CVE-2022-48891 – regulator: da9211: Use irq handler when ready
https://notcve.org/view.php?id=CVE-2022-48891
In the Linux kernel, the following vulnerability has been resolved: regulator: da9211: Use irq handler when ready If the system does not come from reset (like when it is kexec()), the regulator might have an IRQ waiting for us. If we enable the IRQ handler before its structures are ready, we crash. This patch fixes: [ 1.141839] Unable to handle kernel read from unreadable memory at virtual address 0000000000000078 [ 1.316096] Call trace: [ 1.316101] blocking_notifier_call_chain+0x20/0xa8 [ 1.322757] cpu cpu0: dummy supplies not allowed for exclusive requests [ 1.327823] regulator_notifier_call_chain+0x1c/0x2c [ 1.327825] da9211_irq_handler+0x68/0xf8 [ 1.327829] irq_thread+0x11c/0x234 [ 1.327833] kthread+0x13c/0x154 • https://git.kernel.org/stable/c/1c1afcb8839b91c09d211ea304faa269763b1f91 https://git.kernel.org/stable/c/f75cde714e0a67f73ef169aa50d4ed77d04f7236 https://git.kernel.org/stable/c/d443308edbfb6e9e757b478af908515110d1efd5 https://git.kernel.org/stable/c/d4aa749e046435f054e94ebf50cad143d6229fae https://git.kernel.org/stable/c/470f6a9175f13a53810734658c35cc5bba33be01 https://git.kernel.org/stable/c/ad1336274f733a7cb1f87b5c5908165a2c14df53 https://git.kernel.org/stable/c/02228f6aa6a64d588bc31e3267d05ff184d772eb •
CVE-2022-48887 – drm/vmwgfx: Remove rcu locks from user resources
https://notcve.org/view.php?id=CVE-2022-48887
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Remove rcu locks from user resources User resource lookups used rcu to avoid two extra atomics. Unfortunately the rcu paths were buggy and it was easy to make the driver crash by submitting command buffers from two different threads. Because the lookups never show up in performance profiles replace them with a regular spin lock which fixes the races in accesses to those shared resources. Fixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and seen crashes with apps using shared resources. • https://git.kernel.org/stable/c/e14c02e6b6990e9f6ee18a214a22ac26bae1b25e https://git.kernel.org/stable/c/7ac9578e45b20e3f3c0c8eb71f5417a499a7226a https://git.kernel.org/stable/c/a309c7194e8a2f8bd4539b9449917913f6c2cd50 •
CVE-2022-48880 – platform/surface: aggregator: Add missing call to ssam_request_sync_free()
https://notcve.org/view.php?id=CVE-2022-48880
In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add missing call to ssam_request_sync_free() Although rare, ssam_request_sync_init() can fail. In that case, the request should be freed via ssam_request_sync_free(). Currently it is leaked instead. Fix this. • https://git.kernel.org/stable/c/c167b9c7e3d6131b4a4865c112a3dbc86d2e997d https://git.kernel.org/stable/c/d2dc110deabe7142b60ebeed689e67f92795ee24 https://git.kernel.org/stable/c/50b3cdf8239b11545f311c4f7b89e0092e4feedb https://git.kernel.org/stable/c/c965daac370f08a9b71d573a71d13cda76f2a884 •
CVE-2022-48879 – efi: fix NULL-deref in init error path
https://notcve.org/view.php?id=CVE-2022-48879
In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in the unlikely event that EFI initialisation fails to avoid dereferencing a NULL pointer. • https://git.kernel.org/stable/c/2ff3c97b47521d6700cc6485c7935908dcd2c27c https://git.kernel.org/stable/c/5167f194da6947e19a3e970485ee3ccb44f7958d https://git.kernel.org/stable/c/98086df8b70c06234a8f4290c46064e44dafa0ed https://git.kernel.org/stable/c/f591a42b8f9a9d20e01d0462f4f55d2176ac52ec https://git.kernel.org/stable/c/e6584124b9823151ef586d10dedf565ade50cea6 https://git.kernel.org/stable/c/585a0b2b3ae7903c6abee3087d09c69e955a7794 https://git.kernel.org/stable/c/5fcf75a8a4c3e7ee9122d143684083c9faf20452 https://git.kernel.org/stable/c/4ca71bc0e1995d15486cd7b60845602a2 •
CVE-2022-48878 – Bluetooth: hci_qca: Fix driver shutdown on closed serdev
https://notcve.org/view.php?id=CVE-2022-48878
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Fix driver shutdown on closed serdev The driver shutdown callback (which sends EDL_SOC_RESET to the device over serdev) should not be invoked when HCI device is not open (e.g. if hci_dev_open_sync() failed), because the serdev and its TTY are not open either. Also skip this step if device is powered off (qca_power_shutdown()). The shutdown callback causes use-after-free during system reboot with Qualcomm Atheros Bluetooth: Unable to handle kernel paging request at virtual address 0072662f67726fd7 ... CPU: 6 PID: 1 Comm: systemd-shutdow Tainted: G W 6.1.0-rt5-00325-g8a5f56bcfcca #8 Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT) Call trace: tty_driver_flush_buffer+0x4/0x30 serdev_device_write_flush+0x24/0x34 qca_serdev_shutdown+0x80/0x130 [hci_uart] device_shutdown+0x15c/0x260 kernel_restart+0x48/0xac KASAN report: BUG: KASAN: use-after-free in tty_driver_flush_buffer+0x1c/0x50 Read of size 8 at addr ffff16270c2e0018 by task systemd-shutdow/1 CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted 6.1.0-next-20221220-00014-gb85aaf97fb01-dirty #28 Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT) Call trace: dump_backtrace.part.0+0xdc/0xf0 show_stack+0x18/0x30 dump_stack_lvl+0x68/0x84 print_report+0x188/0x488 kasan_report+0xa4/0xf0 __asan_load8+0x80/0xac tty_driver_flush_buffer+0x1c/0x50 ttyport_write_flush+0x34/0x44 serdev_device_write_flush+0x48/0x60 qca_serdev_shutdown+0x124/0x274 device_shutdown+0x1e8/0x350 kernel_restart+0x48/0xb0 __do_sys_reboot+0x244/0x2d0 __arm64_sys_reboot+0x54/0x70 invoke_syscall+0x60/0x190 el0_svc_common.constprop.0+0x7c/0x160 do_el0_svc+0x44/0xf0 el0_svc+0x2c/0x6c el0t_64_sync_handler+0xbc/0x140 el0t_64_sync+0x190/0x194 • https://git.kernel.org/stable/c/7e7bbddd029b644f00f0ffbfbc485ed71977d0d5 https://git.kernel.org/stable/c/e84ec6e25df9bb0968599e92eacedaf3a0a5b587 https://git.kernel.org/stable/c/908d1742b6e694e84ead5c62e4b7c1bfbb8b46a3 https://git.kernel.org/stable/c/ea3ebda47dd56f6e1c62f2e0e1b6e1b0a973e447 https://git.kernel.org/stable/c/272970be3dabd24cbe50e393ffee8f04aec3b9a8 •