CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48821 – misc: fastrpc: avoid double fput() on failed usercopy
https://notcve.org/view.php?id=CVE-2022-48821
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: avoid double fput() on failed usercopy If the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF ioctl(), we shouldn't assume that 'buf->dmabuf' is still valid. In fact, dma_buf_fd() called fd_install() before, i.e. "consumed" one reference, leaving us with none. Calling dma_buf_put() will therefore put a reference we no longer own, leading to a valid file descritor table entry for an already released 'file' obj... • https://git.kernel.org/stable/c/6cffd79504ce040f460831030d3069fa1c99bb71 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48820 – phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable()
https://notcve.org/view.php?id=CVE-2022-48820
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() This error path needs to decrement "usbphyc->n_pll_cons.counter" before returning. In the Linux kernel, the following vulnerability has been resolved: phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() This error path needs to decrement "usbphyc->n_pll_cons.counter" before returning. • https://git.kernel.org/stable/c/5b1af71280abd82efbe28cd28d553363dfde0a34 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48819 – tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case
https://notcve.org/view.php?id=CVE-2022-48819
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case syzbot found that mixing sendpage() and sendmsg(MSG_ZEROCOPY) calls over the same TCP socket would again trigger the infamous warning in inet_sock_destruct() WARN_ON(sk_forward_alloc_get(sk)); While Talal took into account a mix of regular copied data and MSG_ZEROCOPY one in the same skb, the sendpage() path has been forgotten. We want the charging to happen for sendpage(), because... • https://git.kernel.org/stable/c/9b65b17db72313b7a4fe9bc9502928c88be57986 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48818 – net: dsa: mv88e6xxx: don't use devres for mdiobus
https://notcve.org/view.php?id=CVE-2022-48818
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The mv88e6xxx is an MDIO device, so the initial set of con... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48817 – net: dsa: ar9331: register the mdiobus under devres
https://notcve.org/view.php?id=CVE-2022-48817
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: ar9331: register the mdiobus under devres As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The ar9331 is an MDIO device, so the initial set of cons... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48816 – SUNRPC: lock against ->sock changing during sysfs read
https://notcve.org/view.php?id=CVE-2022-48816
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: lock against ->sock changing during sysfs read ->sock can be set to NULL asynchronously unless ->recv_mutex is held. So it is important to hold that mutex. Otherwise a sysfs read can trigger an oops. Commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before handling sysfs reads") appears to attempt to fix this problem, but it only narrows the race window. In the Linux kernel, the following vulnerability has been resolved: ... • https://git.kernel.org/stable/c/a8482488a7d6d320f63a9ee1912dbb5ae5b80a61 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48815 – net: dsa: bcm_sf2: don't use devres for mdiobus
https://notcve.org/view.php?id=CVE-2022-48815
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The Starfighter 2 is a platform device, so the initial set o... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48814 – net: dsa: seville: register the mdiobus under devres
https://notcve.org/view.php?id=CVE-2022-48814
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: seville: register the mdiobus under devres As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The Seville VSC9959 switch is a platform device, so the... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48813 – net: dsa: felix: don't use devres for mdiobus
https://notcve.org/view.php?id=CVE-2022-48813
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The Felix VSC9959 switch is a PCI device, so the initial set o... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48812 – net: dsa: lantiq_gswip: don't use devres for mdiobus
https://notcve.org/view.php?id=CVE-2022-48812
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The GSWIP switch is a platform device, so the initial s... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •