CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49665 – platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource
https://notcve.org/view.php?id=CVE-2022-49665
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource Unlike release_mem_region(), a call to release_resource() does not free the resource, so it has to be freed explicitly to avoid a memory leak. In the Linux kernel, the following vulnerability has been resolved: platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource Unlike release_mem_region(), a call to release_resource() does not free the resource, so it has... • https://git.kernel.org/stable/c/455cd867b85b53fd3602345f9b8a8facc551adc9 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49664 – tipc: move bc link creation back to tipc_node_create
https://notcve.org/view.php?id=CVE-2022-49664
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipc_node_create Shuang Li reported a NULL pointer dereference crash: [] BUG: kernel NULL pointer dereference, address: 0000000000000068 [] RIP: 0010:tipc_link_is_up+0x5/0x10 [tipc] [] Call Trace: []
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49663 – tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
https://notcve.org/view.php?id=CVE-2022-49663
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() Recently added debug in commit f9aefd6b2aa3 ("net: warn if mac header was not set") caught a bug in skb_tunnel_check_pmtu(), as shown in this syzbot report [1]. In ndo_start_xmit() paths, there is really no need to use skb->mac_header, because skb->data is supposed to point at it. [1] WARNING: CPU: 1 PID: 8604 at include/linux/skbuff.h:2784 skb_mac_header_len include/linux/... • https://git.kernel.org/stable/c/4cb47a8644cc9eb8ec81190a50e79e6530d0297f •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49662 – ipv6: fix lockdep splat in in6_dump_addrs()
https://notcve.org/view.php?id=CVE-2022-49662
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: fix lockdep splat in in6_dump_addrs() As reported by syzbot, we should not use rcu_dereference() when rcu_read_lock() is not held. WARNING: suspicious RCU usage 5.19.0-rc2-syzkaller #0 Not tainted net/ipv6/addrconf.c:5175 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor326/3617: #0: ffffffff8d5848e8 (rtnl_mutex){+.+.}-{3:3}, at: ne... • https://git.kernel.org/stable/c/88e2ca3080947fe22eb520c1f8231e79a105d011 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49661 – can: gs_usb: gs_usb_open/close(): fix memory leak
https://notcve.org/view.php?id=CVE-2022-49661
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_open/close(): fix memory leak The gs_usb driver appears to suffer from a malady common to many USB CAN adapter drivers in that it performs usb_alloc_coherent() to allocate a number of USB request blocks (URBs) for RX, and then later relies on usb_kill_anchored_urbs() to free them, but this doesn't actually free them. As a result, this may be leaking DMA memory that's been used by the driver. This commit is an adaptation ... • https://git.kernel.org/stable/c/d08e973a77d128b25e01a08c34d89593fdf222da •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49659 – can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits
https://notcve.org/view.php?id=CVE-2022-49659
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits In commit 1be37d3b0414 ("can: m_can: fix periph RX path: use rx-offload to ensure skbs are sent from softirq context") the RX path for peripheral devices was switched to RX-offload. Received CAN frames are pushed to RX-offload together with a timestamp. RX-offload is designed to handle overflows of the timestamp correctly, if 32 bit timestamps are provided. The t... • https://git.kernel.org/stable/c/1be37d3b0414e3db47f6fcba6c16286bbae0cb65 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49658 – bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
https://notcve.org/view.php?id=CVE-2022-49658
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals Kuee reported a corner case where the tnum becomes constant after the call to __reg_bound_offset(), but the register's bounds are not, that is, its min bounds are still not equal to the register's max bounds. This in turn allows to leak pointers through turning a pointer register as is into an unknown scalar via adjust_ptr_min_max_vals(). Before: func#0 @0 0: R1=ctx(of... • https://git.kernel.org/stable/c/b03c9f9fdc37dab81ea04d5dacdc5995d4c224c2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49657 – usbnet: fix memory leak in error case
https://notcve.org/view.php?id=CVE-2022-49657
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer • https://git.kernel.org/stable/c/877bd862f32b815d54ab5fc10a4fd903d7bf3012 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49656 – ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
https://notcve.org/view.php?id=CVE-2022-49656
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: meson: Fix refcount leak in meson_smp_prepare_cpus of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ARM: meson: Fix refcount leak in meson_smp_prepare_cpus of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_... • https://git.kernel.org/stable/c/d850f3e5d2966e5c9eb55f66181cee960737e04c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49655 – fscache: Fix invalidation/lookup race
https://notcve.org/view.php?id=CVE-2022-49655
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fscache: Fix invalidation/lookup race If an NFS file is opened for writing and closed, fscache_invalidate() will be asked to invalidate the file - however, if the cookie is in the LOOKING_UP state (or the CREATING state), then request to invalidate doesn't get recorded for fscache_cookie_state_machine() to do something with. Fix this by making __fscache_invalidate() set a flag if it sees the cookie is in the LOOKING_UP state to indicate tha... • https://git.kernel.org/stable/c/d24af13e2e2358a602740c7817ea90da43d3e740 •