CVE-2022-48961 – net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
https://notcve.org/view.php?id=CVE-2022-48961
In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix unbalanced fwnode reference count in mdio_device_release() There is warning report about of_node refcount leak while probing mdio device: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /spi/soc@0/mdio@710700c0/ethernet@4 In of_mdiobus_register_device(), we increase fwnode refcount by fwnode_handle_get() before associating the of_node with mdio device, but it has never been decreased in normal path. Since that, in mdio_device_release(), it needs to call fwnode_handle_put() in addition instead of calling kfree() directly. After above, just calling mdio_device_free() in the error handle path of of_mdiobus_register_device() is enough to keep the refcount balanced. • https://git.kernel.org/stable/c/a9049e0c513c4521dbfaa302af8ed08b3366b41f https://git.kernel.org/stable/c/16854177745a5648f8ec322353b432e18460f43a https://git.kernel.org/stable/c/a5c6de1a6656b8cc6bce7cb3d9874dd7df4968c3 https://git.kernel.org/stable/c/cb37617687f2bfa5b675df7779f869147c9002bd •
CVE-2022-48960 – net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
https://notcve.org/view.php?id=CVE-2022-48960
In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. • https://git.kernel.org/stable/c/57c5bc9ad7d799e9507ba6e993398d2c55f03fab https://git.kernel.org/stable/c/179499e7a240b2ef590f05eb379c810c26bbc8a4 https://git.kernel.org/stable/c/8067cd244cea2c332f8326842fd10158fa2cb64f https://git.kernel.org/stable/c/3a4eddd1cb023a71df4152fcc76092953e6fe95a https://git.kernel.org/stable/c/1b6360a093ab8969c91a30bb58b753282e2ced4c https://git.kernel.org/stable/c/93aaa4bb72e388f6a4887541fd3d18b84f1b5ddc https://git.kernel.org/stable/c/b8ce0e6f9f88a6bb49d291498377e61ea27a5387 https://git.kernel.org/stable/c/b6307f7a2fc1c5407b6176f2af34a9521 •
CVE-2022-48958 – ethernet: aeroflex: fix potential skb leak in greth_init_rings()
https://notcve.org/view.php?id=CVE-2022-48958
In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in greth_init_rings() The greth_init_rings() function won't free the newly allocated skb when dma_mapping_error() returns error, so add dev_kfree_skb() to fix it. Compile tested only. • https://git.kernel.org/stable/c/d4c41139df6e74c6fff0cbac43e51cab782133be https://git.kernel.org/stable/c/223654e2e2c8d05347cd8e300f8d1ec6023103dd https://git.kernel.org/stable/c/cb1e293f858e5e1152b8791047ed4bdaaf392189 https://git.kernel.org/stable/c/bfaa8f6c5b84b295dd73b0138b57c5555ca12b1c https://git.kernel.org/stable/c/99669d94ce145389f1d6f197e6e18ed50d43fb76 https://git.kernel.org/stable/c/87277bdf2c370ab2d07cfe77dfa9b37f82bbe1e5 https://git.kernel.org/stable/c/c7adcbd0fd3fde1b19150c3e955fb4a30c5bd9b7 https://git.kernel.org/stable/c/dd62867a6383f78f75f07039394aac259 •
CVE-2022-48953 – rtc: cmos: Fix event handler registration ordering issue
https://notcve.org/view.php?id=CVE-2022-48953
In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpi_install_fixed_event_handler() enables the event automatically on success, it is incorrect to call it before the handler routine passed to it is ready to handle events. Unfortunately, the rtc-cmos driver does exactly the incorrect thing by calling cmos_wake_setup(), which passes rtc_handler() to acpi_install_fixed_event_handler(), before cmos_do_probe(), because rtc_handler() uses dev_get_drvdata() to get to the cmos object pointer and the driver data pointer is only populated in cmos_do_probe(). This leads to a NULL pointer dereference in rtc_handler() on boot if the RTC fixed event happens to be active at the init time. To address this issue, change the initialization ordering of the driver so that cmos_wake_setup() is always called after a successful cmos_do_probe() call. While at it, change cmos_pnp_probe() to call cmos_do_probe() after the initial if () statement used for computing the IRQ argument to be passed to cmos_do_probe() which is cleaner than calling it in each branch of that if () (local variable "irq" can be of type int, because it is passed to that function as an argument of type int). Note that commit 6492fed7d8c9 ("rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0") caused this issue to affect a larger number of systems, because previously it only affected systems with ACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that commit. • https://git.kernel.org/stable/c/a474aaedac99ba86e28ef6c912a7647c482db6dd https://git.kernel.org/stable/c/0bcfccb48696aba475f046c2021f0733659ce0ef https://git.kernel.org/stable/c/60c6e563a843032cf6ff84b2fb732cd8754fc10d https://git.kernel.org/stable/c/1ba745fce13d19775100eece30b0bfb8b8b10ea6 https://git.kernel.org/stable/c/4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8 •
CVE-2022-48951 – ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
https://notcve.org/view.php?id=CVE-2022-48951
In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() The bounds checks in snd_soc_put_volsw_sx() are only being applied to the first channel, meaning it is possible to write out of bounds values to the second channel in stereo controls. Add appropriate checks. • https://git.kernel.org/stable/c/56288987843c3cb343e81e5fa51549cbaf541bd0 https://git.kernel.org/stable/c/cf1c225f1927891ae388562b78ced7840c3723b9 https://git.kernel.org/stable/c/18a168d85eadcfd45f015b5ecd2a97801b959e43 https://git.kernel.org/stable/c/9796d07c753164b7e6b0d7ef23fb4482840a9ef8 https://git.kernel.org/stable/c/50b5f6d4d9d2d69a7498c44fd8b26e13d73d3d98 https://git.kernel.org/stable/c/cf611d786796ec33da09d8c83d7d7f4e557b27de https://git.kernel.org/stable/c/1798b62d642e7b3d4ea3403914c3caf4e438465d https://git.kernel.org/stable/c/97eea946b93961fffd29448dcda7398d0 •