CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48731 – mm/kmemleak: avoid scanning potential huge holes
https://notcve.org/view.php?id=CVE-2022-48731
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid scanning potential huge holes When using devm_request_free_mem_region() and devm_memremap_pages() to add ZONE_DEVICE memory, if requested free mem region's end pfn were huge(e.g., 0x400000000), the node_end_pfn() will be also huge (see move_pfn_range_to_zone()). Thus it creates a huge hole between node_start_pfn() and node_end_pfn(). We found on some AMD APUs, amdkfd requested such a free mem region and created a huge hole. In such a case, following code snippet was just doing busy test_bit() looping on the huge hole. for (pfn = start_pfn; pfn < end_pfn; pfn++) { struct page *page = pfn_to_online_page(pfn); if (!page) continue; ... } So we got a soft lockup: watchdog: BUG: soft lockup - CPU#6 stuck for 26s! [bash:1221] CPU: 6 PID: 1221 Comm: bash Not tainted 5.15.0-custom #1 RIP: 0010:pfn_to_online_page+0x5/0xd0 Call Trace: ? • https://git.kernel.org/stable/c/d3533ee20e9a0e2e8f60384da7450d43d1c63d1a https://git.kernel.org/stable/c/352715593e81b917ce1b321e794549815b850134 https://git.kernel.org/stable/c/a5389c80992f0001ee505838fe6a8b20897ce96e https://git.kernel.org/stable/c/cebb0aceb21ad91429617a40e3a17444fabf1529 https://git.kernel.org/stable/c/c10a0f877fe007021d70f9cada240f42adc2b5db •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48730 – dma-buf: heaps: Fix potential spectre v1 gadget
https://notcve.org/view.php?id=CVE-2022-48730
In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec. [sumits: added fixes and cc: stable tags] • https://git.kernel.org/stable/c/c02a81fba74fe3488ad6b08bfb5a1329005418f8 https://git.kernel.org/stable/c/5d40f1bdad3dd1a177f21a90ad4353c1ed40ba3a https://git.kernel.org/stable/c/24f8e12d965b24f8aea762589e0e9fe2025c005e https://git.kernel.org/stable/c/cc8f7940d9c2d45f67b3d1a2f2b7a829ca561bed https://git.kernel.org/stable/c/92c4cfaee6872038563c5b6f2e8e613f9d84d47d •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48724 – iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
https://notcve.org/view.php?id=CVE-2022-48724
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() After commit e3beca48a45b ("irqdomain/treewide: Keep firmware node unconditionally allocated"). For tear down scenario, fn is only freed after fail to allocate ir_domain, though it also should be freed in case dmar_enable_qi returns error. Besides free fn, irq_domain and ir_msi_domain need to be removed as well if intel_setup_irq_remapping fails to enable queued invalidation. Improve the rewinding path by add out_free_ir_domain and out_free_fwnode lables per Baolu's suggestion. • https://git.kernel.org/stable/c/03992c88d71ba79d956f2ed54e370e630b8750f4 https://git.kernel.org/stable/c/c0c489e5430530a7021f4c889cd5931597e4b200 https://git.kernel.org/stable/c/36f7355545725c5e9400520ae33e6ee16cf78c0e https://git.kernel.org/stable/c/e3beca48a45b5e0e6e6a4e0124276b8248dcc9bb https://git.kernel.org/stable/c/b4198ecddb87cd955aa9e024dd656af5ceaf6196 https://git.kernel.org/stable/c/a0c685ba99961b1dd894b2e470e692a539770f6d https://git.kernel.org/stable/c/a31cb1f0fb6caf46ffe88c41252b6b7a4ee062d9 https://git.kernel.org/stable/c/5c43d46daa0d2928234dd2792ebebc35d •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48723 – spi: uniphier: fix reference count leak in uniphier_spi_probe()
https://notcve.org/view.php?id=CVE-2022-48723
In the Linux kernel, the following vulnerability has been resolved: spi: uniphier: fix reference count leak in uniphier_spi_probe() The issue happens in several error paths in uniphier_spi_probe(). When either dma_get_slave_caps() or devm_spi_register_master() returns an error code, the function forgets to decrease the refcount of both `dma_rx` and `dma_tx` objects, which may lead to refcount leaks. Fix it by decrementing the reference count of specific objects in those error paths. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: spi: uniphier: corrige la fuga del recuento de referencias en uniphier_spi_probe() El problema ocurre en varias rutas de error en uniphier_spi_probe(). Cuando dma_get_slave_caps() o devm_spi_register_master() devuelven un código de error, la función se olvida de disminuir el recuento de los objetos `dma_rx` y `dma_tx`, lo que puede provocar fugas de recuento. Corríjalo disminuyendo el recuento de referencias de objetos específicos en esas rutas de error. • https://git.kernel.org/stable/c/28d1dddc59f6b7fc085093e7c1e978b33f0caf4c https://git.kernel.org/stable/c/e895e067d73e154b1ebc84a124e00831e311d9b0 https://git.kernel.org/stable/c/dd00b4f8f768d81c3788a8ac88fdb3d745e55ea3 https://git.kernel.org/stable/c/447c3d4046d7b54052d07d8b27e15e6edea5662c https://git.kernel.org/stable/c/37c2c83ca4f1ef4b6908181ac98e18360af89b42 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48722 – net: ieee802154: ca8210: Stop leaking skb's
https://notcve.org/view.php?id=CVE-2022-48722
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. We then leak the skb structure. Free the skb structure upon error before returning. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: ieee802154: ca8210: Detener la fuga de skb. En caso de error, no se llama al asistente ieee802154_xmit_complete(). • https://git.kernel.org/stable/c/ded845a781a578dfb0b5b2c138e5a067aa3b1242 https://git.kernel.org/stable/c/a1c277b0ed2a13e7de923b5f03bc23586eceb851 https://git.kernel.org/stable/c/d6a44feb2f28d71a7e725f72d09c97c81561cd9a https://git.kernel.org/stable/c/6f38d3a6ec11c2733b1c641a46a2a2ecec57be08 https://git.kernel.org/stable/c/78b3f20c17cbcb7645bfa63f2ca0e11b53c09d56 https://git.kernel.org/stable/c/94cd597e20ed4acedb8f15f029d92998b011cb1a https://git.kernel.org/stable/c/21feb6df3967541931242c427fe0958276af81cc https://git.kernel.org/stable/c/621b24b09eb61c63f262da0c9c5f0e933 •