://git.kernel.org/stable/c/49947b906a6bd9668eaf4f9cf691973c25c26955", "creation_timestamp": "2025-02-26T02:23:23.000000Z"}, {"uuid": "a373d950-be4f-4716-af01-0a5838e2d969", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49295", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5422", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49295\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: call genl_unregister_family() first in nbd_cleanup()\n\nOtherwise there may be race between module removal and the handling of\nnetlink command, which can lead to the oops as shown below:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000098\n  Oops: 0002 [#1] SMP PTI\n  CPU: 1 PID: 31299 Comm: nbd-client Tainted: G            E     5.14.0-rc4\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n  RIP: 0010:down_write+0x1a/0x50\n  Call Trace:\n   start_creating+0x89/0x130\n   debugfs_create_dir+0x1b/0x130\n   nbd_start_device+0x13d/0x390 [nbd]\n   nbd_genl_connect+0x42f/0x748 [nbd]\n   genl_family_rcv_msg_doit.isra.0+0xec/0x150\n   genl_rcv_msg+0xe5/0x1e0\n   netlink_rcv_skb+0x55/0x100\n   genl_rcv+0x29/0x40\n   netlink_unicast+0x1a8/0x250\n   netlink_sendmsg+0x21b/0x430\n   ____sys_sendmsg+0x2a4/0x2d0\n   ___sys_sendmsg+0x81/0xc0\n   __sys_sendmsg+0x62/0xb0\n   __x64_sys_sendmsg+0x1f/0x30\n   do_syscall_64+0x3b/0xc0\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  Modules linked in: nbd(E-)\n\ud83d\udccf Published: 2025-02-26T02:01:25.659Z\n\ud83d\udccf Modified: 2025-02-26T02:01:25.659Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/8a1435c862ea09b06be7acda325128dc08458e25\n2. https://git.kernel.org/stable/c/013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c\n3. https://git.kernel.org/stable/c/1be608e1ee1f222464b2856bda9b85ab5184a33e\n4. https://git.kernel.org/stable/c/c0868f6e728c3c28bef0e8bee89d2daf86a8bbca\n5. https://git.kernel.org/stable/c/cbeafa7a79d08ecdb55f8f1d41a11323d0f709db\n6. https://git.kernel.org/stable/c/6f505bbb8063fd3a238a4239d2d8c165e5279f6f\n7. https://git.kernel.org/stable/c/3d5da1ffba3388c2ae2e6c598855a4d887d3bf79\n8. https://git.kernel.org/stable/c/06c4da89c24e7023ea448cadf8e9daf06a0aae6e", "creation_timestamp": "2025-02-26T02:23:19.000000Z"}, {"uuid": "10208449-d46e-411c-ad79-29f7f96d2856", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49296", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5421", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49296\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix possible deadlock when holding Fwb to get inline_data\n\n1, mount with wsync.\n2, create a file with O_RDWR, and the request was sent to mds.0:\n\n   ceph_atomic_open()-->\n     ceph_mdsc_do_request(openc)\n     finish_open(file, dentry, ceph_open)-->\n       ceph_open()-->\n         ceph_init_file()-->\n           ceph_init_file_info()-->\n             ceph_uninline_data()-->\n             {\n               ...\n               if (inline_version == 1 || /* initial version, no data */\n                   inline_version == CEPH_INLINE_NONE)\n                     goto out_unlock;\n               ...\n             }\n\nThe inline_version will be 1, which is the initial version for the\nnew create file. And here the ci->i_inline_version will keep with 1,\nit's buggy.\n\n3, buffer write to the file immediately:\n\n   ceph_write_iter()-->\n     ceph_get_caps(file, need=Fw, want=Fb, ...);\n     generic_perform_write()-->\n       a_ops->write_begin()-->\n         ceph_write_begin()-->\n           netfs_write_begin()-->\n             netfs_begin_read()-->\n               netfs_rreq_submit_slice()-->\n                 netfs_read_from_server()-->\n                   rreq->netfs_ops->issue_read()-->\n                     ceph_netfs_issue_read()-->\n                     {\n                       ...\n                       if (ci->i_inline_version != CEPH_INLINE_NONE &&\n                           ceph_netfs_issue_op_inline(subreq))\n                         return;\n                       ...\n                     }\n     ceph_put_cap_refs(ci, Fwb);\n\nThe ceph_netfs_issue_op_inline() will send a getattr(Fsr) request to\nmds.1.\n\n4, then the mds.1 will request the rd lock for CInode::filelock from\nthe auth mds.0, the mds.0 will do the CInode::filelock state transation\nfrom excl --> sync, but it need to revoke the Fxwb caps back from the\nclients.