CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48730 – dma-buf: heaps: Fix potential spectre v1 gadget
https://notcve.org/view.php?id=CVE-2022-48730
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec. [sumits: added fixes and cc: stable tags] • https://git.kernel.org/stable/c/c02a81fba74fe3488ad6b08bfb5a1329005418f8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48728 – IB/hfi1: Fix AIP early init panic
https://notcve.org/view.php?id=CVE-2022-48728
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix AIP early init panic An early failure in hfi1_ipoib_setup_rn() can lead to the following panic: BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0 PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI Workqueue: events work_for_cpu_fn RIP: 0010:try_to_grab_pending+0x2b/0x140 Code: 1f 44 00 00 41 55 41 54 55 48 89 d5 53 48 89 fb 9c 58 0f 1f 44 00 00 48 89 c2 fa 66 0f 1f 44 00 00 48 89 55 00 40 84 f6 75 77 <... • https://git.kernel.org/stable/c/d99dc602e2a55a99940ba9506a7126dfa54d54ea •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48727 – KVM: arm64: Avoid consuming a stale esr value when SError occur
https://notcve.org/view.php?id=CVE-2022-48727
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Avoid consuming a stale esr value when SError occur When any exception other than an IRQ occurs, the CPU updates the ESR_EL2 register with the exception syndrome. An SError may also become pending, and will be synchronised by KVM. KVM notes the exception type, and whether an SError was synchronised in exit_code. When an exception other than an IRQ occurs, fixup_guest_exit() updates vcpu->arch.fault.esr_el2 from the hardware r... • https://git.kernel.org/stable/c/defe21f49bc98b095300752aa1e19bb608f3e97d •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48726 – RDMA/ucma: Protect mc during concurrent multicast leaves
https://notcve.org/view.php?id=CVE-2022-48726
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline] BUG: KASAN: use-after-free in ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579 Read of size 8 at addr ffff88801bb74b00 by task syz-e... • https://git.kernel.org/stable/c/95fe51096b7adf1d1e7315c49c75e2f75f162584 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48724 – iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
https://notcve.org/view.php?id=CVE-2022-48724
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() After commit e3beca48a45b ("irqdomain/treewide: Keep firmware node unconditionally allocated"). For tear down scenario, fn is only freed after fail to allocate ir_domain, though it also should be freed in case dmar_enable_qi returns error. Besides free fn, irq_domain and ir_msi_domain need to be removed as well if intel_setup_irq_remapping fails to enable queued invalid... • https://git.kernel.org/stable/c/03992c88d71ba79d956f2ed54e370e630b8750f4 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48723 – spi: uniphier: fix reference count leak in uniphier_spi_probe()
https://notcve.org/view.php?id=CVE-2022-48723
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: uniphier: fix reference count leak in uniphier_spi_probe() The issue happens in several error paths in uniphier_spi_probe(). When either dma_get_slave_caps() or devm_spi_register_master() returns an error code, the function forgets to decrease the refcount of both `dma_rx` and `dma_tx` objects, which may lead to refcount leaks. Fix it by decrementing the reference count of specific objects in those error paths. En el kernel de Linux... • https://git.kernel.org/stable/c/28d1dddc59f6b7fc085093e7c1e978b33f0caf4c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48722 – net: ieee802154: ca8210: Stop leaking skb's
https://notcve.org/view.php?id=CVE-2022-48722
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. We then leak the skb structure. Free the skb structure upon error before returning. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: ieee802154: ca8210: Detener la fuga de skb. En caso de error, no se llama al asistente ieee802154_xmit_complete(). • https://git.kernel.org/stable/c/ded845a781a578dfb0b5b2c138e5a067aa3b1242 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48721 – net/smc: Forward wakeup to smc socket waitqueue after fallback
https://notcve.org/view.php?id=CVE-2022-48721
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket->wq, such as eppoll_entries inserted by userspace applications. After the fallback, data flows over TCP/IP and only clcsocket->wq will be woken up. Applications can't be notified by the entries which were inserted in smc socket->wq before fallback. So we need... • https://git.kernel.org/stable/c/fb92e025baa73e99250b79ab64f4e088d2888993 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48720 – net: macsec: Fix offload support for NETDEV_UNREGISTER event
https://notcve.org/view.php?id=CVE-2022-48720
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: macsec: Fix offload support for NETDEV_UNREGISTER event Current macsec netdev notify handler handles NETDEV_UNREGISTER event by releasing relevant SW resources only, this causes resources leak in case of macsec HW offload, as the underlay driver was not notified to clean it's macsec offload resources. Fix by calling the underlay driver to clean it's relevant resources by moving offload handling from macsec_dellink() to macsec_common... • https://git.kernel.org/stable/c/3cf3227a21d1fb020fe26128e60321bd2151e922 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48717 – ASoC: max9759: fix underflow in speaker_gain_control_put()
https://notcve.org/view.php?id=CVE-2022-48717
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: max9759: fix underflow in speaker_gain_control_put() Check for negative values of "priv->gain" to prevent an out of bounds access. The concern is that these might come from the user via: -> snd_ctl_elem_write_user() -> snd_ctl_elem_write() -> kctl->put() En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: max9759: corrige el desbordamiento en altavoz_gain_control_put() Compruebe si hay valores negat... • https://git.kernel.org/stable/c/fa8d915172b8c10ec0734c4021e99e9705023b07 •