CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48756 – drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
https://notcve.org/view.php?id=CVE-2022-48756
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable The function performs a check on the "phy" input parameter, however, it is used before the check. Initialize the "dev" variable after the sanity check to avoid a possible NULL pointer dereference. Addresses-Coverity-ID: 1493860 ("Null pointer dereference") In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable T... • https://git.kernel.org/stable/c/5c8290284402bf7d2c12269402b3177b899c78b7 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48755 – powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
https://notcve.org/view.php?id=CVE-2022-48755
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06 Johan reported the below crash with test_bpf on ppc64 e5500: test_bpf: #296 ALU_END_FROM_LE 64: 0x0123456789abcdef -> 0x67452301 jited:1 Oops: Exception in kernel mode, sig: 4 [#1] BE PAGE_SIZE=4K SMP NR_CPUS=24 QEMU e500 Modules linked in: test_bpf(+) CPU: 0 PID: 76 Comm: insmod Not tainted 5.14.0-03771-g98c2059e008a-dirty #1 NIP: 8000000000061c3c LR: 80000000006dea64 CTR:... • https://git.kernel.org/stable/c/156d0e290e969caba25f1851c52417c14d141b24 •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48754 – phylib: fix potential use-after-free
https://notcve.org/view.php?id=CVE-2022-48754
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: phylib: fix potential use-after-free Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach(). The comment before the put_device() call says that the phydev might go away with put_device(). Fix potential use-after-free by calling phy_device_reset() before put_device(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: phylib: corrige el pos... • https://git.kernel.org/stable/c/bafbdd527d569c8200521f2f7579f65a044271be • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48751 – net/smc: Transitional solution for clcsock race issue
https://notcve.org/view.php?id=CVE-2022-48751
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smc_setsockopt() and it is caused by accessing smc->clcsock after clcsock was released. BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 50309 Comm: nginx Kdump: loaded Tainted: G E 5.16.0-rc4+ #53 RIP: 0010... • https://git.kernel.org/stable/c/fd57770dd198f5b2ddd5b9e6bf282cf98d63adb9 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48747 – block: Fix wrong offset in bio_truncate()
https://notcve.org/view.php?id=CVE-2022-48747
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: block: Fix wrong offset in bio_truncate() bio_truncate() clears the buffer outside of last block of bdev, however current bio_truncate() is using the wrong offset of page. So it can return the uninitialized data. This happened when both of truncated/corrupted FS and userspace (via bdev) are trying to read the last of bdev. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bloque: corrige el desplazamiento incorrecto en bio_tru... • https://git.kernel.org/stable/c/6cbf4c731d7812518cd857c2cfc3da9fd120f6ae • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-908: Use of Uninitialized Resource •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48744 – net/mlx5e: Avoid field-overflowing memcpy()
https://notcve.org/view.php?id=CVE-2022-48744
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid field-overflowing memcpy() In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), memmove(), and memset(), avoid intentionally writing across neighboring fields. Use flexible arrays instead of zero-element arrays (which look like they are always overflowing) and split the cross-field memcpy() into two halves that can be appropriately bounds-checked by the compiler. We were... • https://git.kernel.org/stable/c/b5503b994ed5ed8dbfe821317e7b5b38acb065c5 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-48743 – net: amd-xgbe: Fix skb data length underflow
https://notcve.org/view.php?id=CVE-2022-48743
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUG_ON() triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the packet if such length underflows are seen because of inconsistencies in the hardware descriptors. In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUG_ON() ... • https://git.kernel.org/stable/c/fafc9555d87a19c78bcd43ed731c3a73bf0b37a9 • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48742 – rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
https://notcve.org/view.php?id=CVE-2022-48742
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() While looking at one unrelated syzbot bug, I found the replay logic in __rtnl_newlink() to potentially trigger use-after-free. It is better to clear master_dev and m_ops inside the loop, in case we have to replay it. In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() While looking at one ... • https://git.kernel.org/stable/c/ba7d49b1f0f8e5f24294a880ed576964059af5ef •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48740 – selinux: fix double free of cond_list on error paths
https://notcve.org/view.php?id=CVE-2022-48740
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy() gets called a second time in caller functions, resulting in NULL pointer deref. Fix this by resetting the cond_list_len to 0 in cond_list_destroy(), making subsequent calls a noop. Also consistently reset the cond_list pointer to NULL after freeing. [PM: fix line lengths in the description] In t... • https://git.kernel.org/stable/c/f446089a268c8fc6908488e991d28a9b936293db •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48738 – ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
https://notcve.org/view.php?id=CVE-2022-48738
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() We don't currently validate that the values being set are within the range we advertised to userspace as being valid, do so and reject any values that are out of range. In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() We don't currently validate that the values being set are within the range we adver... • https://git.kernel.org/stable/c/40f598698129b5ceaf31012f9501b775c7b6e57d • CWE-125: Out-of-bounds Read •