CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49896 – cxl/pmem: Fix cxl_pmem_region and cxl_memdev leak
https://notcve.org/view.php?id=CVE-2022-49896
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix cxl_pmem_region and cxl_memdev leak When a cxl_nvdimm object goes through a ->remove() event (device physically removed, nvdimm-bridge disabled, or nvdimm device disabled), then any associated regions must also be disabled. As highlighted by the cxl-create-region.sh test [1], a single device may host multiple regions, but the driver was only tracking one region at a time. This leads to a situation where only the last enabled r... • https://git.kernel.org/stable/c/04ad63f086d1a9649b8b082748cbc7a570ade461 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49895 – cxl/region: Fix decoder allocation crash
https://notcve.org/view.php?id=CVE-2022-49895
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix decoder allocation crash When an intermediate port's decoders have been exhausted by existing regions, and creating a new region with the port in question in it's hierarchical path is attempted, cxl_port_attach_region() fails to find a port decoder (as would be expected), and drops into the failure / cleanup path. However, during cleanup of the region reference, a sanity check attempts to dereference the decoder, which in th... • https://git.kernel.org/stable/c/384e624bb211b406db40edc900bb51af8bb267d0 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49894 – cxl/region: Fix region HPA ordering validation
https://notcve.org/view.php?id=CVE-2022-49894
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix region HPA ordering validation Some regions may not have any address space allocated. Skip them when validating HPA order otherwise a crash like the following may result: devm_cxl_add_region: cxl_acpi cxl_acpi.0: decoder3.4: created region9 BUG: kernel NULL pointer dereference, address: 0000000000000000 [..] RIP: 0010:store_targetN+0x655/0x1740 [cxl_core] [..] Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49893 – cxl/region: Fix cxl_region leak, cleanup targets at region delete
https://notcve.org/view.php?id=CVE-2022-49893
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix cxl_region leak, cleanup targets at region delete When a region is deleted any targets that have been previously assigned to that region hold references to it. Trigger those references to drop by detaching all targets at unregister_region() time. Otherwise that region object will leak as userspace has lost the ability to detach targets once region sysfs is torn down. In the Linux kernel, the following vulnerability has been ... • https://git.kernel.org/stable/c/b9686e8c8e39d4072081ef078c04915ee51c8af4 •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49892 – ftrace: Fix use-after-free for dynamic ftrace_ops
https://notcve.org/view.php?id=CVE-2022-49892
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix use-after-free for dynamic ftrace_ops KASAN reported a use-after-free with ftrace ops [1]. It was found from vmcore that perf had registered two ops with the same content successively, both dynamic. After unregistering the second ops, a use-after-free occurred. In ftrace_shutdown(), when the second ops is unregistered, the FTRACE_UPDATE_CALLS command is not set because there is another enabled ops with the same content. Also, bo... • https://git.kernel.org/stable/c/edb096e00724f02db5f6ec7900f3bbd465c6c76f •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49891 – tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()
https://notcve.org/view.php?id=CVE-2022-49891
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() test_gen_kprobe_cmd() only free buf in fail path, hence buf will leak when there is no failure. Move kfree(buf) from fail path to common path to prevent the memleak. The same reason and solution in test_gen_kretprobe_cmd(). unreferenced object 0xffff888143b14000 (size 2048): comm "insmod", pid 52490, jiffies 4301890980 (age 40.553s) hex dump (first 32 bytes): 70 3a 6b 70 72... • https://git.kernel.org/stable/c/64836248dda20c8e7427b493f7e06d9bf8f58850 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49890 – capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
https://notcve.org/view.php?id=CVE-2022-49890
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: capabilities: fix potential memleak on error path from vfs_getxattr_alloc() In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to complete the memory allocation of tmpbuf, if we have completed the memory allocation of tmpbuf, but failed to call handler->get(...), there will be a memleak in below logic: |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...) | /* ^^^ alloc for tmpbuf */ |-- value = krealloc(*xattr_value, error + 1, flag... • https://git.kernel.org/stable/c/8db6c34f1dbc8e06aa016a9b829b06902c3e1340 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49889 – ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()
https://notcve.org/view.php?id=CVE-2022-49889
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() On some machines the number of listed CPUs may be bigger than the actual CPUs that exist. The tracing subsystem allocates a per_cpu directory with access to the per CPU ring buffer via a cpuX file. But to save space, the ring buffer will only allocate buffers for online CPUs, even though the CPU array will be as big as the nr_cpu_ids. With the addition of waking waiters on... • https://git.kernel.org/stable/c/2475de2bc0de17fb1b24c5e90194f84b5ca70d3e •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49888 – arm64: entry: avoid kprobe recursion
https://notcve.org/view.php?id=CVE-2022-49888
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe recursion The cortex_a76_erratum_1463225_debug_handler() function is called when handling debug exceptions (and synchronous exceptions from BRK instructions), and so is called when a probed function executes. If the compiler does not inline cortex_a76_erratum_1463225_debug_handler(), it can be probed. If cortex_a76_erratum_1463225_debug_handler() is probed, any debug exception or software breakpoint exception will... • https://git.kernel.org/stable/c/6459b8469753e9feaa8b34691d097cffad905931 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49887 – media: meson: vdec: fix possible refcount leak in vdec_probe()
https://notcve.org/view.php?id=CVE-2022-49887
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got by v4l2_device_register when vdec_probe fails or vdec_remove is called. In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got by v4l2_device_register when vdec_probe fails or... • https://git.kernel.org/stable/c/70119756311a0be3b95bec2e1ba714673e90feba •