CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2022-49491 – drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
https://notcve.org/view.php?id=CVE-2022-49491
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() It will cause null-ptr-deref in resource_size(), if platform_get_resource() returns NULL, move calling resource_size() after devm_ioremap_resource() that will check 'res' to avoid null-ptr-deref. In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() It will cause null-ptr-deref in resource_size(), if platfo... • https://git.kernel.org/stable/c/2048e3286f347db5667708e47448176b5329e8d8 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49486 – ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
https://notcve.org/view.php?id=CVE-2022-49486
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe of_find_i2c_device_by_node() takes a reference, In error paths, we should call put_device() to drop the reference to aviod refount leak. In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe of_find_i2c_device_by_node() takes a reference, In error paths, we should call put_device() to drop the reference to aviod refount leak. • https://git.kernel.org/stable/c/81e8e4926167ab32593bbb915b45a42024ca1020 •
CVSS: 7.1EPSS: %CPEs: 9EXPL: 0CVE-2022-49482 – ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
https://notcve.org/view.php?id=CVE-2022-49482
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. In the Linux kernel, the following vulnerability has been resolved: ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. • https://git.kernel.org/stable/c/08641c7c74dddfcd726512edfaa3b4cbe42e523e •
CVSS: 7.1EPSS: %CPEs: 9EXPL: 0CVE-2022-49481 – regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
https://notcve.org/view.php?id=CVE-2022-49481
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt of_node_get() returns a node with refcount incremented. Calling of_node_put() to drop the reference when not needed anymore. In the Linux kernel, the following vulnerability has been resolved: regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt of_node_get() returns a node with refcount incremented. Calling of_node_put() to drop the reference when not needed... • https://git.kernel.org/stable/c/3784b6d64dc52ed3fbebad61a85ab9b7a687a167 •
CVSS: 9.0EPSS: %CPEs: 9EXPL: 0CVE-2022-49478 – media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
https://notcve.org/view.php?id=CVE-2022-49478
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Syzbot reported that -1 is used as array index. The problem was in missing validation check. hdw->unit_number is initialized with -1 and then if init table walk fails this value remains unchanged. Since code blindly uses this member for array indexing adding sanity check is the easiest fix for that. hdw->workpoll initialization moved upper to prevent warning in __flush_work... • https://git.kernel.org/stable/c/d855497edbfbf9e19a17f4a1154bca69cb4bd9ba •
CVSS: 7.8EPSS: %CPEs: 12EXPL: 0CVE-2022-49474 – Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
https://notcve.org/view.php?id=CVE-2022-49474
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Connecting the same socket twice consecutively in sco_sock_connect() could lead to a race condition where two sco_conn objects are created but only one is associated with the socket. If the socket is closed before the SCO connection is established, the timer associated with the dangling sco_conn object won't be canceled. As the sock object is being freed, the use-after-... • https://git.kernel.org/stable/c/22c66af08230a7030bdb88accffaec3424695631 •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2022-49472 – net: phy: micrel: Allow probing without .driver_data
https://notcve.org/view.php?id=CVE-2022-49472
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driver_data Currently, if the .probe element is present in the phy_driver structure and the .driver_data is not, a NULL pointer dereference happens. Allow passing .probe without .driver_data by inserting NULL checks for priv->type. In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driver_data Currently, if the .probe element is present in the... • https://git.kernel.org/stable/c/7dcb404662839a4ed1a9703658fee979eb894ca4 •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2022-49471 – rtw89: cfo: check mac_id to avoid out-of-bounds
https://notcve.org/view.php?id=CVE-2022-49471
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtw89: cfo: check mac_id to avoid out-of-bounds Somehow, hardware reports incorrect mac_id and pollute memory. Check index before we access the array. UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23 index 188 is out of range for type 's32 [64]' CPU: 1 PID: 51550 Comm: irq/35-rtw89_pc Tainted: G OE Call Trace:
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49469 – btrfs: fix anon_dev leak in create_subvol()
https://notcve.org/view.php?id=CVE-2022-49469
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anon_dev leak in create_subvol() When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root() fail in create_subvol(), we return without freeing anon_dev. Reorganize the error handling in create_subvol() to fix this. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anon_dev leak in create_subvol() When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root() fail in creat... • https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a •
CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2022-49467 – drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
https://notcve.org/view.php?id=CVE-2022-49467
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() drm_gem_object_lookup will call drm_gem_object_get inside. So cursor_bo needs to be put when msm_gem_get_and_pin_iova fails. In the Linux kernel, the following vulnerability has been resolved: drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() drm_gem_object_lookup will call drm_gem_object_get inside. So cursor_bo needs to be put when msm_gem_get_and_pin_iova fails. • https://git.kernel.org/stable/c/e172d10a9c4acc69bb07cbe9142ded2df791ff1f •