CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2022-49685 – iio: trigger: sysfs: fix use-after-free on remove
https://notcve.org/view.php?id=CVE-2022-49685
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irq_work has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irq_work_run_list Read of size 8 at addr 0000000064702248 by task python3/25 Call Trace: irq_work_run_list irq_work_tick update_process_times tick_sched_handle tick_sched_timer __hrtimer_run_queues hrtimer_interrupt Allocated by ... • https://git.kernel.org/stable/c/f38bc926d022ebd67baad6ac7fc22c95fbc6238c •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49682 – xtensa: Fix refcount leak bug in time.c
https://notcve.org/view.php?id=CVE-2022-49682
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: xtensa: Fix refcount leak bug in time.c In calibrate_ccount(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: xtensa: Fix refcount leak bug in time.c In calibrate_ccount(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when ... • https://git.kernel.org/stable/c/3e5eb904d9ba657308fc75a5de434b0e58dcb8d7 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49681 – xtensa: xtfpga: Fix refcount leak bug in setup
https://notcve.org/view.php?id=CVE-2022-49681
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: xtensa: xtfpga: Fix refcount leak bug in setup In machine_setup(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: xtensa: xtfpga: Fix refcount leak bug in setup In machine_setup(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put... • https://git.kernel.org/stable/c/b12d5c52f073a0420622aaf2f21b615cce8b36cc •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49677 – ARM: cns3xxx: Fix refcount leak in cns3xxx_init
https://notcve.org/view.php?id=CVE-2022-49677
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: cns3xxx: Fix refcount leak in cns3xxx_init of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ARM: cns3xxx: Fix refcount leak in cns3xxx_init of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it... • https://git.kernel.org/stable/c/415f59142d9d9dd023deaeb3b4dfc1aecdd3983c •
CVSS: 10.0EPSS: %CPEs: 7EXPL: 0CVE-2022-49674 – dm raid: fix accesses beyond end of raid member array
https://notcve.org/view.php?id=CVE-2022-49674
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load (using raid_ctr), dm-raid allocates an array rs->devs[rs->raid_disks] for the raid device members. rs->raid_disks is defined by the number of raid metadata and image tupples passed into the target's constructor. In the case of RAID layout changes being requested, that number can be different from the current number of members for existing raid sets as defined in the... • https://git.kernel.org/stable/c/5e161a8826b63c0b8b43e4a7fad1f956780f42ab •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49673 – dm raid: fix KASAN warning in raid5_add_disks
https://notcve.org/view.php?id=CVE-2022-49673
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5_add_disks There's a KASAN warning in raid5_add_disk when running the LVM testsuite. The warning happens in the test lvconvert-raid-reshape-linear_to_raid6-single-type.sh. We fix the warning by verifying that rdev->saved_raid_disk is within limits. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5_add_disks There's a KASAN warning in raid5_add_disk when... • https://git.kernel.org/stable/c/2d4e7c9898c20fb3d3f55381cab601761aab7d64 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49657 – usbnet: fix memory leak in error case
https://notcve.org/view.php?id=CVE-2022-49657
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer • https://git.kernel.org/stable/c/877bd862f32b815d54ab5fc10a4fd903d7bf3012 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2022-49651 – srcu: Tighten cleanup_srcu_struct() GP checks
https://notcve.org/view.php?id=CVE-2022-49651
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanup_srcu_struct() GP checks Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does not check for a grace period that has not yet started but which might start at any time. Such a situation could result in a use-after-free bug, so this commit adds a check for a grace period that is needed but not yet started to cleanup_srcu_struct(). In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/e997dda6502eefbc1032d6b0da7b353c53344b07 •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-49646 – wifi: mac80211: fix queue selection for mesh/OCB interfaces
https://notcve.org/view.php?id=CVE-2022-49646
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue for broadcast packets, using the BE queue. Allowing non-BE queue marking violates that assumption and txq->ac == skb_queue_mapping is no longer guaranteed. This can cause issues with queue handling in the driver and also causes issues with the recent ATF change, resulting in an AQL underflow warning. In the Linux ke... • https://git.kernel.org/stable/c/444be5a02b77f3b7a8ac9c1a0b074fbb3bd89cd0 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49639 – cipso: Fix data-races around sysctl.
https://notcve.org/view.php?id=CVE-2022-49639
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. • https://git.kernel.org/stable/c/446fda4f26822b2d42ab3396aafcedf38a9ff2b6 •