CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2022-49722 – ice: Fix memory corruption in VF driver
https://notcve.org/view.php?id=CVE-2022-49722
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory corruption in VF driver Disable VF's RX/TX queues, when it's disabled. VF can have queues enabled, when it requests a reset. If PF driver assumes that VF is disabled, while VF still has queues configured, VF may unmap DMA resources. In such scenario device still can map packets to memory, which ends up silently corrupting it. Previously, VF driver could experience memory corruption, which lead to crash: [ 5119.170157] BUG: u... • https://git.kernel.org/stable/c/ec4f5a436bdf0e5453ad15c4f34a59b9b675ff48 •
CVSS: 7.1EPSS: %CPEs: 4EXPL: 0CVE-2022-49721 – arm64: ftrace: consistently handle PLTs.
https://notcve.org/view.php?id=CVE-2022-49721
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handle PLTs. Sometimes it is necessary to use a PLT entry to call an ftrace trampoline. This is handled by ftrace_make_call() and ftrace_make_nop(), with each having *almost* identical logic, but this is not handled by ftrace_modify_call() since its introduction in commit: 3b23e4991fb66f6d ("arm64: implement ftrace with regs") Due to this, if we ever were to call ftrace_modify_call() for a callsite which requires... • https://git.kernel.org/stable/c/3b23e4991fb66f6d152f9055ede271a726ef9f21 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2022-49720 – block: Fix handling of offline queues in blk_mq_alloc_request_hctx()
https://notcve.org/view.php?id=CVE-2022-49720
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() This patch prevents that test nvme/004 triggers the following: UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9 index 512 is out of range for type 'long unsigned int [512]' Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x3b __ubsan_handle_out_of_bounds.cold+0x44/0x49 blk_mq_alloc_request_hctx+0x304/0x310 __nvme_su... • https://git.kernel.org/stable/c/20e4d813931961fe26d26a1e98b3aba6ec00b130 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49719 – irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
https://notcve.org/view.php?id=CVE-2022-49719
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic/realview: Fix refcount leak in realview_gic_of_init of_find_matching_node_and_match() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: irqchip/gic/realview: Fix refcount leak in realview_gic_of_init of_find_matching_node_and_match() returns a node pointer ... • https://git.kernel.org/stable/c/82b0a434b436f5da69ddd24bd6a6fa5dc4484310 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2022-49716 – irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions
https://notcve.org/view.php?id=CVE-2022-49716
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. When kcalloc fails, it missing of_node_put() and results in refcount leak. Fix this by goto out_put_node label. In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions of... • https://git.kernel.org/stable/c/52085d3f2028d853f8d6ce7ead2f8a504f6077fa •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49715 – irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions
https://notcve.org/view.php?id=CVE-2022-49715
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions of_find_node_by_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions of_find_node_by_phandle() returns a node pointer with refcount ... • https://git.kernel.org/stable/c/e3825ba1af3a27d7522c9f5f929f5a13b8b138ae •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49714 – irqchip/realtek-rtl: Fix refcount leak in map_interrupts
https://notcve.org/view.php?id=CVE-2022-49714
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/realtek-rtl: Fix refcount leak in map_interrupts of_find_node_by_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. This function doesn't call of_node_put() in error path. Call of_node_put() directly after of_property_read_u32() to cover both normal path and error path. In the Linux kernel, the following vulnerability has been resolved: irqchip/realtek-rtl: Fix refcou... • https://git.kernel.org/stable/c/9f3a0f34b84ad1b9a8f2bdae44b66f16685b2143 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49713 – usb: dwc2: Fix memory leak in dwc2_hcd_init
https://notcve.org/view.php?id=CVE-2022-49713
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix memory leak in dwc2_hcd_init usb_create_hcd will alloc memory for hcd, and we should call usb_put_hcd to free it when platform_get_resource() fails to prevent memory leak. goto error2 label instead error1 to fix this. In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix memory leak in dwc2_hcd_init usb_create_hcd will alloc memory for hcd, and we should call usb_put_hcd to free it when platform_g... • https://git.kernel.org/stable/c/4b7f4a0eb92bf37bea4cd838c7f83ea42823ca8b •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49712 – usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
https://notcve.org/view.php?id=CVE-2022-49712
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. of_node_put() will check NULL pointer. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe of_parse_phandle() returns a no... • https://git.kernel.org/stable/c/24a28e4283510dcd58890379a42b8a7d3201d9d3 •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2022-49711 – bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()
https://notcve.org/view.php?id=CVE-2022-49711
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() In fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to fsl_destroy_mc_io(). However, mc->root_mc_bus_dev is already freed in fsl_mc_device_remove(). Then reference to mc->root_mc_bus_dev->mc_io triggers KASAN use-after-free. To avoid the use-after-free, keep the reference to mc->root_mc_bus_dev->mc_io in a local variable and pass to fsl_destroy_mc_io(). This patch nee... • https://git.kernel.org/stable/c/f93627146f0e371093966ed3d44c065aa077cfb1 •