CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49817 – net: mhi: Fix memory leak in mhi_net_dellink()
https://notcve.org/view.php?id=CVE-2022-49817
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mhi: Fix memory leak in mhi_net_dellink() MHI driver registers network device without setting the needs_free_netdev flag, and does NOT call free_netdev() when unregisters network device, which causes a memory leak. This patch calls free_netdev() to fix it since netdev_priv is used after unregister. In the Linux kernel, the following vulnerability has been resolved: net: mhi: Fix memory leak in mhi_net_dellink() MHI driver registers net... • https://git.kernel.org/stable/c/13adac032982c61bb590669e8e87e51558917ca1 •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49814 – kcm: close race conditions on sk_receive_queue
https://notcve.org/view.php?id=CVE-2022-49814
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: kcm: close race conditions on sk_receive_queue sk->sk_receive_queue is protected by skb queue lock, but for KCM sockets its RX path takes mux->rx_lock to protect more than just skb queue. However, kcm_recvmsg() still only grabs the skb queue lock, so race conditions still exist. We can teach kcm_recvmsg() to grab mux->rx_lock too but this would introduce a potential performance regression as struct kcm_mux can be shared by multiple KCM sock... • https://git.kernel.org/stable/c/ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49813 – net: ena: Fix error handling in ena_init()
https://notcve.org/view.php?id=CVE-2022-49813
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver() failed to prevent the resource leak. In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() wh... • https://git.kernel.org/stable/c/1738cd3ed342294360d6a74d4e58800004bff854 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49812 – bridge: switchdev: Fix memory leaks when changing VLAN protocol
https://notcve.org/view.php?id=CVE-2022-49812
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bridge: switchdev: Fix memory leaks when changing VLAN protocol The bridge driver can offload VLANs to the underlying hardware either via switchdev or the 8021q driver. When the former is used, the VLAN is marked in the bridge driver with the 'BR_VLFLAG_ADDED_BY_SWITCHDEV' private flag. To avoid the memory leaks mentioned in the cited commit, the bridge driver will try to delete a VLAN via the 8021q driver if the VLAN is not marked with the... • https://git.kernel.org/stable/c/279737939a8194f02fa352ab4476a1b241f44ef4 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49811 – drbd: use after free in drbd_create_device()
https://notcve.org/view.php?id=CVE-2022-49811
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe() iterator to prevent a use after free. In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe() iterator to prevent a use after free. • https://git.kernel.org/stable/c/b6f85ef9538b2111a8ba0bbfae9aaebabfc94961 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49810 – netfs: Fix missing xas_retry() calls in xarray iteration
https://notcve.org/view.php?id=CVE-2022-49810
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix missing xas_retry() calls in xarray iteration netfslib has a number of places in which it performs iteration of an xarray whilst being under the RCU read lock. It *should* call xas_retry() as the first thing inside of the loop and do "continue" if it returns true in case the xarray walker passed out a special value indicating that the walk needs to be redone from the root[*]. Fix this by adding the missing retry checks. [*] I won... • https://git.kernel.org/stable/c/3d3c95046742e4eebaa4b891b0b01cbbed94ebbd •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49809 – net/x25: Fix skb leak in x25_lapb_receive_frame()
https://notcve.org/view.php?id=CVE-2022-49809
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25_lapb_receive_frame() x25_lapb_receive_frame() using skb_copy() to get a private copy of skb, the new skb should be freed in the undersized/fragmented skb error handling path. Otherwise there is a memory leak. In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25_lapb_receive_frame() x25_lapb_receive_frame() using skb_copy() to get a private copy of skb, the new skb shou... • https://git.kernel.org/stable/c/cb101ed2c3c7c0224d16953fe77bfb9d6c2cb9df •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49806 – net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()
https://notcve.org/view.php?id=CVE-2022-49806
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() sparx_stats_init() calls create_singlethread_workqueue() and not checked the ret value, which may return NULL. And a null-ptr-deref may happen: sparx_stats_init() create_singlethread_workqueue() # failed, sparx5->stats_queue is NULL queue_delayed_work() queue_delayed_work_on() __queue_delayed_work() # warning here, but continue __queue_work() # acc... • https://git.kernel.org/stable/c/b37a1bae742f92cc9b1f777d54e04ee3d86bbfc2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49803 – netdevsim: Fix memory leak of nsim_dev->fa_cookie
https://notcve.org/view.php?id=CVE-2022-49803
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: netdevsim: Fix memory leak of nsim_dev->fa_cookie kmemleak reports this issue: unreferenced object 0xffff8881bac872d0 (size 8): comm "sh", pid 58603, jiffies 4481524462 (age 68.065s) hex dump (first 8 bytes): 04 00 00 00 de ad be ef ........ backtrace: [<00000000c80b8577>] __kmalloc+0x49/0x150 [<000000005292b8c6>] nsim_dev_trap_fa_cookie_write+0xc1/0x210 [netdevsim] [<0000000093d78e77>] full_proxy_write+0xf3/0x180 [<000000005a662c16>] vfs_w... • https://git.kernel.org/stable/c/d3cbb907ae57fe5da314b51d949b617b538bdeae •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49802 – ftrace: Fix null pointer dereference in ftrace_add_mod()
https://notcve.org/view.php?id=CVE-2022-49802
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix null pointer dereference in ftrace_add_mod() The @ftrace_mod is allocated by kzalloc(), so both the members {prev,next} of @ftrace_mode->list are NULL, it's not a valid state to call list_del(). If kstrdup() for @ftrace_mod->{func|module} fails, it goes to @out_free tag and calls free_ftrace_mod() to destroy @ftrace_mod, then list_del() will write prev->next and next->prev, where null pointer dereference happens. BUG: kernel NUL... • https://git.kernel.org/stable/c/673feb9d76ab3eddde7acfd94b206e321cfc90b9 •