CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48659 – mm/slub: fix to return errno if kmalloc() fails
https://notcve.org/view.php?id=CVE-2022-48659
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc() fails In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to out-of-memory, if it fails, return errno correctly rather than triggering panic via BUG_ON(); kernel BUG at mm/slub.c:5893! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Call trace: sysfs_slab_add+0x258/0x260 mm/slub.c:5973 __kmem_cache_create+0x60/0x118 mm/slub.c:4899 create_cache mm/slab_common.c:229 [inline] kmem_cache_create_use... • https://git.kernel.org/stable/c/81819f0fc8285a2a5a921c019e3e3d7b6169d225 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48658 – mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.
https://notcve.org/view.php?id=CVE-2022-48658
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. Commit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ context") moved all flush_cpu_slab() invocations to the global workqueue to avoid a problem related with deactivate_slab()/__free_slab() being called from an IRQ context on PREEMPT_RT kernels. When the flush_all_cpu_locked() function is called from a task context it ... • https://git.kernel.org/stable/c/5a836bf6b09f99ead1b69457ff39ab3011ece57b •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48657 – arm64: topology: fix possible overflow in amu_fie_setup()
https://notcve.org/view.php?id=CVE-2022-48657
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can potentially result in overflow -- multiplying by 1000ULL instead should avoid that... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. En el kernel de Linux, ... • https://git.kernel.org/stable/c/cd0ed03a8903a0b0c6fc36e32d133d1ddfe70cd6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48656 – dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()
https://notcve.org/view.php?id=CVE-2022-48656
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference returned by of_parse_phandle() in fail path or when it is not used anymore. Here we only need to move the of_node_put() before the check. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: ti: k3-udma-private: corrige el error de fuga de recuento en of_xudma_dev_get() Deberíamos llamar a of_no... • https://git.kernel.org/stable/c/d702419134133db1eab2067dc6ea5723467fd917 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48655 – firmware: arm_scmi: Harden accesses to the reset domains
https://notcve.org/view.php?id=CVE-2022-48655
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave. Add an internal consistency check before any such domains descriptors accesses. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scmi: Refuerza los acces... • https://git.kernel.org/stable/c/95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48654 – netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
https://notcve.org/view.php?id=CVE-2022-48654
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale kernel stack data to userspace. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nfnetlink_osf: corrige una posible coincidencia falsa en nf_osf_find() nf_osf_find() devuelve verdadero incorrectamente en ... • https://git.kernel.org/stable/c/22c7652cdaa8cd33ce78bacceb4e826a3f795873 • CWE-908: Use of Uninitialized Resource •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48653 – ice: Don't double unplug aux on peer initiated reset
https://notcve.org/view.php?id=CVE-2022-48653
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the ice_prepare_for_reset function. This double call is causing a "scheduling while atomic" BUG. [ 662.676430] ice 0000:4c:00.0 rocep76s0: cqp opcode = 0x1 maj_err_code = 0xffff min_err_code = 0x8003 [ 662.676609] ice 0000:4c:00.0 roc... • https://git.kernel.org/stable/c/f9f5301e7e2d4fa2445aab3ec889dac6b34ea63e •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48651 – ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
https://notcve.org/view.php?id=CVE-2022-48651
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit() to packet_direct_xmit() via setsockopt() with the option name of PACKET_QDISC_BYPASS, the skb->mac_header may not be reset and remains as the initial value of 65535, this may trigger slab-out-of-bounds bugs as following: ============... • https://git.kernel.org/stable/c/2ad7bf3638411cb547f2823df08166c13ab04269 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48650 – scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
https://notcve.org/view.php?id=CVE-2022-48650
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() Commit 8f394da36a36 ("scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG") made the __qlt_24xx_handle_abts() function return early if tcm_qla2xxx_find_cmd_by_tag() didn't find a command, but it missed to clean up the allocated memory for the management command. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: qla2xxx: Reparar pérdida de memoria en __qlt_24xx_han... • https://git.kernel.org/stable/c/8f394da36a361cbe0e1e8b1d4213e5598c8095ac •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48648 – sfc: fix null pointer dereference in efx_hard_start_xmit
https://notcve.org/view.php?id=CVE-2022-48648
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: sfc: fix null pointer dereference in efx_hard_start_xmit Trying to get the channel from the tx_queue variable here is wrong because we can only be here if tx_queue is NULL, so we shouldn't dereference it. As the above comment in the code says, this is very unlikely to happen, but it's wrong anyway so let's fix it. I hit this issue because of a different bug that caused tx_queue to be NULL. If that happens, this is the error message that we ... • https://git.kernel.org/stable/c/12804793b17c0e19115a90d98f2f3df0cb79e233 •