CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48875 – wifi: mac80211: sdata can be NULL during AMPDU start
https://notcve.org/view.php?id=CVE-2022-48875
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthentication is ongoing. ... kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthentication ... • https://git.kernel.org/stable/c/187523fa7c2d4c780f775cb869216865c4a909ef •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48874 – misc: fastrpc: Fix use-after-free and race in fastrpc_map_find
https://notcve.org/view.php?id=CVE-2022-48874
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free and race in fastrpc_map_find Currently, there is a race window between the point when the mutex is unlocked in fastrpc_map_lookup and the reference count increasing (fastrpc_map_get) in fastrpc_map_find, which can also lead to use-after-free. In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free and race in fastrpc_map_find Currently, there is a ... • https://git.kernel.org/stable/c/8f6c1d8c4f0cc316b0456788fff8373554d1d99d •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48873 – misc: fastrpc: Don't remove map on creater_process and device_release
https://notcve.org/view.php?id=CVE-2022-48873
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on creater_process and device_release Do not remove the map from the list on error path in fastrpc_init_create_process, instead call fastrpc_map_put, to avoid use-after-free. In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on creater_process and device_release Do not remove the map from the list on error path in fastrpc_init_create_process, ins... • https://git.kernel.org/stable/c/b49f6d83e290f17e20f4e5cf31288d3bb4955ea6 •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48872 – misc: fastrpc: Fix use-after-free race condition for maps
https://notcve.org/view.php?id=CVE-2022-48872
21 Aug 2024 — Call trace: refcount_warn_saturate [fastrpc_map_get inlined] [fastrpc_map_lookup inlined] fastrpc_map_create fastrpc_internal_invoke fastrpc_device_ioctl __arm64_sys_ioctl invoke_syscall In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->lock is taken in fastrpc_free_map(), another thread can call fastrpc_map_lookup() and get a reference to a map that is a... • https://git.kernel.org/stable/c/c68cfb718c8f97b7f7a50ed66be5feb42d0c8988 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48871 – tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer
https://notcve.org/view.php?id=CVE-2022-48871
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer Driver's probe allocates memory for RX FIFO (port->rx_fifo) based on default RX FIFO depth, e.g. 16. ... In the Linux kernel, the following vulnerability has been resolved: tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer Driver's probe allocates memory for RX FIFO (port->rx_fifo) based on default RX FIFO depth, e.g. 16. • https://git.kernel.org/stable/c/f9d690b6ece7ec9a6ff6b588df95a010ab2d66f9 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48870 – tty: fix possible null-ptr-defer in spk_ttyio_release
https://notcve.org/view.php?id=CVE-2022-48870
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: fix possible null-ptr-defer in spk_ttyio_release Run the following tests on the qemu platform: syzkaller:~# modprobe speakup_audptr input: Speakup as /devices/virtual/input/input4 initialized device: /dev/synth, node (MAJOR 10, MINOR 125) speakup 3.1.6: initialized synth name on entry is: (null) synth probe spk_ttyio_initialise_ldisc failed because tty_kopen_exclusive returned failed (errno -16), then remove the module, we will ... • https://git.kernel.org/stable/c/4f2a81f3a88217e7340b2cab5c0a5ebd0112514c •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48869 – USB: gadgetfs: Fix race between mounting and unmounting
https://notcve.org/view.php?id=CVE-2022-48869
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: gadgetfs: Fix race between mounting and unmounting The syzbot fuzzer and Gerald Lee have identified a use-after-free bug in the gadgetfs driver, involving processes concurrently mounting and unmounting the gadgetfs filesystem. In the Linux kernel, the following vulnerability has been resolved: USB: gadgetfs: Fix race between mounting and unmounting The syzbot fuzzer and Gerald Lee have identified a use-after-free bug in t... • https://git.kernel.org/stable/c/e5d82a7360d124ae1a38c2a5eac92ba49b125191 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48868 – dmaengine: idxd: Let probe fail when workqueue cannot be enabled
https://notcve.org/view.php?id=CVE-2022-48868
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Let probe fail when workqueue cannot be enabled The workqueue is enabled when the appropriate driver is loaded and disabled when the driver is removed. ... In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Let probe fail when workqueue cannot be enabled The workqueue is enabled when the appropriate driver is loaded and disabled when the driver is removed. • https://git.kernel.org/stable/c/1f2bb40337f0df1d9af80793e9fdacff7706e654 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48867 – dmaengine: idxd: Prevent use after free on completion memory
https://notcve.org/view.php?id=CVE-2022-48867
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Prevent use after free on completion memory On driver unload any pending descriptors are flushed at the time the interrupt is freed: idxd_dmaengine_drv_remove() -> drv_disable_wq() -> idxd_wq_free_irq() -> idxd_flush_pending_descs(). In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Prevent use after free on completion memory On driver unload any pending descriptors are flush... • https://git.kernel.org/stable/c/63c14ae6c161dec8ff3be49277edc75a769e054a •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43882 – exec: Fix ToCToU between perm check and set-uid/gid usage
https://notcve.org/view.php?id=CVE-2024-43882
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done a... • https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •