CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48882 – net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)
https://notcve.org/view.php?id=CVE-2022-48882
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) Upon updating MAC security entity (SecY) in hw offload path, the macsec security association (SA) initialization routine is called. In case of extended packet number (epn) is enabled the salt and ssci attributes are retrieved using the MACsec driver rx_sa context which is unavailable when updating a SecY property such as encoding-sa hence the null deref... • https://git.kernel.org/stable/c/4411a6c0abd3e55b4a4fb9432b3a0553f12337c2 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48881 – platform/x86/amd: Fix refcount leak in amd_pmc_probe
https://notcve.org/view.php?id=CVE-2022-48881
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix refcount leak in amd_pmc_probe pci_get_domain_bus_and_slot() takes reference, the caller should release the reference by calling pci_dev_put() after use. Call pci_dev_put() in the error path to fix this. In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix refcount leak in amd_pmc_probe pci_get_domain_bus_and_slot() takes reference, the caller should release the reference by calling... • https://git.kernel.org/stable/c/3d7d407dfb05b257e15cb0c6b056428a4a8c2e5d •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48880 – platform/surface: aggregator: Add missing call to ssam_request_sync_free()
https://notcve.org/view.php?id=CVE-2022-48880
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add missing call to ssam_request_sync_free() Although rare, ssam_request_sync_init() can fail. In that case, the request should be freed via ssam_request_sync_free(). Currently it is leaked instead. Fix this. In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add missing call to ssam_request_sync_free() Although rare, ssam_request_sync_init() can fail. • https://git.kernel.org/stable/c/c167b9c7e3d6131b4a4865c112a3dbc86d2e997d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48879 – efi: fix NULL-deref in init error path
https://notcve.org/view.php?id=CVE-2022-48879
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in the unlikely event that EFI initialisation fails to avoid dereferencing a NULL pointer. In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runt... • https://git.kernel.org/stable/c/2ff3c97b47521d6700cc6485c7935908dcd2c27c •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48878 – Bluetooth: hci_qca: Fix driver shutdown on closed serdev
https://notcve.org/view.php?id=CVE-2022-48878
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Fix driver shutdown on closed serdev The driver shutdown callback (which sends EDL_SOC_RESET to the device over serdev) should not be invoked when HCI device is not open (e.g. if hci_dev_open_sync() failed), because the serdev and its TTY are not open either. Also skip this step if device is powered off (qca_power_shutdown()). The shutdown callback causes use-after-free during system reboot with Qualcomm Atheros Bluetoot... • https://git.kernel.org/stable/c/7e7bbddd029b644f00f0ffbfbc485ed71977d0d5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48877 – f2fs: let's avoid panic if extent_tree is not created
https://notcve.org/view.php?id=CVE-2022-48877
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extent_tree is not created This patch avoids the below panic. pc : __lookup_extent_tree+0xd8/0x760 lr : f2fs_do_write_data_page+0x104/0x87c sp : ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27: ffffff8803e7f020 x26: ffffff8803e7ed40 x25: ffffff8803e7f020 x24: ffffffc010cbb460 x23: ffffffc010cbb480 x22: 0000000000000000 x21: 0000000000000000 x20: ffffffff22e90900 x19: 0000000000000000 x18: ffffffc0... • https://git.kernel.org/stable/c/dd83a9763e29ed7a21c8a43f7a62cd0a6bf74692 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48876 – wifi: mac80211: fix initialization of rx->link and rx->link_sta
https://notcve.org/view.php?id=CVE-2022-48876
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix initialization of rx->link and rx->link_sta There are some codepaths that do not initialize rx->link_sta properly. This causes a crash in places which assume that rx->link_sta is valid if rx->sta is valid. One known instance is triggered by __ieee80211_rx_h_amsdu being called from fast-rx. It results in a crash like this one: BUG: kernel NULL pointer dereference, address: 00000000000000a8 #PF: supervisor write access in ... • https://git.kernel.org/stable/c/b320d6c456ff2aa43491654407d448bcfa58ac9f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48875 – wifi: mac80211: sdata can be NULL during AMPDU start
https://notcve.org/view.php?id=CVE-2022-48875
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthentication is ongoing. Here a trace triggering the race with the hostapd test multi_ap_fronthaul_on_ap: (gdb) list *drv_ampdu_action+0x46 0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396). 391 int ret = -EOPNOTSUPP; 392 393 might_sleep(); 394 395 sdata = get_bss_sdata(sdata); 396 if (!check_sdata_in_dri... • https://git.kernel.org/stable/c/187523fa7c2d4c780f775cb869216865c4a909ef •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48874 – misc: fastrpc: Fix use-after-free and race in fastrpc_map_find
https://notcve.org/view.php?id=CVE-2022-48874
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free and race in fastrpc_map_find Currently, there is a race window between the point when the mutex is unlocked in fastrpc_map_lookup and the reference count increasing (fastrpc_map_get) in fastrpc_map_find, which can also lead to use-after-free. So lets merge fastrpc_map_find into fastrpc_map_lookup which allows us to both protect the maps list by also taking the &fl->lock spinlock and the reference count, sin... • https://git.kernel.org/stable/c/8f6c1d8c4f0cc316b0456788fff8373554d1d99d •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48873 – misc: fastrpc: Don't remove map on creater_process and device_release
https://notcve.org/view.php?id=CVE-2022-48873
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on creater_process and device_release Do not remove the map from the list on error path in fastrpc_init_create_process, instead call fastrpc_map_put, to avoid use-after-free. Do not remove it on fastrpc_device_release either, call fastrpc_map_put instead. The fastrpc_free_map is the only proper place to remove the map. This is called only after the reference count is 0. In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/b49f6d83e290f17e20f4e5cf31288d3bb4955ea6 •