CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49275 – can: m_can: m_can_tx_handler(): fix use after free of skb
https://notcve.org/view.php?id=CVE-2022-49275
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_tx_handler(): fix use after free of skb can_put_echo_skb() will clone skb then free the skb. Move the can_put_echo_skb() for the m_can version 3.0.x directly before the start of the xmit in hardware, similar to the 3.1.x branch. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed. • https://git.kernel.org/stable/c/80646733f11c2e9de3b6339f7e635047e6087280 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49271 – cifs: prevent bad output lengths in smb2_ioctl_query_info()
https://notcve.org/view.php?id=CVE-2022-49271
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: prevent bad output lengths in smb2_ioctl_query_info() When calling smb2_ioctl_query_info() with smb_query_info::flags=PASSTHRU_FSCTL and smb_query_info::output_buffer_length=0, the following would return 0x10 buffer = memdup_user(arg + sizeof(struct smb_query_info), qi.output_buffer_length); if (IS_ERR(buffer)) { kfree(vars); return PTR_ERR(buffer); } rather than a valid pointer thus making IS_ERR() check fail. This would then cause a... • https://git.kernel.org/stable/c/9963ccea6087268e1275b992dca5d0dd4b938765 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49268 – ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
https://notcve.org/view.php?id=CVE-2022-49268
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM Do not call snd_dma_free_pages() when snd_dma_alloc_pages() returns -ENOMEM because it leads to a NULL pointer dereference bug. The dmesg says: [ T1387] sof-audio-pci-intel-tgl 0000:00:1f.3: error: memory alloc failed: -12 [ T1387] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ T1387] #PF: supervisor read access in kernel mode [ T1387] #PF: error_code(0x0000) - not-pr... • https://git.kernel.org/stable/c/d16046ffa6de040bf580a64d5f4d0aa18258a854 •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49267 – mmc: core: use sysfs_emit() instead of sprintf()
https://notcve.org/view.php?id=CVE-2022-49267
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. • https://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49264 – exec: Force single empty string when argv is empty
https://notcve.org/view.php?id=CVE-2022-49264
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve(2) be the name of a program, thus prohibiting a scenario where argc < 1. POSIX 2017 also recommends this behaviour, but it is not an explicit requirement[2]: The argument arg0 should point to a filename string that is associated with the process being started by one of... • https://git.kernel.org/stable/c/41f6ea5b9aaa28b740d47ffe995a5013211fdbb0 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49259 – block: don't delete queue kobject before its children
https://notcve.org/view.php?id=CVE-2022-49259
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't delete queue kobject before its children kobjects aren't supposed to be deleted before their child kobjects are deleted. Apparently this is usually benign; however, a WARN will be triggered if one of the child kobjects has a named attribute group: sysfs group 'modes' not found for kobject 'crypto' WARNING: CPU: 0 PID: 1 at fs/sysfs/group.c:278 sysfs_remove_group+0x72/0x80 ... Call Trace: sysfs_remove_groups+0x29/0x40 fs/sysfs/g... • https://git.kernel.org/stable/c/2c2086afc2b8b974fac32cb028e73dc27bfae442 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49258 – crypto: ccree - Fix use after free in cc_cipher_exit()
https://notcve.org/view.php?id=CVE-2022-49258
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cc_cipher_exit() kfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. But ctx_p->user.key is still used in the next line, which will lead to a use after free. We can call kfree_sensitive() after dev_dbg() to avoid the uaf. In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cc_cipher_exit() kfree_sensitive(ctx_p->user.key) will free the ct... • https://git.kernel.org/stable/c/63ee04c8b491ee148489347e7da9fbfd982ca2bb • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49255 – f2fs: fix missing free nid in f2fs_handle_failed_inode
https://notcve.org/view.php?id=CVE-2022-49255
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fs_handle_failed_inode This patch fixes xfstests/generic/475 failure. [ 293.680694] F2FS-fs (dm-1): May loss orphan inode, run fsck to fix. [ 293.685358] Buffer I/O error on dev dm-1, logical block 8388592, async page read [ 293.691527] Buffer I/O error on dev dm-1, logical block 8388592, async page read [ 293.691764] sh (7615): drop_caches: 3 [ 293.691819] sh (7616): drop_caches: 3 [ 293.694017] Buffer I/O e... • https://git.kernel.org/stable/c/7735730d39d75e70476c1b01435b9b1f41637f0e •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49253 – media: usb: go7007: s2250-board: fix leak in probe()
https://notcve.org/view.php?id=CVE-2022-49253
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: usb: go7007: s2250-board: fix leak in probe() Call i2c_unregister_device(audio) on this error path. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed. • https://git.kernel.org/stable/c/d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49248 – ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
https://notcve.org/view.php?id=CVE-2022-49248
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7bb81c20f ("ALSA: firewire-lib: Add support for deferred transaction") while 'deferrable' flag can be uninitialized for non-control/notify AV/C transactions. UBSAN reports it: kernel: ================================================================================ kernel: UBSAN: invalid-load in /build/linux-aa0B4d/... • https://git.kernel.org/stable/c/00a7bb81c20f3e81711e28e0f6c08cee8fd18514 •