\n\nWhile the kernel client has aleady held the Fwb caps and waiting for\nthe getattr(Fsr).\n\nIt's deadlock!\n\nURL: https://tracker.ceph.com/issues/55377\n\ud83d\udccf Published: 2025-02-26T02:01:26.131Z\n\ud83d\udccf Modified: 2025-02-26T02:01:26.131Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/292b7a7275ce535a1abfa4dd0b2e586162aaae1e\n2. https://git.kernel.org/stable/c/825978fd6a0defc3c29d8a38b6cea76a0938d21e", "creation_timestamp": "2025-02-26T02:23:18.000000Z"}, {"uuid": "2eb0a21d-d4fc-4118-b8d9-79a95bfdd12a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49293", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5427", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49293\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: initialize registers in nft_do_chain()\n\nInitialize registers to avoid stack leak into userspace.\n\ud83d\udccf Published: 2025-02-26T01:56:29.033Z\n\ud83d\udccf Modified: 2025-02-26T01:56:29.033Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/4d28522acd1c4415c85f6b33463713a268f68965\n2. https://git.kernel.org/stable/c/a3cc32863b175168283cb0a5fde08de6a1e27df9\n3. https://git.kernel.org/stable/c/88791b79a1eb2ba94e95d039243e28433583a67b\n4. https://git.kernel.org/stable/c/06f0ff82c70241a766a811ae1acf07d6e2734dcb\n5. https://git.kernel.org/stable/c/2c74374c2e88c7b7992bf808d9f9391f7452f9d9\n6. https://git.kernel.org/stable/c/fafb904156fbb8f1dd34970cd5223e00b47c33be\n7. https://git.kernel.org/stable/c/64f24c76dd0ce53d0fa3a0bfb9aeea507c769485\n8. https://git.kernel.org/stable/c/dd03640529204ef4b8189fbdea08217d8d98271f\n9. https://git.kernel.org/stable/c/4c905f6740a365464e91467aa50916555b28213d", "creation_timestamp": "2025-02-26T02:23:26.000000Z"}, {"uuid": "2534da68-146b-4a8e-bdb1-ebe6ef0db456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49298", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5420", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49298\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix uninit-value in r871xu_drv_init()\n\nWhen 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0,\n'mac[6]' will not be initialized.\n\nBUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541\n r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541\n usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396\n really_probe+0x653/0x14b0 drivers/base/dd.c:596\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238\n usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293\n really_probe+0x653/0x14b0 drivers/base/dd.c:596\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_new_device+0x1b8e/0x2950 drivers/usb/core/hub.c:2566\n hub_port_connect drivers/usb/core/hub.c:5358 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]\n port_event drivers/usb/core/hub.c:5660 [inline]\n hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5742\n process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307\n worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454\n kthread+0x3c7/0x500 kernel/kthread.c:377\n ret_from_fork+0x1f/0x30\n\nLocal variable mac created at:\n r871xu_drv_init+0x1771/0x3070 drivers/staging/rtl8712/usb_intf.c:394\n usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396\n\nKMSAN: uninit-value in r871xu_drv_init\nhttps://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8\n\ud83d\udccf Published: 2025-02-26T02:01:27.111Z\n\ud83d\udccf Modified: 2025-02-26T02:01:27.111Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/0b7371a22489cbb2e8e826ca03fb5ce92afb04fe\n2. https://git.kernel.org/stable/c/277faa442fe0c59f418ac53f47a78e1266addd65\n3. https://git.kernel.org/stable/c/a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2\n4. https://git.kernel.org/stable/c/52a0d88c328098b4e9fb8f2f3877fec0eff4104b\n5. https://git.kernel.org/stable/c/ff727ab0b7d7a56b5ef281f12abd00c4b85894e9\n6. https://git.kernel.org/stable/c/f36e754a1f0bafb9feeea63463de78080acb6de0\n7. https://git.kernel.org/stable/c/76a964ad0ea8f2b10abd69a7532e174a28258283\n8. https://git.kernel.org/stable/c/70df04433fd351ba72bc635bd0b5fe443d9ac964\n9. https://git.kernel.org/stable/c/0458e5428e5e959d201a40ffe71d762a79ecedc4", "creation_timestamp": "2025-02-26T02:23:17.000000Z"}, {"uuid": "4796bb69-1089-4465-9bed-b5a3cca8a216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49291", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5429", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49291\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix races among concurrent hw_params and hw_free calls\n\nCurrently we have neither proper check nor protection against the\nconcurrent calls of PCM hw_params and hw_free ioctls, which may result\nin a UAF.  