CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49304 – drivers: tty: serial: Fix deadlock in sa1100_set_termios()
https://notcve.org/view.php?id=CVE-2022-49304
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: tty: serial: Fix deadlock in sa1100_set_termios() There is a deadlock in sa1100_set_termios(), which is shown below: (Thread 1) | (Thread 2) | sa1100_enable_ms() sa1100_set_termios() | mod_timer() spin_lock_irqsave() //(1) | (wait a time) ... | sa1100_timeout() del_timer_sync() | spin_lock_irqsave() //(2) (wait timer to stop) | ... We hold sport->port.lock in position (1) of thread 1 and use del_timer_sync() to wait timer to stop, ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49302 – USB: host: isp116x: check return value after calling platform_get_resource()
https://notcve.org/view.php?id=CVE-2022-49302
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: host: isp116x: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed. • https://git.kernel.org/stable/c/4808a1c0261176f9c7e28e7f108d41a381a7d0fc • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49301 – staging: rtl8712: fix uninit-value in usb_read8() and friends
https://notcve.org/view.php?id=CVE-2022-49301
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usb_read8() and friends When r8712_usbctrl_vendorreq() returns negative, 'data' in usb_read{8,16,32} will not be initialized. BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline] BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725 string_nocheck lib/vsprintf.c:643 [inline] string+0x4ec/0x6f0 lib/vsprintf.c:725 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806 va_format lib/vspr... • https://git.kernel.org/stable/c/2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49298 – staging: rtl8712: fix uninit-value in r871xu_drv_init()
https://notcve.org/view.php?id=CVE-2022-49298
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in r871xu_drv_init() When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0, 'mac[6]' will not be initialized. BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541 r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396 really_probe+0x653/0x14b0 drivers/base/dd.c:596 __driver_pr... • https://git.kernel.org/stable/c/2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49296 – ceph: fix possible deadlock when holding Fwb to get inline_data
https://notcve.org/view.php?id=CVE-2022-49296
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inline_data 1, mount with wsync. 2, create a file with O_RDWR, and the request was sent to mds.0: ceph_atomic_open()--> ceph_mdsc_do_request(openc) finish_open(file, dentry, ceph_open)--> ceph_open()--> ceph_init_file()--> ceph_init_file_info()--> ceph_uninline_data()--> { ... if (inline_version == 1 || /* initial version, no data */ inline_version == CEPH_INLINE_NONE) goto out_unlock; ...... • https://git.kernel.org/stable/c/9030aaf9bf0a1eee47a154c316c789e959638b0f • CWE-667: Improper Locking •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49293 – netfilter: nf_tables: initialize registers in nft_do_chain()
https://notcve.org/view.php?id=CVE-2022-49293
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: initialize registers in nft_do_chain() Initialize registers to avoid stack leak into userspace. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed. • https://git.kernel.org/stable/c/96518518cc417bb0a8c80b9fb736202e28acdf96 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49292 – ALSA: oss: Fix PCM OSS buffer allocation overflow
https://notcve.org/view.php?id=CVE-2022-49292
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INT_MAX overflow at vmalloc() allocation that is called from snd_pcm_plug_alloc(). Although we apply the restrictions to input parameters, it's based only on the hw_params of the underlying PCM device. Since the PCM OSS layer allocates a temporary buffer for the data conversion, the size may become unexpectedly large when more channels or higher rates is give... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49291 – ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
https://notcve.org/view.php?id=CVE-2022-49291
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against the concurrent calls of PCM hw_params and hw_free ioctls, which may result in a UAF. Since the existing PCM stream lock can't be used for protecting the whole ioctl operations, we need a new mutex to protect those racy calls. This patch introduced a new mutex, runtime->buffer_mutex, and applies it to both hw_params... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-49290 – mac80211: fix potential double free on mesh join
https://notcve.org/view.php?id=CVE-2022-49290
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mac80211: fix potential double free on mesh join While commit 6a01afcf8468 ("mac80211: mesh: Free ie data when leaving mesh") fixed a memory leak on mesh leave / teardown it introduced a potential memory corruption caused by a double free when rejoining the mesh: ieee80211_leave_mesh() -> kfree(sdata->u.mesh.ie); ... ieee80211_join_mesh() -> copy_mesh_setup() -> old_ie = ifmsh->ie; -> kfree(old_ie); This double free / kernel panics can be r... • https://git.kernel.org/stable/c/3212d6248faf0efce6b7a718e198feecce0eea05 • CWE-415: Double Free •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49289 – uaccess: fix integer overflow on access_ok()
https://notcve.org/view.php?id=CVE-2022-49289
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on access_ok() Three architectures check the end of a user access against the address limit without taking a possible overflow into account. Passing a negative length or another overflow in here returns success when it should not. Use the most common correct implementation here, which optimizes for a constant 'size' argument, and turns the common case into a single comparison. • https://git.kernel.org/stable/c/7567746e1c0d66ac0ef8a9d8816ca694462c7370 •