CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48811 – ibmvnic: don't release napi in __ibmvnic_open()
https://notcve.org/view.php?id=CVE-2022-48811
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ibmvnic: don't release napi in __ibmvnic_open() If __ibmvnic_open() encounters an error such as when setting link state, it calls release_resources() which frees the napi structures needlessly. Instead, have __ibmvnic_open() only clean up the work it did so far (i.e. disable napi and irqs) and leave the rest to the callers. If caller of __ibmvnic_open() is ibmvnic_open(), it should release the resources immediately. If the caller is do_rese... • https://git.kernel.org/stable/c/ed651a10875f13135a5f59c1bae4d51b377b3925 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48810 – ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
https://notcve.org/view.php?id=CVE-2022-48810
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path ip[6]mr_free_table() can only be called under RTNL lock. RTNL: assertion failed at net/core/dev.c (10367) WARNING: CPU: 1 PID: 5890 at net/core/dev.c:10367 unregister_netdevice_many+0x1246/0x1850 net/core/dev.c:10367 Modules linked in: CPU: 1 PID: 5890 Comm: syz-executor.2 Not tainted 5.16.0-syzkaller-11627-g422ee58dc0ef #0 Hardware name: Google Google Compute Engi... • https://git.kernel.org/stable/c/f243e5a7859a24d10975afb9a1708cac624ba6f1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48809 – net: fix a memleak when uncloning an skb dst and its metadata
https://notcve.org/view.php?id=CVE-2022-48809
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fix a memleak when uncloning an skb dst and its metadata When uncloning an skb dst and its associated metadata, a new dst+metadata is allocated and later replaces the old one in the skb. This is helpful to have a non-shared dst+metadata attached to a specific skb. The issue is the uncloned dst+metadata is initialized with a refcount of 1, which is increased to 2 before attaching it to the skb. When tun_dst_unclone returns, the dst+meta... • https://git.kernel.org/stable/c/fc4099f17240767554ff3a73977acb78ef615404 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48806 – eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
https://notcve.org/view.php?id=CVE-2022-48806
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX Commit effa453168a7 ("i2c: i801: Don't silently correct invalid transfer size") revealed that ee1004_eeprom_read() did not properly limit how many bytes to read at once. In particular, i2c_smbus_read_i2c_block_data_or_emulated() takes the length to read as an u8. If count == 256 after taking into account the offset and page boundary, the cast to u8 overflows. And this is common when use... • https://git.kernel.org/stable/c/aca56c298e2a6d20ab6308e203a8d37f2a7759d3 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48805 – net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
https://notcve.org/view.php?id=CVE-2022-48805
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup ax88179_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The metadata array (hdr_off..hdr_off+2*pkt_cnt) can be out of bounds, causing OOB reads and (on big-endian systems) OOB endianness flips. - A packet can overlap the metadata array, causing a later OOB endianness flip to corrupt data used by ... • https://git.kernel.org/stable/c/e2ca90c276e1fc410d7cd3c1a4eee245ec902a20 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48804 – vt_ioctl: fix array_index_nospec in vt_setactivate
https://notcve.org/view.php?id=CVE-2022-48804
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with array_index_nospec. Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amster... • https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48803 – phy: ti: Fix missing sentinel for clk_div_table
https://notcve.org/view.php?id=CVE-2022-48803
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: ti: Fix missing sentinel for clk_div_table _get_table_maxdiv() tries to access "clk_div_table" array out of bound defined in phy-j721e-wiz.c. Add a sentinel entry to prevent the following global-out-of-bounds error reported by enabling KASAN. [ 9.552392] BUG: KASAN: global-out-of-bounds in _get_maxdiv+0xc0/0x148 [ 9.558948] Read of size 4 at addr ffff8000095b25a4 by task kworker/u4:1/38 [ 9.565926] [ 9.567441] CPU: 1 PID: 38 Comm: kwor... • https://git.kernel.org/stable/c/091876cc355d6739e393efa4b3d07f451a6a035c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48802 – fs/proc: task_mmu.c: don't read mapcount for migration entry
https://notcve.org/view.php?id=CVE-2022-48802
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/proc: task_mmu.c: don't read mapcount for migration entry The syzbot reported the below BUG: kernel BUG at include/linux/page-flags.h:785! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 4392 Comm: syz-executor560 Not tainted 5.16.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline] RIP: 0010:__page_mapcount+0x2... • https://git.kernel.org/stable/c/e9b61f19858a5d6c42ce2298cf138279375d0d9b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48799 – perf: Fix list corruption in perf_cgroup_switch()
https://notcve.org/view.php?id=CVE-2022-48799
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: perf: Fix list corruption in perf_cgroup_switch() There's list corruption on cgrp_cpuctx_list. This happens on the following path: perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list) cpu_ctx_sched_in ctx_sched_in ctx_pinned_sched_in merge_sched_in perf_cgroup_event_disable: remove the event from the list Use list_for_each_entry_safe() to allow removing an entry during iteration. In the Linux kernel, the following vulnerability has bee... • https://git.kernel.org/stable/c/058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48797 – mm: don't try to NUMA-migrate COW pages that have other uses
https://notcve.org/view.php?id=CVE-2022-48797
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: don't try to NUMA-migrate COW pages that have other uses Oded Gabbay reports that enabling NUMA balancing causes corruption with his Gaudi accelerator test load: "All the details are in the bug, but the bottom line is that somehow, this patch causes corruption when the numa balancing feature is enabled AND we don't use process affinity AND we use GUP to pin pages so our accelerator can DMA to/from system memory. Either disabling numa ba... • https://git.kernel.org/stable/c/09854ba94c6aad7886996bfbee2530b3d8a7f4f4 •