CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48768 – tracing/histogram: Fix a potential memory leak for kstrdup()
https://notcve.org/view.php?id=CVE-2022-48768
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing/histogram: Fix a potential memory leak for kstrdup() kfree() is missing on an error path to free the memory allocated by kstrdup(): p = param = kstrdup(data->params[i], GFP_KERNEL); So it is better to free it via kfree(p). In the Linux kernel, the following vulnerability has been resolved: tracing/histogram: Fix a potential memory leak for kstrdup() kfree() is missing on an error path to free the memory allocated by kstrdup(): p = p... • https://git.kernel.org/stable/c/38b67e60b6b582e81f9db1b2e7176cbbfbd3e574 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48767 – ceph: properly put ceph_string reference after async create attempt
https://notcve.org/view.php?id=CVE-2022-48767
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: properly put ceph_string reference after async create attempt The reference acquired by try_prep_async_create is currently leaked. Ensure we put it. In the Linux kernel, the following vulnerability has been resolved: ceph: properly put ceph_string reference after async create attempt The reference acquired by try_prep_async_create is currently leaked. Ensure we put it. • https://git.kernel.org/stable/c/9a8d03ca2e2c334d08ee91a3e07dcce31a02fdc6 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48766 – drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU.
https://notcve.org/view.php?id=CVE-2022-48766
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU. Mirrors the logic for dcn30. Cue lots of WARNs and some kernel panics without this fix. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU. Mirrors the logic for dcn30. • https://git.kernel.org/stable/c/456ba2433844a6483cc4c933aa8f43d24575e341 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48765 – KVM: LAPIC: Also cancel preemption timer during SET_LAPIC
https://notcve.org/view.php?id=CVE-2022-48765
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: LAPIC: Also cancel preemption timer during SET_LAPIC The below warning is splatting during guest reboot. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1931 at arch/x86/kvm/x86.c:10322 kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] CPU: 0 PID: 1931 Comm: qemu-system-x86 Tainted: G I 5.17.0-rc1+ #5 RIP: 0010:kvm_arch_vcpu_ioctl_run+0x874/0x880 [kvm] Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48764 – KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}
https://notcve.org/view.php?id=CVE-2022-48764
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2} Free the "struct kvm_cpuid_entry2" array on successful post-KVM_RUN KVM_SET_CPUID{,2} to fix a memory leak, the callers of kvm_set_cpuid() free the array only on failure. BUG: memory leak unreferenced object 0xffff88810963a800 (size 2048): comm "syz-executor025", pid 3610, jiffies 4294944928 (age 8.080s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 0d ... • https://git.kernel.org/stable/c/24e7590c60aa9487b8e43583dc9885f62f8216c1 •
CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48763 – KVM: x86: Forcibly leave nested virt when SMM state is toggled
https://notcve.org/view.php?id=CVE-2022-48763
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virt when SMM state is toggled Forcibly leave nested virtualization operation if userspace toggles SMM state via KVM_SET_VCPU_EVENTS or KVM_SYNC_X86_EVENTS. If userspace forces the vCPU out of SMM while it's post-VMXON and then injects an SMI, vmx_enter_smm() will overwrite vmx->nested.smm.vmxon and end up with both vmxon=false and smm.vmxon=false, but all other nVMX state allocated. Don't attempt to graceful... • https://git.kernel.org/stable/c/080dbe7e9b86a0392d8dffc00d9971792afc121f •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48762 – arm64: extable: fix load_unaligned_zeropad() reg indices
https://notcve.org/view.php?id=CVE-2022-48762
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will contain EX_TYPE_LOAD_UNALIGNED_ZEROPAD (i.e. 4): * We'll always treat X0 as the address register, since EX_DATA_REG_ADDR is extracted from bits [9:5]. Thus, we may attempt to dereference an arbitrary address as X0 may hold an arbitrary v... • https://git.kernel.org/stable/c/753b32368705c396000f95f33c3b7018474e33ad •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48761 – usb: xhci-plat: fix crash when suspend if remote wake enable
https://notcve.org/view.php?id=CVE-2022-48761
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci-plat: fix crash when suspend if remote wake enable Crashed at i.mx8qm platform when suspend if enable remote wakeup Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 2 PID: 244 Comm: kworker/u12:6 Not tainted 5.15.5-dirty #12 Hardware name: Freescale i.MX8QM MEK (DT) Workqueue: events_unbound async_run_entry_fn pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : xhci_dis... • https://git.kernel.org/stable/c/20c51a4c52208f98e27308c456a1951778f41fa5 •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2022-48760 – USB: core: Fix hang in usb_kill_urb by adding memory barriers
https://notcve.org/view.php?id=CVE-2022-48760
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. It turns out the issue is not unlinking the URB; that works just fine. Rather, the problem arises when the wakeup notification that the URB has completed is not received. The reason is memory-access ordering on SMP systems. In outline form, usb_kill_urb() and __usb_hcd_giveback_ur... • https://git.kernel.org/stable/c/5f138ef224dffd15d5e5c5b095859719e0038427 • CWE-820: Missing Synchronization •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48759 – rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
https://notcve.org/view.php?id=CVE-2022-48759
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code frees the rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the cdev is a managed object, therefore its release is not predictable and the rpmsg_ctrldev could be freed before the cdev is entirely released, as in the backtrace below. [ 93.625603] ODEBUG: free active (active state 0) object type: timer_li... • https://git.kernel.org/stable/c/c0cdc19f84a4712cf74888f83af286e3c2e14efd •