Since the existing PCM stream lock can't be used for\nprotecting the whole ioctl operations, we need a new mutex to protect\nthose racy calls.\n\nThis patch introduced a new mutex, runtime->buffer_mutex, and applies\nit to both hw_params and hw_free ioctl code paths.  Along with it, the\nboth functions are slightly modified (the mmap_count check is moved\ninto the state-check block) for code simplicity.\n\ud83d\udccf Published: 2025-02-26T01:56:27.986Z\n\ud83d\udccf Modified: 2025-02-26T01:56:27.986Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a42aa926843acca96c0dfbde2e835b8137f2f092\n2. https://git.kernel.org/stable/c/9cb6c40a6ebe4a0cfc9d6a181958211682cffea9\n3. https://git.kernel.org/stable/c/fbeb492694ce0441053de57699e1e2b7bc148a69\n4. https://git.kernel.org/stable/c/0f6947f5f5208f6ebd4d76a82a4757e2839a23f8\n5. https://git.kernel.org/stable/c/33061d0fba51d2bf70a2ef9645f703c33fe8e438\n6. https://git.kernel.org/stable/c/0090c13cbbdffd7da079ac56f80373a9a1be0bf8\n7. https://git.kernel.org/stable/c/1bbf82d9f961414d6c76a08f7f843ea068e0ab7b\n8. https://git.kernel.org/stable/c/92ee3c60ec9fe64404dc035e7c41277d74aa26cb", "creation_timestamp": "2025-02-26T02:23:30.000000Z"}, {"uuid": "338812e3-5746-4aa3-b868-0621cebbc9f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49299", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16468", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49299\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: gadget: don't reset gadget's driver->bus\n\nUDC driver should not touch gadget's driver internals, especially it\nshould not reset driver->bus. This wasn't harmful so far, but since\ncommit fc274c1e9973 (\"USB: gadget: Add a new bus for gadgets\") gadget\nsubsystem got it's own bus and messing with ->bus triggers the\nfollowing NULL pointer dereference:\n\ndwc2 12480000.hsotg: bound driver g_ether\n8<--- cut here ---\nUnable to handle kernel NULL pointer dereference at virtual address 00000000\n[00000000] *pgd=00000000\nInternal error: Oops: 5 [#1] SMP ARM\nModules linked in: ...\nCPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862\nHardware name: Samsung Exynos (Flattened Device Tree)\nPC is at module_add_driver+0x44/0xe8\nLR is at sysfs_do_create_link_sd+0x84/0xe0\n...\nProcess modprobe (pid: 620, stack limit = 0x(ptrval))\n...\n module_add_driver from bus_add_driver+0xf4/0x1e4\n bus_add_driver from driver_register+0x78/0x10c\n driver_register from usb_gadget_register_driver_owner+0x40/0xb4\n usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0\n do_one_initcall from do_init_module+0x44/0x1c8\n do_init_module from load_module+0x19b8/0x1b9c\n load_module from sys_finit_module+0xdc/0xfc\n sys_finit_module from ret_fast_syscall+0x0/0x54\nException stack(0xf1771fa8 to 0xf1771ff0)\n...\ndwc2 12480000.hsotg: new device is high-speed\n---[ end trace 0000000000000000 ]---\n\nFix this by removing driver->bus entry reset.\n\ud83d\udccf Published: 2025-02-26T02:10:34.977Z\n\ud83d\udccf Modified: 2025-05-15T12:28:27.659Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8\n2. https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0\n3. https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b\n4. https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa\n5. https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd\n6. https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316\n7. https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c\n8. https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac\n9. https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a", "creation_timestamp": "2025-05-15T12:34:14.000000Z"}, {"uuid": "d3b9007d-a67e-4fa9-9dc6-232e31e74a44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4929", "type": "seen", "source": "https://t.me/cibsecurity/59451", "content": "\u203c CVE-2022-4929 \u203c\n\nA vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is able to address this issue. The name of the patch is fa785969f213c76384f1fe67d47b17d57fcc60c8. It is recommended to upgrade the affected component. VDB-222290 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T07:12:36.000000Z"}]}