CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49471 – rtw89: cfo: check mac_id to avoid out-of-bounds
https://notcve.org/view.php?id=CVE-2022-49471
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtw89: cfo: check mac_id to avoid out-of-bounds Somehow, hardware reports incorrect mac_id and pollute memory. Check index before we access the array. UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23 index 188 is out of range for type 's32 [64]' CPU: 1 PID: 51550 Comm: irq/35-rtw89_pc Tainted: G OE Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49469 – btrfs: fix anon_dev leak in create_subvol()
https://notcve.org/view.php?id=CVE-2022-49469
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anon_dev leak in create_subvol() When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root() fail in create_subvol(), we return without freeing anon_dev. Reorganize the error handling in create_subvol() to fix this. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anon_dev leak in create_subvol() When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root() fail in creat... • https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49467 – drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
https://notcve.org/view.php?id=CVE-2022-49467
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() drm_gem_object_lookup will call drm_gem_object_get inside. So cursor_bo needs to be put when msm_gem_get_and_pin_iova fails. In the Linux kernel, the following vulnerability has been resolved: drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() drm_gem_object_lookup will call drm_gem_object_get inside. So cursor_bo needs to be put when msm_gem_get_and_pin_iova fails. • https://git.kernel.org/stable/c/e172d10a9c4acc69bb07cbe9142ded2df791ff1f •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49465 – blk-throttle: Set BIO_THROTTLED when bio has been throttled
https://notcve.org/view.php?id=CVE-2022-49465
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-throttle: Set BIO_THROTTLED when bio has been throttled 1.In current process, all bio will set the BIO_THROTTLED flag after __blk_throtl_bio(). 2.If bio needs to be throttled, it will start the timer and stop submit bio directly. Bio will submit in blk_throtl_dispatch_work_fn() when the timer expires.But in the current process, if bio is throttled. The BIO_THROTTLED will be set to bio after timer start. If the bio has been completed, it... • https://git.kernel.org/stable/c/0cfc8a0fb07cde61915e4a77c4794c47de3114a4 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49460 – PM / devfreq: rk3399_dmc: Disable edev on remove()
https://notcve.org/view.php?id=CVE-2022-49460
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: rk3399_dmc: Disable edev on remove() Otherwise we hit an unablanced enable-count when unbinding the DFI device: [ 1279.659119] ------------[ cut here ]------------ [ 1279.659179] WARNING: CPU: 2 PID: 5638 at drivers/devfreq/devfreq-event.c:360 devfreq_event_remove_edev+0x84/0x8c ... [ 1279.659352] Hardware name: Google Kevin (DT) [ 1279.659363] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--) [ 1279.659371] pc : devfreq_ev... • https://git.kernel.org/stable/c/664736e2cc09e504ce58ec61164d029d1f2651bb •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49457 – ARM: versatile: Add missing of_node_put in dcscb_init
https://notcve.org/view.php?id=CVE-2022-49457
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: versatile: Add missing of_node_put in dcscb_init The device_node pointer is returned by of_find_compatible_node with refcount incremented. We should use of_node_put() to avoid the refcount leak. In the Linux kernel, the following vulnerability has been resolved: ARM: versatile: Add missing of_node_put in dcscb_init The device_node pointer is returned by of_find_compatible_node with refcount incremented. We should use of_node_put() to a... • https://git.kernel.org/stable/c/2d7b23db35254b7d46e852967090c64cdccf24da •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49453 – soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc
https://notcve.org/view.php?id=CVE-2022-49453
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc The allocation funciton devm_kcalloc may fail and return a null pointer, which would cause a null-pointer dereference later. It might be better to check it and directly return -ENOMEM just like the usage of devm_kcalloc in previous code. In the Linux kernel, the following vulnerability has been resolved: soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc The al... • https://git.kernel.org/stable/c/05efc4591f80582b6fe53366b70b6a35a42fd255 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49450 – rxrpc: Fix listen() setting the bar too high for the prealloc rings
https://notcve.org/view.php?id=CVE-2022-49450
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix listen() setting the bar too high for the prealloc rings AF_RXRPC's listen() handler lets you set the backlog up to 32 (if you bump up the sysctl), but whilst the preallocation circular buffers have 32 slots in them, one of them has to be a dead slot because we're using CIRC_CNT(). This means that listen(rxrpc_sock, 32) will cause an oops when the socket is closed because rxrpc_service_prealloc_one() allocated one too many calls ... • https://git.kernel.org/stable/c/00e907127e6f86d0f9b122d9b4347a8aa09a8b61 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49449 – pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()
https://notcve.org/view.php?id=CVE-2022-49449
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() It will cause null-ptr-deref when using 'res', if platform_get_resource() returns NULL, so move using 'res' after devm_ioremap_resource() that will check it to avoid null-ptr-deref. And use devm_platform_get_and_ioremap_resource() to simplify code. In the Linux kernel, the following vulnerability has been resolved: pinctrl: renesas: rzn1: Fix possible null-ptr-der... • https://git.kernel.org/stable/c/b646e0cfeb38bf5f1944fd548f1dfa9b129fa00c •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49447 – ARM: hisi: Add missing of_node_put after of_find_compatible_node
https://notcve.org/view.php?id=CVE-2022-49447
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: hisi: Add missing of_node_put after of_find_compatible_node of_find_compatible_node will increment the refcount of the returned device_node. Calling of_node_put() to avoid the refcount leak In the Linux kernel, the following vulnerability has been resolved: ARM: hisi: Add missing of_node_put after of_find_compatible_node of_find_compatible_node will increment the refcount of the returned device_node. Calling of_node_put() to avoid the ... • https://git.kernel.org/stable/c/46cb7868811d025c3d29c10d18b3422db1cf20d5 •