CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49842 – ASoC: core: Fix use-after-free in snd_soc_exit()
https://notcve.org/view.php?id=CVE-2022-49842
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 Comm: rmmod Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49841 – serial: imx: Add missing .thaw_noirq hook
https://notcve.org/view.php?id=CVE-2022-49841
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance when system hibernates. [ 37.371969] ------------[ cut here ]------------ [ 37.376599] uart3_root_clk already disabled [ 37.380810] WARNING: CPU: 0 PID: 296 at drivers/clk/clk.c:952 clk_core_disable+0xa4/0xb0 ... [ 37.506986] Call trace: [ 37.509432] clk_core_disable+0xa4/0xb0 [ 37.513270] clk_disable+0x34/0x50 [ 37.516672] imx_uart_thaw+0... • https://git.kernel.org/stable/c/09df0b3464e528c6a4ca2c48d9ff6d2fd7cbd775 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49840 – bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
https://notcve.org/view.php?id=CVE-2022-49840
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() We got a syzkaller problem because of aarch64 alignment fault if KFENCE enabled. When the size from user bpf program is an odd number, like 399, 407, etc, it will cause the struct skb_shared_info's unaligned access. As seen below: BUG: KFENCE: use-after-free read in __skb_clone+0x23c/0x2a0 net/core/skbuff.c:1032 Use-after-free read at 0xffff6254fffac077 (in kfence-#213): __lse_... • https://git.kernel.org/stable/c/1cf1cae963c2e6032aebe1637e995bc2f5d330f4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49839 – scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
https://notcve.org/view.php?id=CVE-2022-49839
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_remove_host(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)... • https://git.kernel.org/stable/c/c7ebbbce366c02e5657ac6b6059933fe0353b175 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49838 – sctp: clear out_curr if all frag chunks of current msg are pruned
https://notcve.org/view.php?id=CVE-2022-49838
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: clear out_curr if all frag chunks of current msg are pruned A crash was reported by Zhen Chen: list_del corruption, ffffa035ddf01c18->next is NULL WARNING: CPU: 1 PID: 250682 at lib/list_debug.c:49 __list_del_entry_valid+0x59/0xe0 RIP: 0010:__list_del_entry_valid+0x59/0xe0 Call Trace: sctp_sched_dequeue_common+0x17/0x70 [sctp] sctp_sched_fcfs_dequeue+0x37/0x50 [sctp] sctp_outq_flush_data+0x85/0x360 [sctp] sctp_outq_uncork+0x77/0xa0 [s... • https://git.kernel.org/stable/c/5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49837 – bpf: Fix memory leaks in __check_func_call
https://notcve.org/view.php?id=CVE-2022-49837
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in __check_func_call kmemleak reports this issue: unreferenced object 0xffff88817139d000 (size 2048): comm "test_progs", pid 33246, jiffies 4307381979 (age 45851.820s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000045f075f0>] kmalloc_trace+0x27/0xa0 [<0000000098b7c90a>] __check_func_call+0x... • https://git.kernel.org/stable/c/fd978bf7fd312581a7ca454a991f0ffb34c4204b •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49836 – siox: fix possible memory leak in siox_device_add()
https://notcve.org/view.php?id=CVE-2022-49836
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in siox_device_add() If device_register() returns error in siox_device_add(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(), and sdevice is freed in siox_device_release(), set it to null in error path. In the Linu... • https://git.kernel.org/stable/c/bbecb07fa0af9a41507ce06d4631fdb3b5059417 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49835 – ALSA: hda: fix potential memleak in 'add_widget_node'
https://notcve.org/view.php?id=CVE-2022-49835
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call 'kobject_put' to recycling resources. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return err... • https://git.kernel.org/stable/c/b688a3ec235222d9a84e43a48a6f31acb95baf2d •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49834 – nilfs2: fix use-after-free bug of ns_writer on remount
https://notcve.org/view.php?id=CVE-2022-49834
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if emergency read-only remount is performed, detaching a log writer and synchronizing the filesystem can be done at the same time. In these cases, use-after-free of the log writer (hereinafter nilfs->ns_writer) can happen as shown in the scenario below: Task1 Task2 ------... • https://git.kernel.org/stable/c/b2fbf10040216ef5ee270773755fc2f5da65b749 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49833 – btrfs: zoned: clone zoned device info when cloning a device
https://notcve.org/view.php?id=CVE-2022-49833
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: clone zoned device info when cloning a device When cloning a btrfs_device, we're not cloning the associated btrfs_zoned_device_info structure of the device in case of a zoned filesystem. Later on this leads to a NULL pointer dereference when accessing the device's zone_info for instance when setting a zone as active. This was uncovered by fstests' testcase btrfs/161. In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/ad88cabcec942c033f980cd1e28d56ecdaf5f3b8 •