CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48824 – scsi: myrs: Fix crash in error case
https://notcve.org/view.php?id=CVE-2022-48824
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: myrs: Fix crash in error case In myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fails with non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and crash the kernel. [ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A [ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller [ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 1.110774] Call Trace: [ 1.110950] myrs_cl... • https://git.kernel.org/stable/c/5c5ceea00c8c9df150708e66cb9f2891192c1162 •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48823 – scsi: qedf: Fix refcount issue when LOGO is received during TMF
https://notcve.org/view.php?id=CVE-2022-48823
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF Hung task call trace was seen during LOGO processing. [ 974.309060] [0000:00:00.0]:[qedf_eh_device_reset:868]: 1:0:2:0: LUN RESET Issued... [ 974.309065] [0000:00:00.0]:[qedf_initiate_tmf:2422]: tm_flags 0x10 sc_cmd 00000000c16b930f op = 0x2a target_id = 0x2 lun=0 [ 974.309178] [0000:00:00.0]:[qedf_initiate_tmf:2431]: portid=016900 tm_flags =LUN RESET [ 974.309222] [0000:00:00.... • https://git.kernel.org/stable/c/7cc32ff0cd6c44a3c26de5faecfe8b5546198fad •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48822 – usb: f_fs: Fix use-after-free for epfile
https://notcve.org/view.php?id=CVE-2022-48822
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: f_fs: Fix use-after-free for epfile Consider a case where ffs_func_eps_disable is called from ffs_func_disable as part of composition switch and at the same time ffs_epfile_release get called from userspace. ffs_epfile_release will free up the read buffer and call ffs_data_closed which in turn destroys ffs->epfiles and mark it as NULL. While this was happening the driver has already initialized the local epfile in ffs_func_eps_disable ... • https://git.kernel.org/stable/c/a9e6f83c2df199187a5248f824f31b6787ae23ae •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48821 – misc: fastrpc: avoid double fput() on failed usercopy
https://notcve.org/view.php?id=CVE-2022-48821
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: avoid double fput() on failed usercopy If the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF ioctl(), we shouldn't assume that 'buf->dmabuf' is still valid. In fact, dma_buf_fd() called fd_install() before, i.e. "consumed" one reference, leaving us with none. Calling dma_buf_put() will therefore put a reference we no longer own, leading to a valid file descritor table entry for an already released 'file' obj... • https://git.kernel.org/stable/c/6cffd79504ce040f460831030d3069fa1c99bb71 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48818 – net: dsa: mv88e6xxx: don't use devres for mdiobus
https://notcve.org/view.php?id=CVE-2022-48818
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The mv88e6xxx is an MDIO device, so the initial set of con... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48817 – net: dsa: ar9331: register the mdiobus under devres
https://notcve.org/view.php?id=CVE-2022-48817
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: ar9331: register the mdiobus under devres As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The ar9331 is an MDIO device, so the initial set of cons... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48816 – SUNRPC: lock against ->sock changing during sysfs read
https://notcve.org/view.php?id=CVE-2022-48816
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: lock against ->sock changing during sysfs read ->sock can be set to NULL asynchronously unless ->recv_mutex is held. So it is important to hold that mutex. Otherwise a sysfs read can trigger an oops. Commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before handling sysfs reads") appears to attempt to fix this problem, but it only narrows the race window. In the Linux kernel, the following vulnerability has been resolved: ... • https://git.kernel.org/stable/c/a8482488a7d6d320f63a9ee1912dbb5ae5b80a61 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48815 – net: dsa: bcm_sf2: don't use devres for mdiobus
https://notcve.org/view.php?id=CVE-2022-48815
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The Starfighter 2 is a platform device, so the initial set o... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48814 – net: dsa: seville: register the mdiobus under devres
https://notcve.org/view.php?id=CVE-2022-48814
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: seville: register the mdiobus under devres As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The Seville VSC9959 switch is a platform device, so the... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48813 – net: dsa: felix: don't use devres for mdiobus
https://notcve.org/view.php?id=CVE-2022-48813
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The Felix VSC9959 switch is a PCI device, so the initial set o... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •