CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49217 – scsi: pm8001: Fix abort all task initialization
https://notcve.org/view.php?id=CVE-2022-49217
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xx_send_abort_all(), the n_elem field of the ccb used is not initialized to 0. This missing initialization sometimes lead to the task completion path seeing the ccb with a non-zero n_elem resulting in the execution of invalid dma_unmap_sg() calls in pm8001_ccb_task_free(), causing a crash such as: [ 197.676341] RIP: 0010:iommu_dma_unmap_sg+0x6d/0x280 [ 197.700204] RSP: 0018:ffff889bbcf8... • https://git.kernel.org/stable/c/c6b9ef5779c3e1edfa9de949d2a51252bc347663 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49216 – drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
https://notcve.org/view.php?id=CVE-2022-49216
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Fix reference leak in tegra_dsi_ganged_probe The reference taken by 'of_find_device_by_node()' must be released when not needed anymore. Add put_device() call to fix this. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed. • https://git.kernel.org/stable/c/e94236cde4d519cdecd45e2435defba33abdc99f •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49215 – xsk: Fix race at socket teardown
https://notcve.org/view.php?id=CVE-2022-49215
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. The current xsk unbind code in xsk_unbind_dev() starts by setting xs->state to XSK_UNBOUND, sets xs->dev to NULL and then waits for any NAPI processing to terminate using synchronize_net(). After that, the release code starts to tear down the socket state and free allocated memory. BUG: kernel NULL pointer dereferen... • https://git.kernel.org/stable/c/42fddcc7c64b723a867c7b2f5f7505e244212f13 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49214 – powerpc/64s: Don't use DSISR for SLB faults
https://notcve.org/view.php?id=CVE-2022-49214
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Don't use DSISR for SLB faults Since commit 46ddcb3950a2 ("powerpc/mm: Show if a bad page fault on data is read or write.") we use page_fault_is_write(regs->dsisr) in __bad_page_fault() to determine if the fault is for a read or write, and change the message printed accordingly. But SLB faults, aka Data Segment Interrupts, don't set DSISR (Data Storage Interrupt Status Register) to a useful value. All ISA versions from v2.03 th... • https://git.kernel.org/stable/c/46ddcb3950a28c0df4815e8dbb8d4b91d5d9f22d •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49213 – ath10k: Fix error handling in ath10k_setup_msa_resources
https://notcve.org/view.php?id=CVE-2022-49213
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix error handling in ath10k_setup_msa_resources The device_node pointer is returned by of_parse_phandle() with refcount incremented. We should use of_node_put() on it when done. This function only calls of_node_put() in the regular path. And it will cause refcount leak in error path. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed. • https://git.kernel.org/stable/c/727fec790ead3d75e2735f66209949c2163523ea •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49212 – mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
https://notcve.org/view.php?id=CVE-2022-49212
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init The reference counting issue happens in several error handling paths on a refcounted object "nc->dmac". In these paths, the function simply returns the error code, forgetting to balance the reference count of "nc->dmac", increased earlier by dma_request_channel(), which may cause refcount leaks. Fix it by decrementing the refcount of specific object in those error paths. ... • https://git.kernel.org/stable/c/f88fc122cc34c2545dec9562eaab121494e401ef •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49211 – mips: cdmm: Fix refcount leak in mips_cdmm_phys_base
https://notcve.org/view.php?id=CVE-2022-49211
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mips: cdmm: Fix refcount leak in mips_cdmm_phys_base The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it when done Add the missing of_node_put() to release the refcount. • https://git.kernel.org/stable/c/2121aa3e2312ccc1d6299154dc4f07a6ab8beee2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49210 – MIPS: pgalloc: fix memory leak caused by pgd_free()
https://notcve.org/view.php?id=CVE-2022-49210
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: MIPS: pgalloc: fix memory leak caused by pgd_free() pgd page is freed by generic implementation pgd_free() since commit f9cb654cb550 ("asm-generic: pgalloc: provide generic pgd_free()"), however, there are scenarios that the system uses more than one page as the pgd table, in such cases the generic implementation pgd_free() won't be applicable anymore. For example, when PAGE_SIZE_4KB is enabled and MIPS_VA_BITS_48 is not enabled in a 64bit ... • https://git.kernel.org/stable/c/f9cb654cb550b7b87e8608b14fc3eca432429ffe •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49209 – bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
https://notcve.org/view.php?id=CVE-2022-49209
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full If tcp_bpf_sendmsg() is running while sk msg is full. When sk_msg_alloc() returns -ENOMEM error, tcp_bpf_sendmsg() goes to wait_for_memory. If partial memory has been alloced by sk_msg_alloc(), that is, msg_tx->sg.size is greater than osize after sk_msg_alloc(), memleak occurs. To fix we use sk_msg_trim() to release the allocated memory, then goto wait for memory. Other call ... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49208 – RDMA/irdma: Prevent some integer underflows
https://notcve.org/view.php?id=CVE-2022-49208
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Prevent some integer underflows My static checker complains that: drivers/infiniband/hw/irdma/ctrl.c:3605 irdma_sc_ceq_init() warn: can subtract underflow 'info->dev->hmc_fpm_misc.max_ceqs'? It appears that "info->dev->hmc_fpm_misc.max_ceqs" comes from the firmware in irdma_sc_parse_fpm_query_buf() so, yes, there is a chance that it could be zero. Even if we trust the firmware, it's easy enough to change the condition just as a ... • https://git.kernel.org/stable/c/3f49d684256963d3f27dfb9d9ff228e2255be78d •