CVE-2022-48968 – octeontx2-pf: Fix potential memory leak in otx2_init_tc()
https://notcve.org/view.php?id=CVE-2022-48968
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential memory leak in otx2_init_tc() In otx2_init_tc(), if rhashtable_init() failed, it does not free tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap(). • https://git.kernel.org/stable/c/2e2a8126ffac66b9b177ce78ad430281c0c8cc74 https://git.kernel.org/stable/c/eefd8953a74822cb72006632b9ee9dd95f92c146 https://git.kernel.org/stable/c/db5ec358cf4ef0ab382ee733d05f018e8bef9462 https://git.kernel.org/stable/c/fbf33f5ac76f2cdb47ad9763f620026d5cfa57ce •
CVE-2022-48967 – NFC: nci: Bounds check struct nfc_target arrays
https://notcve.org/view.php?id=CVE-2022-48967
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18) This appears to be a legitimate lack of bounds checking in nci_add_new_protocol(). Add the missing checks. • https://git.kernel.org/stable/c/019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5 https://git.kernel.org/stable/c/6b37f0dc0638d13a006f2f24d2f6ca61e83bc714 https://git.kernel.org/stable/c/dbdcfb9f6748218a149f62468d6297ce3f014e9c https://git.kernel.org/stable/c/cff35329070b96b4484d23f9f48a5ca2c947e750 https://git.kernel.org/stable/c/6778434706940b8fad7ef35f410d2b9929f256d2 https://git.kernel.org/stable/c/27eb2d7a1b9987b6d0429b7716b1ff3b82c4ffc9 https://git.kernel.org/stable/c/908b2da426fe9c3ce74cf541ba40e7a4251db191 https://git.kernel.org/stable/c/f41547546db9af99da2c34e3368664d7a •
CVE-2022-48966 – net: mvneta: Prevent out of bounds read in mvneta_config_rss()
https://notcve.org/view.php?id=CVE-2022-48966
In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkeding to ensure that it is not beyond the end of the cpu bitmap. • https://git.kernel.org/stable/c/cad5d847a093077b499a8b0bbfe6804b9226c03e https://git.kernel.org/stable/c/3ceffb8f410b93553fb16fe7e84aa0d35b3ba79b https://git.kernel.org/stable/c/47a1a2f6cd5ec3a4f8a2d9bfa1e0605347cdb92c https://git.kernel.org/stable/c/5a142486a0db6b0b85031f22d69acd0cdcf8f72b https://git.kernel.org/stable/c/eec1fc21edc2bb99c9e66cf66f0b5d4d643fbb50 https://git.kernel.org/stable/c/146ebee8fcdb349d7ec0e49915e6cdafb92544ae https://git.kernel.org/stable/c/a6b30598fec84f8809f5417cde73071ca43e8471 https://git.kernel.org/stable/c/6ca0a506dddc3e1d636935eef339576b2 •
CVE-2022-48965 – gpio/rockchip: fix refcount leak in rockchip_gpiolib_register()
https://notcve.org/view.php?id=CVE-2022-48965
In the Linux kernel, the following vulnerability has been resolved: gpio/rockchip: fix refcount leak in rockchip_gpiolib_register() The node returned by of_get_parent() with refcount incremented, of_node_put() needs be called when finish using it. So add it in the end of of_pinctrl_get(). • https://git.kernel.org/stable/c/936ee2675eee1faca0dcdfa79165c7990422e0fc https://git.kernel.org/stable/c/5cb8f1a784fd6115be58282fe15105572319d8be https://git.kernel.org/stable/c/033c79b7ee8a7bf1c1a13ac3addc91184425cbae https://git.kernel.org/stable/c/63ff545af73f759d1bd04198af8ed8577fb739fc •
CVE-2022-48964 – ravb: Fix potential use-after-free in ravb_rx_gbeth()
https://notcve.org/view.php?id=CVE-2022-48964
In the Linux kernel, the following vulnerability has been resolved: ravb: Fix potential use-after-free in ravb_rx_gbeth() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. • https://git.kernel.org/stable/c/1c59eb678cbd8d322d06d3a5514d36e8e1a4e84c https://git.kernel.org/stable/c/e63c681494dcc0527c625a0a4f59bf10259f5ee0 https://git.kernel.org/stable/c/5a5a3e564de6a8db987410c5c2f4748d50ea82b8 •