CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49029 – hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
https://notcve.org/view.php?id=CVE-2022-49029
In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will be freed, but data->list will not be removed from driver_data.bmc_data, then list traversal may cause UAF. Fix by removeing it from driver_data.bmc_data before free(). • https://git.kernel.org/stable/c/57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10 https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3 https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49021 – net: phy: fix null-ptr-deref while probe() failed
https://notcve.org/view.php?id=CVE-2022-49021
In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe() failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 253 Comm: 507-spi-dm9051 Tainted: G B N 6.1.0-rc3+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:klist_put+0x2d/0xd0 Call Trace: <TASK> klist_remove+0xf1/0x1c0 device_release_driver_internal+0x23e/0x2d0 bus_remove_device+0x1bd/0x240 device_del+0x357/0x770 phy_device_remove+0x11/0x30 mdiobus_unregister+0xa5/0x140 release_nodes+0x6a/0xa0 devres_release_all+0xf8/0x150 device_unbind_cleanup+0x19/0xd0 //probe path: phy_device_register() device_add() phy_connect phy_attach_direct() //set device driver probe() //it's failed, driver is not bound device_bind_driver() // probe failed, it's not called //remove path: phy_device_remove() device_del() device_release_driver_internal() __device_release_driver() //dev->drv is not NULL klist_remove() <- knode_driver is not added yet, cause null-ptr-deref In phy_attach_direct(), after setting the 'dev->driver', probe() fails, device_bind_driver() is not called, so the knode_driver->n_klist is not set, then it causes null-ptr-deref in __device_release_driver() while deleting device. Fix this by setting dev->driver to NULL in the error path in phy_attach_direct(). • https://git.kernel.org/stable/c/e13934563db047043ccead26412f552375cea90c https://git.kernel.org/stable/c/8aaafe0f71314f46a066382a047ba8bb3840d273 https://git.kernel.org/stable/c/51d7f6b20fae8bae64ad1136f1e30d1fd5ba78f7 https://git.kernel.org/stable/c/0744c7be4de564db03e24527b2e096b7e0e20972 https://git.kernel.org/stable/c/3e21f85d87c836462bb52ef2078ea561260935c1 https://git.kernel.org/stable/c/fe6bc99c27c21348f548966118867ed26a9a372c https://git.kernel.org/stable/c/7730904f50c7187dd16c76949efb56b5fb55cd57 https://git.kernel.org/stable/c/eaa5722549ac2604ffa56c2e946acc832 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49020 – net/9p: Fix a potential socket leak in p9_socket_open
https://notcve.org/view.php?id=CVE-2022-49020
In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix a potential socket leak in p9_socket_open Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). If the creation of p9_trans_fd fails, p9_fd_create_tcp() and p9_fd_create_unix() will return an error directly instead of releasing the cscoket, which will result in a socket leak. This patch adds sock_release() to fix the leak issue. • https://git.kernel.org/stable/c/6b18662e239a032f908b7f6e164bdf7e2e0a32c9 https://git.kernel.org/stable/c/0396227f4daf4792a6a8aaa3b7771dc25c4cd443 https://git.kernel.org/stable/c/ded893965b895b2dccd3d1436d8d3daffa23ea64 https://git.kernel.org/stable/c/8b14bd0b500aec1458b51cb621c8e5fab3304260 https://git.kernel.org/stable/c/2d24d91b9f44620824fc37b766f7cae00ca32748 https://git.kernel.org/stable/c/e01c1542379fb395e7da53706df598f38905dfbf https://git.kernel.org/stable/c/8782b32ef867de7981bbe9e86ecb90e92e8780bd https://git.kernel.org/stable/c/aa08323fe18cb7cf95317ffa2d54ca1de •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49015 – net: hsr: Fix potential use-after-free
https://notcve.org/view.php?id=CVE-2022-49015
In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netif_rx() which may free it, after calling this, dereferencing skb may trigger use-after-free. • https://git.kernel.org/stable/c/f421436a591d34fa5279b54a96ac07d70250cc8d https://git.kernel.org/stable/c/8393ce5040803666bfa26a3a7bf41e44fab0ace9 https://git.kernel.org/stable/c/4b351609af4fdbc23f79ab2b12748f4403ea9af4 https://git.kernel.org/stable/c/b35d899854d5d5d58eb7d7e7c0f61afc60d3a9e9 https://git.kernel.org/stable/c/53a62c5efe91665f7a41fad0f888a96f94dc59eb https://git.kernel.org/stable/c/7ca81a161e406834a1fdc405fc83a572bd14b8d9 https://git.kernel.org/stable/c/dca370e575d9b6c983f5015e8dc035e23e219ee6 https://git.kernel.org/stable/c/f3add2b8cf620966de3ebfa07679ca12d •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49011 – hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
https://notcve.org/view.php?id=CVE-2022-49011
In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). So call it after using to avoid refcount leak. • https://git.kernel.org/stable/c/14513ee696a0cd12a19318e433b75a786808adc3 https://git.kernel.org/stable/c/bb75a0d1223d43f97089841aecb28a9b4de687a9 https://git.kernel.org/stable/c/0dd1da5a15eeecb2fe4cf131b3216fb455af783c https://git.kernel.org/stable/c/2f74cffc7c85f770b1b1833dccb03b8cde3be102 https://git.kernel.org/stable/c/ea5844f946b1ec5c0b7c115cd7684f34fd48021b https://git.kernel.org/stable/c/c40db1e5f316792b557d2be37e447c20d9ac4635 https://git.kernel.org/stable/c/6e035d5a2a6b907cfce9a80c5f442c2e459cd34e https://git.kernel.org/stable/c/f598da27acbeee414679cacd14294db3e •