CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48788 – nvme-rdma: fix possible use-after-free in transport error_recovery work
https://notcve.org/view.php?id=CVE-2022-48788
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in order to fully prevent a race where this check is not reliable the error recovery work must flush async_event_work before continuing to destroy the admin queue after setting the ctrl state to RESETTING such that there is no race .sub... • https://git.kernel.org/stable/c/5593f72d1922403c11749532e3a0aa4cf61414e9 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48787 – iwlwifi: fix use-after-free
https://notcve.org/view.php?id=CVE-2022-48787
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: iwlwifi: fix use-after-free If no firmware was present at all (or, presumably, all of the firmware files failed to parse), we end up unbinding by calling device_release_driver(), which calls remove(), which then in iwlwifi calls iwl_drv_stop(), freeing the 'drv' struct. However the new code I added will still erroneously access it after it was freed. Set 'failure=false' in this case to avoid the access, all data was already freed anyway. • https://git.kernel.org/stable/c/8e10749fa1a454c1e7214f36cec83241f5a36ef1 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48786 – vsock: remove vsock from connected table when connect is interrupted by a signal
https://notcve.org/view.php?id=CVE-2022-48786
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsock_connect() expects that the socket could already be in the TCP_ESTABLISHED state when the connecting task wakes up with a signal pending. If this happens the socket will be in the connected table, and it is not removed when the socket state is reset. In this situation it's common for the process to retry connect(), and if the connection is successful the... • https://git.kernel.org/stable/c/d021c344051af91f42c5ba9fdedc176740cbd238 • CWE-371: State Issues •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47624 – net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change
https://notcve.org/view.php?id=CVE-2021-47624
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change The refcount leak issues take place in an error handling path. When the 3rd argument buf doesn't match with "offline", "online" or "remove", the function simply returns -EINVAL and forgets to decrease the reference count of a rpc_xprt object and a rpc_xprt_switch object increased by rpc_sysfs_xprt_kobj_get_xprt() and rpc_sysfs_xprt_kobj_get_xprt_switch(), causing referen... • https://git.kernel.org/stable/c/4b22aa42bd4d2d630ef1854c139275c3532937cb • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47623 – powerpc/fixmap: Fix VM debug warning on unmap
https://notcve.org/view.php?id=CVE-2021-47623
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/fixmap: Fix VM debug warning on unmap Unmapping a fixmap entry is done by calling __set_fixmap() with FIXMAP_PAGE_CLEAR as flags. Today, powerpc __set_fixmap() calls map_kernel_page(). map_kernel_page() is not happy when called a second time for the same page. WARNING: CPU: 0 PID: 1 at arch/powerpc/mm/pgtable.c:194 set_pte_at+0xc/0x1e8 CPU: 0 PID: 1 Comm: swapper Not tainted 5.16.0-rc3-s3k-dev-01993-g350ff07feb7d-dirty #682 ... • https://git.kernel.org/stable/c/67baac10dd5ad1e9f50e8f2659984b3b0728d54e • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47622 – scsi: ufs: Fix a deadlock in the error handler
https://notcve.org/view.php?id=CVE-2021-47622
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: Fix a deadlock in the error handler The following deadlock has been observed on a test setup: - All tags allocated - The SCSI error handler calls ufshcd_eh_host_reset_handler() - ufshcd_eh_host_reset_handler() queues work that calls ufshcd_err_handler() - ufshcd_err_handler() locks up as follows: Workqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt Call trace: __switch_to+0x298/0x5d8 __schedule+0x6cc/0xa94 schedule+0... • https://git.kernel.org/stable/c/493c9e850677df8b4eda150c2364b1c1a72ed724 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48785 – ipv6: mcast: use rcu-safe version of ipv6_get_lladdr()
https://notcve.org/view.php?id=CVE-2022-48785
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() Some time ago 8965779d2c0e ("ipv6,mcast: always hold idev->lock before mca_lock") switched ipv6_get_lladdr() to __ipv6_get_lladdr(), which is rcu-unsafe version. That was OK, because idev->lock was held for these codepaths. In 88e2ca308094 ("mld: convert ifmcaddr6 to RCU") these external locks were removed, so we probably need to restore the original rcu-safe call. Otherwise, we occ... • https://git.kernel.org/stable/c/88e2ca3080947fe22eb520c1f8231e79a105d011 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48784 – cfg80211: fix race in netlink owner interface destruction
https://notcve.org/view.php?id=CVE-2022-48784
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix race in netlink owner interface destruction My previous fix here to fix the deadlock left a race where the exact same deadlock (see the original commit referenced below) can still happen if cfg80211_destroy_ifaces() already runs while nl80211_netlink_notify() is still marking some interfaces as nl_owner_dead. The race happens because we have two loops here - first we dev_close() all the netdevs, and then we destroy them. If... • https://git.kernel.org/stable/c/ea6b2098dd02789f68770fd3d5a373732207be2f •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48783 – net: dsa: lantiq_gswip: fix use after free in gswip_remove()
https://notcve.org/view.php?id=CVE-2022-48783
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: fix use after free in gswip_remove() of_node_put(priv->ds->slave_mii_bus->dev.of_node) should be done before mdiobus_free(priv->ds->slave_mii_bus). • https://git.kernel.org/stable/c/e177d2e85ebcd3008c4b2abc293f4118e04eedef •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48780 – net/smc: Avoid overwriting the copies of clcsock callback functions
https://notcve.org/view.php?id=CVE-2022-48780
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of clcsock will be saved and replaced during the fallback. But if the fallback happens more than once, then the copies of these callback functions will be overwritten incorrectly, resulting in a loop call issue: clcsk->sk_error_report |- smc_fback_error_report() <------------------------------| |- smc_fback_forward_wakeup() ... • https://git.kernel.org/stable/c/0ef6049f664941bc0f75828b3a61877635048b27 •