
CVE-2022-49241 – ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe
https://notcve.org/view.php?id=CVE-2022-49241
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe The device_node pointer is returned by of_parse_phandle() with refcount incremented. • https://git.kernel.org/stable/c/fdbcb3cba54b29a37dfe42acdc0e72c543e0807d •

CVE-2022-49240 – ASoC: mediatek: mt8195: Fix error handling in mt8195_mt6359_rt1019_rt5682_dev_probe
https://notcve.org/view.php?id=CVE-2022-49240
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Fix error handling in mt8195_mt6359_rt1019_rt5682_dev_probe The device_node pointer is returned by of_parse_phandle() with refcount incremented. • https://git.kernel.org/stable/c/082482a5022780d42180a394fe6843e71fe963d8 •

CVE-2022-49239 – ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data
https://notcve.org/view.php?id=CVE-2022-49239
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data The device_node pointer is returned by of_parse_phandle() with refcount incremented. We should use of_node_put() on it when done. This is similar to commit 64b92de9603f ("ASoC: wcd9335: fix a leaked reference by adding missing of_node_put") The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. • https://git.kernel.org/stable/c/a61f3b4f476eceb25274161e5a53a8d18e42610b •

CVE-2022-49238 – ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855
https://notcve.org/view.php?id=CVE-2022-49238
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 Commit b4a0f54156ac ("ath11k: move peer delete after vdev stop of station for QCA6390 and WCN6855") is to fix firmware crash by changing the WMI command sequence, but actually skip all the peer delete operation, then it lead commit 58595c9874c6 ("ath11k: Fixing dangling pointer issue upon peer delete failure") not take effect, and then happened a use-after-free... • https://git.kernel.org/stable/c/b4a0f54156ac7720de1750b6ea06657c91c52163 • CWE-416: Use After Free •

CVE-2022-49237 – ath11k: add missing of_node_put() to avoid leak
https://notcve.org/view.php?id=CVE-2022-49237
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: add missing of_node_put() to avoid leak The node pointer is returned by of_find_node_by_type() or of_parse_phandle() with refcount incremented. • https://git.kernel.org/stable/c/6ac04bdc5edb418787ab2040b1f922c23464c750 •

CVE-2022-49236 – bpf: Fix UAF due to race between btf_try_get_module and load_module
https://notcve.org/view.php?id=CVE-2022-49236
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF due to race between btf_try_get_module and load_module While working on code to populate kfunc BTF ID sets for module BTF from its initcall, I noticed that by the time the initcall is invoked, the module BTF can already be seen by userspace (and the BPF verifier). In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF due to race between btf_try_get_module and load_module While working on... • https://git.kernel.org/stable/c/541c3bad8dc51b253ba8686d0cd7628e6b9b5f4c • CWE-416: Use After Free •

CVE-2022-49235 – ath9k_htc: fix uninit value bugs
https://notcve.org/view.php?id=CVE-2022-49235
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. ... Uninit was created at: slab_post_alloc_hook mm/slab.h:524 [inline] slab_alloc_node mm/slub.c:3251 [inline] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1126 [inline] htc_connect_service+0x1029/0x1960 drivers/net/wirel... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 • CWE-908: Use of Uninitialized Resource •

CVE-2022-49234 – net: dsa: Avoid cross-chip syncing of VLAN filtering
https://notcve.org/view.php?id=CVE-2022-49234
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: Avoid cross-chip syncing of VLAN filtering Changes to VLAN filtering are not applicable to cross-chip notifications. • https://git.kernel.org/stable/c/d371b7c92d190448f3ccbf082c90bf929285f648 •

CVE-2022-49233 – drm/amd/display: Call dc_stream_release for remove link enc assignment
https://notcve.org/view.php?id=CVE-2022-49233
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Call dc_stream_release for remove link enc assignment [Why] A porting error resulted in the stream assignment for the link being retained without being released - a memory leak. • https://git.kernel.org/stable/c/0bb24555858403671657f6dc025d2931e3e857bb •

CVE-2022-49232 – drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
https://notcve.org/view.php?id=CVE-2022-49232
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() In amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode() is assigned to mode and is passed to drm_mode_probed_add() directly after that. • https://git.kernel.org/stable/c/e7b07ceef2a650e5ed8ca37997689e086c680daf •