CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48651 – ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
https://notcve.org/view.php?id=CVE-2022-48651
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit() to packet_direct_xmit() via setsockopt() with the option name of PACKET_QDISC_BYPASS, the skb->mac_header may not be reset and remains as the initial value of 65535, this may trigger slab-out-of-bounds bugs as following: ============... • https://git.kernel.org/stable/c/2ad7bf3638411cb547f2823df08166c13ab04269 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48648 – sfc: fix null pointer dereference in efx_hard_start_xmit
https://notcve.org/view.php?id=CVE-2022-48648
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: sfc: fix null pointer dereference in efx_hard_start_xmit Trying to get the channel from the tx_queue variable here is wrong because we can only be here if tx_queue is NULL, so we shouldn't dereference it. As the above comment in the code says, this is very unlikely to happen, but it's wrong anyway so let's fix it. I hit this issue because of a different bug that caused tx_queue to be NULL. If that happens, this is the error message that we ... • https://git.kernel.org/stable/c/12804793b17c0e19115a90d98f2f3df0cb79e233 •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48646 – sfc/siena: fix null pointer dereference in efx_hard_start_xmit
https://notcve.org/view.php?id=CVE-2022-48646
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: sfc/siena: fix null pointer dereference in efx_hard_start_xmit Like in previous patch for sfc, prevent potential (but unlikely) NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sfc/siena: corrige la desreferencia del puntero nulo en efx_hard_start_xmit Al igual que en el parche anterior para sfc, evita una posible (pero poco probable) desreferencia del puntero NULL. In the Linux kernel, the follow... • https://git.kernel.org/stable/c/12804793b17c0e19115a90d98f2f3df0cb79e233 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48645 – net: enetc: deny offload of tc-based TSN features on VF interfaces
https://notcve.org/view.php?id=CVE-2022-48645
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC (taprio, cbs, gate, police) are configured through a mix of command BD ring messages and port registers: enetc_port_rd(), enetc_port_wr(). Port registers are a region of the ENETC memory map which are only accessible from the PCIe Physical Function. They are not accessible from the Virtual Functions. Moreover, attempting to access these registers cr... • https://git.kernel.org/stable/c/34c6adf1977b611fca3b824ad12a2a415e1e420e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48644 – net/sched: taprio: avoid disabling offload when it was never enabled
https://notcve.org/view.php?id=CVE-2022-48644
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commit 87b60cfacf9f ("net_sched: fix error recovery at qdisc creation"), but apparently also earlier (in the case of qdisc_create_dflt()). The taprio qdisc does not fully acknowledge this when it attempts full offload, because it starts of... • https://git.kernel.org/stable/c/9c66d15646760eb8982242b4531c4d4fd36118fd •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48642 – netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
https://notcve.org/view.php?id=CVE-2022-48642
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() It seems to me that percpu memory for chain stats started leaking since commit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority to hardware priority") when nft_chain_offload_priority() returned an error. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: corrige la pérdida de memoria de percpu en nf_tables_addchain() Me par... • https://git.kernel.org/stable/c/3bc158f8d0330f0ac58597c023acca2234c14616 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48641 – netfilter: ebtables: fix memory leak when blob is malformed
https://notcve.org/view.php?id=CVE-2022-48641
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix memory leak when blob is malformed The bug fix was incomplete, it "replaced" crash with a memory leak. The old code had an assignment to "ret" embedded into the conditional, restore this. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: ebtables: corrige la pérdida de memoria cuando el blob tiene un formato incorrecto La corrección del error estaba incompleta, "reemplazó" el bloqueo con una... • https://git.kernel.org/stable/c/afd01382594d643e1adeb16826423b418cdf8b8b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48639 – net: sched: fix possible refcount leak in tc_new_tfilter()
https://notcve.org/view.php?id=CVE-2022-48639
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net: sched: fix possible refcount leak in tc_new_tfilter() tfilter_put need to be called to put the refount got by tp->ops->get to avoid possible refcount leak when chain->tmplt_ops != NULL and chain->tmplt_ops != tp->ops. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: sched: corrige posible fuga de recuento en tc_new_tfilter() Es necesario llamar a tfilter_put para colocar el recuento obtenido mediante tp->ops-&... • https://git.kernel.org/stable/c/7d5509fa0d3ddfe252b4418513e493ac98de3317 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48636 – s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
https://notcve.org/view.php?id=CVE-2022-48636
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL. The pavgroup pointer is checked on the entrance of the function but without the lcu->lock being held. Therefore there is a race window between dasd_alias_get_start_dev() and _lcu_update() which sets pavgroup to NULL with the lcu->lock held. Fix by checking the pavgroup pointer wit... • https://git.kernel.org/stable/c/8e09f21574ea3028d5629e5de759e0b196c690c5 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48634 – drm/gma500: Fix BUG: sleeping function called from invalid context errors
https://notcve.org/view.php?id=CVE-2022-48634
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gma_crtc_page_flip() was holding the event_lock spinlock while calling crtc_funcs->mode_set_base() which takes ww_mutex. The only reason to hold event_lock is to clear gma_crtc->page_flip_event on mode_set_base() errors. Instead unlock it after setting gma_crtc->page_flip_event and on errors re-take the lock and clear gma_crtc->page_flip_event it it is still set. This... • https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd •