CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49031 – iio: health: afe4403: Fix oob read in afe4403_read_raw
https://notcve.org/view.php?id=CVE-2022-49031
In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0 Read of size 4 at addr ffffffffc02ac638 by task cat/279 Call Trace: afe4403_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4403_channel_leds+0x18/0xffffffffffffe9e0 This issue can be reproduced by singe command: $ cat /sys/bus/spi/devices/spi0.0/iio\:device0/in_intensity6_raw The array size of afe4403_channel_leds is less than channels, so access with chan->address cause OOB read in afe4403_read_raw. Fix it by moving access before use it. • https://git.kernel.org/stable/c/b36e8257641a043764c62240316610c81e36376c https://git.kernel.org/stable/c/98afcb5f3be645d330c74c5194ba0d80e26f95e0 https://git.kernel.org/stable/c/c9268df36818ee4eaaaeadc80009b442a5ca69c9 https://git.kernel.org/stable/c/726fa3e4ab97dcff1c745bdc4fb137366cb8d3df https://git.kernel.org/stable/c/2d6a437064ffbe685c67ddb16dfc0946074c6c3f https://git.kernel.org/stable/c/b1756af172fb80a3edc143772d49e166ec691b6c https://git.kernel.org/stable/c/e7e76a77aabef8989cbc0a8417af1aa040620867 https://git.kernel.org/stable/c/06c6ce21cec77dfa860d57e7a006000a5 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49030 – libbpf: Handle size overflow for ringbuf mmap
https://notcve.org/view.php?id=CVE-2022-49030
In the Linux kernel, the following vulnerability has been resolved: libbpf: Handle size overflow for ringbuf mmap The maximum size of ringbuf is 2GB on x86-64 host, so 2 * max_entries will overflow u32 when mapping producer page and data pages. Only casting max_entries to size_t is not enough, because for 32-bits application on 64-bits kernel the size of read-only mmap region also could overflow size_t. So fixing it by casting the size of read-only mmap region into a __u64 and checking whether or not there will be overflow during mmap. • https://git.kernel.org/stable/c/bf99c936f9478a05d51e9f101f90de70bee9a89c https://git.kernel.org/stable/c/8a549ab6724520aa3c07f47e0eba820293551490 https://git.kernel.org/stable/c/0140e079a42064680394fff1199a7b5483688dec https://git.kernel.org/stable/c/535a25ab4f9a45f74ba38ab71de95e97474922ed https://git.kernel.org/stable/c/927cbb478adf917e0a142b94baa37f06279cc466 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49029 – hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
https://notcve.org/view.php?id=CVE-2022-49029
In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will be freed, but data->list will not be removed from driver_data.bmc_data, then list traversal may cause UAF. Fix by removeing it from driver_data.bmc_data before free(). • https://git.kernel.org/stable/c/57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10 https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3 https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49028 – ixgbevf: Fix resource leak in ixgbevf_init_module()
https://notcve.org/view.php?id=CVE-2022-49028
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Add destroy_workqueue() in fail path to prevent the resource leak. Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak") • https://git.kernel.org/stable/c/40a13e2493c9882cb4d09054d81a5063cd1589a2 https://git.kernel.org/stable/c/f166c62cad798c53300b4b327e44300c73ec492d https://git.kernel.org/stable/c/7109e941099244cc876a4b3cb7a3ec79f104374a https://git.kernel.org/stable/c/c99671d4699dcf90d6939923c8fe8a8918e140b2 https://git.kernel.org/stable/c/8cfa238a48f34038464b99d0b4825238c2687181 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49027 – iavf: Fix error handling in iavf_init_module()
https://notcve.org/view.php?id=CVE-2022-49027
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix error handling in iavf_init_module() The iavf_init_module() won't destroy workqueue when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver() failed to prevent the resource leak. Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak") • https://git.kernel.org/stable/c/2803b16c10ea7eec170c485388f5f26ae30e92fe https://git.kernel.org/stable/c/971c55f0763b480e63ceb7a22beb19be2509e5ed https://git.kernel.org/stable/c/0d9f5bd54b913018031c5b964fc1f9a31f5f6cb5 https://git.kernel.org/stable/c/bd477b891a4fa084561234eed4afacb3001dd359 https://git.kernel.org/stable/c/227d8d2f7f2278b8468c5531b0cd0f2a905b4486 •