CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48885 – ice: Fix potential memory leak in ice_gnss_tty_write()
https://notcve.org/view.php?id=CVE-2022-48885
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: Fix potential memory leak in ice_gnss_tty_write() The ice_gnss_tty_write() return directly if the write_buf alloc failed, leaking the cmd_buf. Fix by free cmd_buf if write_buf alloc failed. In the Linux kernel, the following vulnerability has been resolved: ice: Fix potential memory leak in ice_gnss_tty_write() The ice_gnss_tty_write() return directly if the write_buf alloc failed, leaking the cmd_buf. Fix by free cmd_buf if write_buf ... • https://git.kernel.org/stable/c/d6b98c8d242aee40e7b8919dd07b593b0739e38d • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48884 – net/mlx5: Fix command stats access after free
https://notcve.org/view.php?id=CVE-2022-48884
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command stats access after free Command may fail while driver is reloading and can't accept FW commands till command interface is reinitialized. Such command failure is being logged to command stats. This results in NULL pointer access as command stats structure is being freed and reallocated during mlx5 devlink reload (see kernel log below). Fix it by making command stats statically allocated on driver probe. Kernel log: [ 23... • https://git.kernel.org/stable/c/34f46ae0d4b38e83cfb26fb6f06b5b5efea47fdc • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48883 – net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent
https://notcve.org/view.php?id=CVE-2022-48883
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent A user is able to configure an arbitrary number of rx queues when creating an interface via netlink. This doesn't work for child PKEY interfaces because the child interface uses the parent receive channels. Although the child shares the parent's receive channels, the number of rx queues is important for the channel_stats array: the parent's rx channel index is used to a... • https://git.kernel.org/stable/c/be98737a4faa3a0dc1781ced5bbf5c47865e29d7 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48882 – net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)
https://notcve.org/view.php?id=CVE-2022-48882
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) Upon updating MAC security entity (SecY) in hw offload path, the macsec security association (SA) initialization routine is called. In case of extended packet number (epn) is enabled the salt and ssci attributes are retrieved using the MACsec driver rx_sa context which is unavailable when updating a SecY property such as encoding-sa hence the null deref... • https://git.kernel.org/stable/c/4411a6c0abd3e55b4a4fb9432b3a0553f12337c2 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48881 – platform/x86/amd: Fix refcount leak in amd_pmc_probe
https://notcve.org/view.php?id=CVE-2022-48881
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix refcount leak in amd_pmc_probe pci_get_domain_bus_and_slot() takes reference, the caller should release the reference by calling pci_dev_put() after use. Call pci_dev_put() in the error path to fix this. In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix refcount leak in amd_pmc_probe pci_get_domain_bus_and_slot() takes reference, the caller should release the reference by calling... • https://git.kernel.org/stable/c/3d7d407dfb05b257e15cb0c6b056428a4a8c2e5d •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48880 – platform/surface: aggregator: Add missing call to ssam_request_sync_free()
https://notcve.org/view.php?id=CVE-2022-48880
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add missing call to ssam_request_sync_free() Although rare, ssam_request_sync_init() can fail. In that case, the request should be freed via ssam_request_sync_free(). Currently it is leaked instead. Fix this. In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add missing call to ssam_request_sync_free() Although rare, ssam_request_sync_init() can fail. • https://git.kernel.org/stable/c/c167b9c7e3d6131b4a4865c112a3dbc86d2e997d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48879 – efi: fix NULL-deref in init error path
https://notcve.org/view.php?id=CVE-2022-48879
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in the unlikely event that EFI initialisation fails to avoid dereferencing a NULL pointer. In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runt... • https://git.kernel.org/stable/c/2ff3c97b47521d6700cc6485c7935908dcd2c27c •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48878 – Bluetooth: hci_qca: Fix driver shutdown on closed serdev
https://notcve.org/view.php?id=CVE-2022-48878
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Fix driver shutdown on closed serdev The driver shutdown callback (which sends EDL_SOC_RESET to the device over serdev) should not be invoked when HCI device is not open (e.g. if hci_dev_open_sync() failed), because the serdev and its TTY are not open either. Also skip this step if device is powered off (qca_power_shutdown()). The shutdown callback causes use-after-free during system reboot with Qualcomm Atheros Bluetoot... • https://git.kernel.org/stable/c/7e7bbddd029b644f00f0ffbfbc485ed71977d0d5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48877 – f2fs: let's avoid panic if extent_tree is not created
https://notcve.org/view.php?id=CVE-2022-48877
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extent_tree is not created This patch avoids the below panic. pc : __lookup_extent_tree+0xd8/0x760 lr : f2fs_do_write_data_page+0x104/0x87c sp : ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27: ffffff8803e7f020 x26: ffffff8803e7ed40 x25: ffffff8803e7f020 x24: ffffffc010cbb460 x23: ffffffc010cbb480 x22: 0000000000000000 x21: 0000000000000000 x20: ffffffff22e90900 x19: 0000000000000000 x18: ffffffc0... • https://git.kernel.org/stable/c/dd83a9763e29ed7a21c8a43f7a62cd0a6bf74692 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48876 – wifi: mac80211: fix initialization of rx->link and rx->link_sta
https://notcve.org/view.php?id=CVE-2022-48876
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix initialization of rx->link and rx->link_sta There are some codepaths that do not initialize rx->link_sta properly. This causes a crash in places which assume that rx->link_sta is valid if rx->sta is valid. One known instance is triggered by __ieee80211_rx_h_amsdu being called from fast-rx. It results in a crash like this one: BUG: kernel NULL pointer dereference, address: 00000000000000a8 #PF: supervisor write access in ... • https://git.kernel.org/stable/c/b320d6c456ff2aa43491654407d448bcfa58ac9f •