CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49301 – staging: rtl8712: fix uninit-value in usb_read8() and friends
https://notcve.org/view.php?id=CVE-2022-49301
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usb_read8() and friends When r8712_usbctrl_vendorreq() returns negative, 'data' in usb_read{8,16,32} will not be initialized. BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline] BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725 string_nocheck lib/vsprintf.c:643 [inline] string+0x4ec/0x6f0 lib/vsprintf.c:725 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806 va_format lib/vspr... • https://git.kernel.org/stable/c/58762f1c63c75cbe1dc393eed3c9cf8e38310ca1 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49300 – nbd: fix race between nbd_alloc_config() and module removal
https://notcve.org/view.php?id=CVE-2022-49300
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbd_alloc_config() and module removal When nbd module is being removing, nbd_alloc_config() may be called concurrently by nbd_genl_connect(), although try_module_get() will return false, but nbd_alloc_config() doesn't handle it. The race may lead to the leak of nbd_config and its related resources (e.g, recv_workq) and oops in nbd_read_stat() due to the unload of nbd module as shown below: BUG: kernel NULL pointer dere... • https://git.kernel.org/stable/c/165cf2e0019fa6cedc75b456490c41494c34abb4 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49299 – usb: dwc2: gadget: don't reset gadget's driver->bus
https://notcve.org/view.php?id=CVE-2022-49299
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: don't reset gadget's driver->bus UDC driver should not touch gadget's driver internals, especially it should not reset driver->bus. This wasn't harmful so far, but since commit fc274c1e9973 ("USB: gadget: Add a new bus for gadgets") gadget subsystem got it's own bus and messing with ->bus triggers the following NULL pointer dereference: dwc2 12480000.hsotg: bound driver g_ether 8<--- cut here --- Unable to handle kernel N... • https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2021-47659 – drm/plane: Move range check for format_count earlier
https://notcve.org/view.php?id=CVE-2021-47659
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for format_count earlier While the check for format_count > 64 in __drm_universal_plane_init() shouldn't be hit (it's a WARN_ON), in its current position it will then leak the plane->format_types array and fail to call drm_mode_object_unregister() leaking the modeset identifier. Move it to the start of the function to avoid allocating those resources in the first place. • https://git.kernel.org/stable/c/4ab7e453a3ee88c274cf97bee9487ab92a66d313 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49298 – staging: rtl8712: fix uninit-value in r871xu_drv_init()
https://notcve.org/view.php?id=CVE-2022-49298
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in r871xu_drv_init() When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0, 'mac[6]' will not be initialized. BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541 r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396 really_probe+0x653/0x14b0 drivers/base/dd.c:596 __driver_pr... • https://git.kernel.org/stable/c/0b7371a22489cbb2e8e826ca03fb5ce92afb04fe •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49297 – nbd: fix io hung while disconnecting device
https://notcve.org/view.php?id=CVE-2022-49297
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for more than 368 seconds. Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca #884 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:qemu-nbd state:D stack: 0 pid:11445 ppid: 1 flags:0x00000000 Call Trace:
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49295 – nbd: call genl_unregister_family() first in nbd_cleanup()
https://notcve.org/view.php?id=CVE-2022-49295
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: call genl_unregister_family() first in nbd_cleanup() Otherwise there may be race between module removal and the handling of netlink command, which can lead to the oops as shown below: BUG: kernel NULL pointer dereference, address: 0000000000000098 Oops: 0002 [#1] SMP PTI CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:down_write+0x1a/0x50 Call Trace: start_creat... • https://git.kernel.org/stable/c/8a1435c862ea09b06be7acda325128dc08458e25 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49294 – drm/amd/display: Check if modulo is 0 before dividing.
https://notcve.org/view.php?id=CVE-2022-49294
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check if modulo is 0 before dividing. [How & Why] If a value of 0 is read, then this will cause a divide-by-0 panic. • https://git.kernel.org/stable/c/10ef82d6e0af5536ec64770c07f6bbabfdd6977c •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49292 – ALSA: oss: Fix PCM OSS buffer allocation overflow
https://notcve.org/view.php?id=CVE-2022-49292
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INT_MAX overflow at vmalloc() allocation that is called from snd_pcm_plug_alloc(). Although we apply the restrictions to input parameters, it's based only on the hw_params of the underlying PCM device. Since the PCM OSS layer allocates a temporary buffer for the data conversion, the size may become unexpectedly large when more channels or higher rates is give... • https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49291 – ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
https://notcve.org/view.php?id=CVE-2022-49291
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against the concurrent calls of PCM hw_params and hw_free ioctls, which may result in a UAF. Since the existing PCM stream lock can't be used for protecting the whole ioctl operations, we need a new mutex to protect those racy calls. This patch introduced a new mutex, runtime->buffer_mutex, and applies it to both hw_params... • https://git.kernel.org/stable/c/a42aa926843acca96c0dfbde2e835b8137f2f092 •