CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49741 – fbdev: smscufx: fix error handling code in ufx_usb_probe
https://notcve.org/view.php?id=CVE-2022-49741
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: fix error handling code in ufx_usb_probe The current error handling code in ufx_usb_probe have many unmatching issues, e.g., missing ufx_free_usb_list, destroy_modedb label should only include framebuffer_release, fb_dealloc_cmap only matches fb_alloc_cmap. My local syzkaller reports a memory leak bug: memory leak in ufx_usb_probe BUG: memory leak unreferenced object 0xffff88802f879580 (size 128): comm "kworker/0:7", pid 174... • https://git.kernel.org/stable/c/3b3d3127f5b4291ae4caaf50f7b66089ad600480 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49740 – wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads
https://notcve.org/view.php?id=CVE-2022-49740
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmf_construct_chaninfo() and brcmf_enable_bw40_2g() when the count value of channel specifications provided by the device is greater than the length of 'list->element[]', decided by the size of the 'list' allocated with kzalloc(). The patch adds checks that make the functions free the buf... • https://git.kernel.org/stable/c/9cf5e99c1ae1a85286a76c9a970202750538394c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49739 – gfs2: Always check inode size of inline inodes
https://notcve.org/view.php?id=CVE-2022-49739
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range when reading inodes from disk (gfs2_dinode_in()). This prevents us from on-disk corruption. The two checks in stuffed_readpage() and gfs2_unstuffer_page() that just truncate inline data to the maximum allowed size don't actually make sense, and they can be removed now as well. In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/45df749f827c286adbc951f2a4865b67f0442ba9 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49738 – f2fs: fix to do sanity check on i_extra_isize in is_alive()
https://notcve.org/view.php?id=CVE-2022-49738
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_extra_isize in is_alive() syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline] BUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline] BUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline] BUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 Read of size 4 at addr ffff888076557568 by task kwo... • https://git.kernel.org/stable/c/e5142a4935c1f15841d06047b8130078fc4d7b8f •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52942 – cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask()
https://notcve.org/view.php?id=CVE-2023-52942
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask() It was found that the check to see if a partition could use up all the cpus from the parent cpuset in update_parent_subparts_cpumask() was incorrect. As a result, it is possible to leave parent with no effective cpu left even if there are tasks in the parent cpuset. This can lead to system panic as reported in [1]. Fix this probem by updating the check to fail the enabling t... • https://git.kernel.org/stable/c/f0af1bfc27b52a4d42510051154c61bd176a8f06 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52941 – can: isotp: split tx timer into transmission and timeout
https://notcve.org/view.php?id=CVE-2023-52941
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: 1. send two consecutive frames with a given time gap 2. monitor the timeouts for flow control frames and the echo frames This led to larger txstate checks and potentially to a problem discovered by syzbot which enabled the panic_on_warn feature while testing. The former 'txtimer' function is split into 'txfrtimer... • https://git.kernel.org/stable/c/866337865f3747c68a3e7bb837611e39cec1ecd6 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52940 – mm: multi-gen LRU: fix crash during cgroup migration
https://notcve.org/view.php?id=CVE-2023-52940
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: multi-gen LRU: fix crash during cgroup migration lru_gen_migrate_mm() assumes lru_gen_add_mm() runs prior to itself. This isn't true for the following scenario: CPU 1 CPU 2 clone() cgroup_can_fork() cgroup_procs_write() cgroup_post_fork() task_lock() lru_gen_migrate_mm() task_unlock() task_lock() lru_gen_add_mm() task_unlock() And when the above happens, kernel crashes because of linked list corruption (mm_struct->lru_gen.list). In the ... • https://git.kernel.org/stable/c/bd74fdaea146029e4fa12c6de89adbe0779348a9 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52939 – mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath()
https://notcve.org/view.php?id=CVE-2023-52939
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() As commit 18365225f044 ("hwpoison, memcg: forcibly uncharge LRU pages"), hwpoison will forcibly uncharg a LRU hwpoisoned page, the folio_memcg could be NULl, then, mem_cgroup_track_foreign_dirty_slowpath() could occurs a NULL pointer dereference, let's do not record the foreign writebacks for folio memcg is null in mem_cgroup_track_foreign_dirty() to fix it. In the Lin... • https://git.kernel.org/stable/c/97b27821b4854ca744946dae32a3f2fd55bcd5bc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52938 – usb: typec: ucsi: Don't attempt to resume the ports before they exist
https://notcve.org/view.php?id=CVE-2023-52938
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Don't attempt to resume the ports before they exist This will fix null pointer dereference that was caused by the driver attempting to resume ports that were not yet registered. In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Don't attempt to resume the ports before they exist This will fix null pointer dereference that was caused by the driver attempting to resume ports that were not ... • https://git.kernel.org/stable/c/9222912924fcf56e2d166a503eddbdb5ffd2005f •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52937 – HV: hv_balloon: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-52937
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: HV: hv_balloon: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: HV: hv_balloon: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() th... • https://git.kernel.org/stable/c/d180e0a1be6cea2b7436fadbd1c96aecdf3c46c7 •