CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49800 – tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()
https://notcve.org/view.php?id=CVE-2022-49800
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() test_gen_synth_cmd() only free buf in fail path, hence buf will leak when there is no failure. Add kfree(buf) to prevent the memleak. The same reason and solution in test_empty_synth_event(). unreferenced object 0xffff8881127de000 (size 2048): comm "modprobe", pid 247, jiffies 4294972316 (age 78.756s) hex dump (first 32 bytes): 20 67 65 6e 5f 73 79 6e 74 68 5f 74 ... • https://git.kernel.org/stable/c/9fe41efaca08416657efa8731c0d47ccb6a3f3eb •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49799 – tracing: Fix wild-memory-access in register_synth_event()
https://notcve.org/view.php?id=CVE-2022-49799
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix wild-memory-access in register_synth_event() In register_synth_event(), if set_synth_event_print_fmt() failed, then both trace_remove_event_call() and unregister_trace_event() will be called, which means the trace_event_call will call __unregister_trace_event() twice. As the result, the second unregister will causes the wild-memory-access. register_synth_event set_synth_event_print_fmt failed trace_remove_event_call event_remov... • https://git.kernel.org/stable/c/4b147936fa509650beaf638b331573c23ba4d609 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49797 – tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()
https://notcve.org/view.php?id=CVE-2022-49797
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() When trace_get_event_file() failed, gen_kretprobe_test will be assigned as the error code. If module kprobe_event_gen_test is removed now, the null pointer dereference will happen in kprobe_event_gen_test_exit(). Check if gen_kprobe_test or gen_kretprobe_test is error code or NULL before dereference them. BUG: kernel NULL pointer dereference, a... • https://git.kernel.org/stable/c/64836248dda20c8e7427b493f7e06d9bf8f58850 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49796 – tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()
https://notcve.org/view.php?id=CVE-2022-49796
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() When test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), it will goto delete, which will call kprobe_event_delete() and release the corresponding resource. However, the trace_array in gen_kretprobe_test will point to the invalid resource. Set gen_kretprobe_test to NULL after called kprobe_event_delete() to prevent null-ptr-deref. BUG: ker... • https://git.kernel.org/stable/c/64836248dda20c8e7427b493f7e06d9bf8f58850 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49794 – iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
https://notcve.org/view.php?id=CVE-2022-49794
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() If iio_trigger_register() returns error, it should call iio_trigger_free() to give up the reference that hold in iio_trigger_alloc(), so that it can call iio_trig_release() to free memory when the refcount hit to 0. In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() If iio_t... • https://git.kernel.org/stable/c/0e589d5fb3172b0dde7fdad3a4829ce5352dd30d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49793 – iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
https://notcve.org/view.php?id=CVE-2022-49793
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() dev_set_name() allocates memory for name, it need be freed when device_add() fails, call put_device() to give up the reference that hold in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hit to 0. Fault injection test can trigger this: unreferenced object 0xffff8e8340a7b4c0 (size 32): comm "modprobe", pid 243, jiffies 4294678145 (age ... • https://git.kernel.org/stable/c/1f785681a87068f123d3e23da13b2c55ab4f93ac •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49792 – iio: adc: mp2629: fix potential array out of bound access
https://notcve.org/view.php?id=CVE-2022-49792
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: mp2629: fix potential array out of bound access Add sentinel at end of maps to avoid potential array out of bound access in iio core. In the Linux kernel, the following vulnerability has been resolved: iio: adc: mp2629: fix potential array out of bound access Add sentinel at end of maps to avoid potential array out of bound access in iio core. • https://git.kernel.org/stable/c/7abd9fb6468225f5c7f83149ce279cc1a912a68a •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49790 – Input: iforce - invert valid length check when fetching device IDs
https://notcve.org/view.php?id=CVE-2022-49790
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforce_init_device() [1], for commit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") is checking that valid length is shorter than bytes to read. Since iforce_get_id_packet() stores valid length when returning 0, the caller needs to check that valid length is longer than or equals to bytes ... • https://git.kernel.org/stable/c/6ac0aec6b0a651d64eef759fddf17d9145b51033 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49789 – scsi: zfcp: Fix double free of FSF request when qdio send fails
https://notcve.org/view.php?id=CVE-2022-49789
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache the FSF request ID when sending a new FSF request. This is used in case the sending fails and we need to remove the request from our internal hash table again (so we don't keep an invalid reference and use it when we free the request again). In 'zfcp_fsf_req_send()' we used to cache the ID as 'int' (sign... • https://git.kernel.org/stable/c/e60a6d69f1f84c2ef1cc63aefaadfe7ae9f12934 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49788 – misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
https://notcve.org/view.php?id=CVE-2022-49788
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121 instrument_copy_to_user ./include/linux/instrumented.h:121 _copy_to_user+0x5f/0xb0 lib/usercopy.c:33 copy_to_user ./include/linux/uaccess.h:16... • https://git.kernel.org/stable/c/06164d2b72aa752ce4633184b3e0d97601017135 •