CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49909 – Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
https://notcve.org/view.php?id=CVE-2022-49909
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() When l2cap_recv_frame() is invoked to receive data, and the cid is L2CAP_CID_A2MP, if the channel does not exist, it will create a channel. However, after a channel is created, the hold operation of the channel is not performed. In this case, the value of channel reference counting is 1. As a result, after hci_error_reset() is triggered, l2cap_conn_del() invokes the close hook functio... • https://git.kernel.org/stable/c/d255c861e268ba342e855244639a15f12d7a0bf2 •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49908 – Bluetooth: L2CAP: Fix memory leak in vhci_write
https://notcve.org/view.php?id=CVE-2022-49908
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhci_write Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffff88810d81ac00 (size 240): [...] hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49907 – net: mdio: fix undefined behavior in bit shift for __mdiobus_register
https://notcve.org/view.php?id=CVE-2022-49907
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined behavior in bit shift for __mdiobus_register Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in drivers/net/phy/mdio_bus.c:586:27 left shift of 1 by 31 places cannot be represented in type 'int' Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49906 – ibmvnic: Free rwi on reset success
https://notcve.org/view.php?id=CVE-2022-49906
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Free rwi on reset success Free the rwi structure in the event that the last rwi in the list processed successfully. The logic in commit 4f408e1fa6e1 ("ibmvnic: retry reset if there are no other resets") introduces an issue that results in a 32 byte memory leak whenever the last rwi in the list gets processed. In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Free rwi on reset success Free the rwi structur... • https://git.kernel.org/stable/c/4f408e1fa6e10b6da72691233369172bac7d9e9b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49905 – net/smc: Fix possible leaked pernet namespace in smc_init()
https://notcve.org/view.php?id=CVE-2022-49905
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked pernet namespace in smc_init() In smc_init(), register_pernet_subsys(&smc_net_stat_ops) is called without any error handling. If it fails, registering of &smc_net_ops won't be reverted. And if smc_nl_init() fails, &smc_net_stat_ops itself won't be reverted. This leaves wild ops in subsystem linkedlist and when another module tries to call register_pernet_operations() it triggers page fault: BUG: unable to handle... • https://git.kernel.org/stable/c/194730a9beb52d2b030ea45e12d94868d4a0e6fd •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49904 – net, neigh: Fix null-ptr-deref in neigh_table_clear()
https://notcve.org/view.php?id=CVE-2022-49904
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net, neigh: Fix null-ptr-deref in neigh_table_clear() When IPv6 module gets initialized but hits an error in the middle, kenel panic with: KASAN: null-ptr-deref in range [0x0000000000000598-0x000000000000059f] CPU: 1 PID: 361 Comm: insmod Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:__neigh_ifdown.isra.0+0x24b/0x370 RSP: 0018:ffff888012677908 EFLAGS: 00000202 ... Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49903 – ipv6: fix WARNING in ip6_route_net_exit_late()
https://notcve.org/view.php?id=CVE-2022-49903
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6_route_net_exit_late() During the initialization of ip6_route_net_init_late(), if file ipv6_route or rt6_stats fails to be created, the initialization is successful by default. Therefore, the ipv6_route or rt6_stats file doesn't be found during the remove in ip6_route_net_exit_late(). It will cause WRNING. The following is the stack information: name 'rt6_stats' WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:712 remove_... • https://git.kernel.org/stable/c/cdb1876192dbe680b3ac955717fdf7f863c1762d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49902 – block: Fix possible memory leak for rq_wb on add_disk failure
https://notcve.org/view.php?id=CVE-2022-49902
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: block: Fix possible memory leak for rq_wb on add_disk failure kmemleak reported memory leaks in device_add_disk(): kmemleak: 3 new suspected memory leaks unreferenced object 0xffff88800f420800 (size 512): comm "modprobe", pid 4275, jiffies 4295639067 (age 223.512s) hex dump (first 32 bytes): 04 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 ................ 00 e1 f5 05 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000... • https://git.kernel.org/stable/c/83cbce9574462c6b4eed6797bdaf18fae6859ab3 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49901 – blk-mq: Fix kmemleak in blk_mq_init_allocated_queue
https://notcve.org/view.php?id=CVE-2022-49901
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fix kmemleak in blk_mq_init_allocated_queue There is a kmemleak caused by modprobe null_blk.ko unreferenced object 0xffff8881acb1f000 (size 1024): comm "modprobe", pid 836, jiffies 4294971190 (age 27.068s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S...... backtrace: [<000000004a10c249>] kmalloc_node_trace+0x22/0x60 [<0000000064... • https://git.kernel.org/stable/c/2f8f1336a48bd5186de3476da0a3e2ec06d0533a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49900 – i2c: piix4: Fix adapter not be removed in piix4_remove()
https://notcve.org/view.php?id=CVE-2022-49900
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix adapter not be removed in piix4_remove() In piix4_probe(), the piix4 adapter will be registered in: piix4_probe() piix4_add_adapters_sb800() / piix4_add_adapter() i2c_add_adapter() Based on the probed device type, piix4_add_adapters_sb800() or single piix4_add_adapter() will be called. For the former case, piix4_adapter_count is set as the number of adapters, while for antoher case it is not set and kept default *zero*. When... • https://git.kernel.org/stable/c/528d53a1592b0e27c423f7cafc1df85f77fc1163 •