CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49516 – ice: always check VF VSI pointer values
https://notcve.org/view.php?id=CVE-2022-49516
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: always check VF VSI pointer values The ice_get_vf_vsi function can return NULL in some cases, such as if handling messages during a reset where the VSI is being removed and recreated. Several places throughout the driver do not bother to check whether this VSI pointer is valid. Static analysis tools maybe report issues because they detect paths where a potentially NULL pointer could be dereferenced. Fix this by checking the return valu... • https://git.kernel.org/stable/c/e7be3877589d539c52e5d1d23a625f889b541b9d •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49514 – ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
https://notcve.org/view.php?id=CVE-2022-49514
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Call of_node_put(platform_node) to avoid refcount leak in the error path. In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Call of_node_put(platform_node) to avoid refcount leak in the error path. • https://git.kernel.org/stable/c/94319ba10ecabc8f28129566d1f5793e3e7a0a79 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49513 – cpufreq: governor: Use kobject release() method to free dbs_data
https://notcve.org/view.php?id=CVE-2022-49513
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release() method to free dbs_data The struct dbs_data embeds a struct gov_attr_set and the struct gov_attr_set embeds a kobject. Since every kobject must have a release() method and we can't use kfree() to free it directly, so introduce cpufreq_dbs_data_release() to release the dbs_data via the kobject::release() method. This fixes the calltrace like below: ODEBUG: free active (active state 0) object type: tim... • https://git.kernel.org/stable/c/c4435630361d9bebf7154a0c842dc1fb7ae39c99 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49512 – mtd: rawnand: denali: Use managed device resources
https://notcve.org/view.php?id=CVE-2022-49512
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: denali: Use managed device resources All of the resources used by this driver has managed interfaces, so use them. Otherwise we will get the following splat: [ 4.472703] denali-nand-pci 0000:00:05.0: timeout while waiting for irq 0x1000 [ 4.474071] denali-nand-pci: probe of 0000:00:05.0 failed with error -5 [ 4.473538] nand: No NAND device found [ 4.474068] BUG: unable to handle page fault for address: ffffc90005000410 [ 4.475... • https://git.kernel.org/stable/c/93db446a424cee9387b532995e6b516667079555 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49508 – HID: elan: Fix potential double free in elan_input_configured
https://notcve.org/view.php?id=CVE-2022-49508
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elan_input_configured 'input' is a managed resource allocated with devm_input_allocate_device(), so there is no need to call input_free_device() explicitly or there will be a double free. According to the doc of devm_input_allocate_device(): * Managed input devices do not need to be explicitly unregistered or * freed as it will be done automatically when owner device unbinds from * its driver (or bind... • https://git.kernel.org/stable/c/9a6a4193d65b853020ef0e66cecdf9e64a863883 •
CVSS: 6.9EPSS: 0%CPEs: 10EXPL: 0CVE-2022-49505 – NFC: NULL out the dev->rfkill to prevent UAF
https://notcve.org/view.php?id=CVE-2022-49505
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFC: NULL out the dev->rfkill to prevent UAF Commit 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register_device") assumes the device_is_registered() in function nfc_dev_up() will help to check when the rfkill is unregistered. However, this check only take effect when device_del(&dev->dev) is done in nfc_unregister_device(). Hence, the rfkill object is still possible be dereferenced. The crash trace in latest kernel (5.18-rc2): [ 68.76... • https://git.kernel.org/stable/c/ff169909eac9e00bf1aa0af739ba6ddfb1b1d135 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49504 – scsi: lpfc: Inhibit aborts if external loopback plug is inserted
https://notcve.org/view.php?id=CVE-2022-49504
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Inhibit aborts if external loopback plug is inserted After running a short external loopback test, when the external loopback is removed and a normal cable inserted that is directly connected to a target device, the system oops in the llpfc_set_rrq_active() routine. When the loopback was inserted an FLOGI was transmit. As we're looped back, we receive the FLOGI request. The FLOGI is ABTS'd as we recognize the same wppn thus unde... • https://git.kernel.org/stable/c/a1516930cb605caee3bc7b4f3b7994b88c0b8505 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49503 – ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
https://notcve.org/view.php?id=CVE-2022-49503
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix The "rxstatus->rs_keyix" eventually gets passed to test_bit() so we need to ensure that it is within the bitmap. drivers/net/wireless/ath/ath9k/common.c:46 ath9k_cmn_rx_accept() error: passing untrusted data 'rx_stats->rs_keyix' to 'test_bit()' In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix potential out of bounds access with in... • https://git.kernel.org/stable/c/4ed1a8d4a25711f780b96920fff2bb531229e322 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49502 – media: rga: fix possible memory leak in rga_probe
https://notcve.org/view.php?id=CVE-2022-49502
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: rga: fix possible memory leak in rga_probe rga->m2m_dev needs to be freed when rga_probe fails. • https://git.kernel.org/stable/c/8ddc89437ccefa18279918c19a61fd81527f40b9 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49501 – usbnet: Run unregister_netdev() before unbind() again
https://notcve.org/view.php?id=CVE-2022-49501
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregister_netdev() before unbind() again Commit 2c9d6c2b871d ("usbnet: run unbind() before unregister_netdev()") sought to fix a use-after-free on disconnect of USB Ethernet adapters. It turns out that a different fix is necessary to address the issue: https://lore.kernel.org/netdev/18b3541e5372bc9b9fc733d422f4e698c089077c.1650177997.git.lukas@wunner.de/ So the commit was not necessary. The commit made binding and unbinding of ... • https://git.kernel.org/stable/c/6d5deb242874d924beccf7eb3cef04c1c3b0da79 •