CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49923 – nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()
https://notcve.org/view.php?id=CVE-2022-49923
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() nxp_nci_send() will call nxp_nci_i2c_write(), and only free skb when nxp_nci_i2c_write() failed. However, even if the nxp_nci_i2c_write() run succeeds, the skb will not be freed in nxp_nci_i2c_write(). As the result, the skb will memleak. nxp_nci_send() should also free the skb when nxp_nci_i2c_write() succeeds. In the Linux kernel, the following vulnerability has been resolved: nfc:... • https://git.kernel.org/stable/c/dece45855a8b0d1dcf48eb01d0822070ded6a4c8 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49922 – nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
https://notcve.org/view.php?id=CVE-2022-49922
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() nfcmrvl_i2c_nci_send() will be called by nfcmrvl_nci_send(), and skb should be freed in nfcmrvl_i2c_nci_send(). However, nfcmrvl_nci_send() will only free skb when i2c_master_send() return >=0, which means skb will memleak when i2c_master_send() failed. Free skb no matter whether i2c_master_send() succeeds. In the Linux kernel, the following vulnerability has been resolved: n... • https://git.kernel.org/stable/c/b5b3e23e4cace008e1a30e8614a484d14dfd07a1 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49921 – net: sched: Fix use after free in red_enqueue()
https://notcve.org/view.php?id=CVE-2022-49921
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sched: Fix use after free in red_enqueue() We can't use "skb" again after passing it to qdisc_enqueue(). This is basically identical to commit 2f09707d0c97 ("sch_sfb: Also store skb len before calling child enqueue"). In the Linux kernel, the following vulnerability has been resolved: net: sched: Fix use after free in red_enqueue() We can't use "skb" again after passing it to qdisc_enqueue(). This is basically identical to commit 2f097... • https://git.kernel.org/stable/c/d7f4f332f082c4d4ba53582f902ed6b44fd6f45e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49920 – netfilter: nf_tables: netlink notifier might race to release objects
https://notcve.org/view.php?id=CVE-2022-49920
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: netlink notifier might race to release objects commit release path is invoked via call_rcu and it runs lockless to release the objects after rcu grace period. The netlink notifier handler might win race to remove objects that the transaction context is still referencing from the commit release path. Call rcu_barrier() to ensure pending rcu callbacks run to completion if the list of transactions to be destroyed is not e... • https://git.kernel.org/stable/c/6001a930ce0378b62210d4f83583fc88a903d89d •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49919 – netfilter: nf_tables: release flow rule object from commit path
https://notcve.org/view.php?id=CVE-2022-49919
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flow rule object from commit path No need to postpone this to the commit release path, since no packets are walking over this object, this is accessed from control plane only. This helped uncovered UAF triggered by races with the netlink notifier. In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flow rule object from commit path No need to postpone this to the co... • https://git.kernel.org/stable/c/5b8d63489c3b701eb2a76f848ec94d8cbc9373b9 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49918 – ipvs: fix WARNING in __ip_vs_cleanup_batch()
https://notcve.org/view.php?id=CVE-2022-49918
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in __ip_vs_cleanup_batch() During the initialization of ip_vs_conn_net_init(), if file ip_vs_conn or ip_vs_conn_sync fails to be created, the initialization is successful by default. Therefore, the ip_vs_conn or ip_vs_conn_sync file doesn't be found during the remove. The following is the stack information: name 'ip_vs_conn_sync' WARNING: CPU: 3 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460 Modules linked i... • https://git.kernel.org/stable/c/61b1ab4583e275af216c8454b9256de680499b19 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49917 – ipvs: fix WARNING in ip_vs_app_net_cleanup()
https://notcve.org/view.php?id=CVE-2022-49917
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ip_vs_app_net_cleanup() During the initialization of ip_vs_app_net_init(), if file ip_vs_app fails to be created, the initialization is successful by default. Therefore, the ip_vs_app file doesn't be found during the remove in ip_vs_app_net_cleanup(). It will cause WRNING. The following is the stack information: name 'ip_vs_app' WARNING: CPU: 1 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460 Modules linked... • https://git.kernel.org/stable/c/457c4cbc5a3dde259d2a1f15d5f9785290397267 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49916 – rose: Fix NULL pointer dereference in rose_send_frame()
https://notcve.org/view.php?id=CVE-2022-49916
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rose_send_frame() The syzkaller reported an issue: KASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387] CPU: 0 PID: 4069 Comm: kworker/0:15 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Workqueue: rcu_gp srcu_invoke_callbacks RIP: 0010:rose_send_frame+0x1dd/0x2f0 net/rose/rose_link.c:101 Call... • https://git.kernel.org/stable/c/76885373129b13df35ecc9b4ee86ea5840f12133 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49915 – mISDN: fix possible memory leak in mISDN_register_device()
https://notcve.org/view.php?id=CVE-2022-49915
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_register_device() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, add put_device() to give up the reference, so that the name can be freed in kobject_cleanup() when the refcount is 0. Set device class before put_device() to avoid null release() function WARN message in device_release(). In the Linux kernel, the fol... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49914 – btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
https://notcve.org/view.php?id=CVE-2022-49914
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix inode list leak during backref walking at resolve_indirect_refs() During backref walking, at resolve_indirect_refs(), if we get an error we jump to the 'out' label and call ulist_free() on the 'parents' ulist, which frees all the elements in the ulist - however that does not free any inode lists that may be attached to elements, through the 'aux' field of a ulist node, so we end up leaking lists if we have any attached to the uno... • https://git.kernel.org/stable/c/3301958b7c1dae8f0f5ded63aa881e0b71e78464 •