CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49497 – net: remove two BUG() from skb_checksum_help()
https://notcve.org/view.php?id=CVE-2022-49497
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: remove two BUG() from skb_checksum_help() I have a syzbot report that managed to get a crash in skb_checksum_help() If syzbot can trigger these BUG(), it makes sense to replace them with more friendly WARN_ON_ONCE() since skb_checksum_help() can instead return an error code. Note that syzbot will still crash there, until real bug is fixed. In the Linux kernel, the following vulnerability has been resolved: net: remove two BUG() from sk... • https://git.kernel.org/stable/c/312c43e98ed190bd8fd7a71a0addf9539d5b8ab1 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49495 – drm/msm/hdmi: check return value after calling platform_get_resource_byname()
https://notcve.org/view.php?id=CVE-2022-49495
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: check return value after calling platform_get_resource_byname() It will cause null-ptr-deref if platform_get_resource_byname() returns NULL, we need check the return value. Patchwork: https://patchwork.freedesktop.org/patch/482992/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: check return value after calling platform_get_resource_byname() It will cause null-ptr-deref if platform_get_resourc... • https://git.kernel.org/stable/c/c6a57a50ad562a2e6fc6ac3218b710caea73a58b •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49493 – ASoC: rt5645: Fix errorenous cleanup order
https://notcve.org/view.php?id=CVE-2022-49493
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix errorenous cleanup order There is a logic error when removing rt5645 device as the function rt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and delete the &rt5645->btn_check_timer latter. However, since the timer handler rt5645_btn_check_callback() will re-queue the jack_detect_work, this cleanup order is buggy. That is, once the del_timer_sync in rt5645_i2c_remove is concurrently run with the rt5645_btn_che... • https://git.kernel.org/stable/c/7d801e807536a9a9c2146c5f4a5836f154517ed3 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49492 – nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
https://notcve.org/view.php?id=CVE-2022-49492
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags In nvme_alloc_admin_tags, the admin_q can be set to an error (typically -ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which is checked immediately after the call. However, when we return the error message up the stack, to nvme_reset_work the error takes us to nvme_remove_dead_ctrl() nvme_dev_disable() nvme_suspend_queue(&dev->queues[0]). Here, we only chec... • https://git.kernel.org/stable/c/8321b17789f614414206af07e17ce4751c95dc76 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49491 – drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
https://notcve.org/view.php?id=CVE-2022-49491
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() It will cause null-ptr-deref in resource_size(), if platform_get_resource() returns NULL, move calling resource_size() after devm_ioremap_resource() that will check 'res' to avoid null-ptr-deref. In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() It will cause null-ptr-deref in resource_size(), if platfo... • https://git.kernel.org/stable/c/2048e3286f347db5667708e47448176b5329e8d8 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49486 – ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
https://notcve.org/view.php?id=CVE-2022-49486
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe of_find_i2c_device_by_node() takes a reference, In error paths, we should call put_device() to drop the reference to aviod refount leak. In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe of_find_i2c_device_by_node() takes a reference, In error paths, we should call put_device() to drop the reference to aviod refount leak. • https://git.kernel.org/stable/c/81e8e4926167ab32593bbb915b45a42024ca1020 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49482 – ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
https://notcve.org/view.php?id=CVE-2022-49482
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. In the Linux kernel, the following vulnerability has been resolved: ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. • https://git.kernel.org/stable/c/08641c7c74dddfcd726512edfaa3b4cbe42e523e •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49481 – regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
https://notcve.org/view.php?id=CVE-2022-49481
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt of_node_get() returns a node with refcount incremented. Calling of_node_put() to drop the reference when not needed anymore. In the Linux kernel, the following vulnerability has been resolved: regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt of_node_get() returns a node with refcount incremented. Calling of_node_put() to drop the reference when not needed... • https://git.kernel.org/stable/c/3784b6d64dc52ed3fbebad61a85ab9b7a687a167 •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49478 – media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
https://notcve.org/view.php?id=CVE-2022-49478
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Syzbot reported that -1 is used as array index. The problem was in missing validation check. hdw->unit_number is initialized with -1 and then if init table walk fails this value remains unchanged. Since code blindly uses this member for array indexing adding sanity check is the easiest fix for that. hdw->workpoll initialization moved upper to prevent warning in __flush_work... • https://git.kernel.org/stable/c/d855497edbfbf9e19a17f4a1154bca69cb4bd9ba •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-49474 – Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
https://notcve.org/view.php?id=CVE-2022-49474
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Connecting the same socket twice consecutively in sco_sock_connect() could lead to a race condition where two sco_conn objects are created but only one is associated with the socket. If the socket is closed before the SCO connection is established, the timer associated with the dangling sco_conn object won't be canceled. As the sock object is being freed, the use-after-... • https://git.kernel.org/stable/c/22c66af08230a7030bdb88accffaec3424695631 • CWE-416: Use After Free •