CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48701 – ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
https://notcve.org/view.php?id=CVE-2022-48701
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and the number of it's interfaces less than 4, an out-of-bounds read bug occurs when parsing the interface descriptor for this device. Fix this by checking the number of interfaces. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: corrige un error fuera de ... • https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48699 – sched/debug: fix dentry leak in update_sched_domain_debugfs
https://notcve.org/view.php?id=CVE-2022-48699
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/debug: fix dentry leak in update_sched_domain_debugfs Kuyo reports that the pattern of using debugfs_remove(debugfs_lookup()) leaks a dentry and with a hotplug stress test, the machine eventually runs out of memory. Fix this up by using the newly created debugfs_lookup_and_remove() call instead which properly handles the dentry reference counting logic. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched/debug:... • https://git.kernel.org/stable/c/26e9a1ded8923510e5529fbb28390b22228700c2 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48698 – drm/amd/display: fix memory leak when using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2022-48698
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix memory leak when using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. Fix this up by properly calling dput(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: soluciona la pérdida de memoria al usar debugfs_lookup() Al llamar a debugfs_lookup(), el resultado debe tener llamado dput(); de lo contrario... • https://git.kernel.org/stable/c/58acd2ebae034db3bacf38708f508fbd12ae2e54 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48697 – nvmet: fix a use-after-free
https://notcve.org/view.php?id=CVE-2022-48697
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a use-after-free Fix the following use-after-free complaint triggered by blktests nvme/004: BUG: KASAN: user-memory-access in blk_mq_complete_request_remote+0xac/0x350 Read of size 4 at addr 0000607bd1835943 by task kworker/13:1/460 Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop] Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e print_report.cold+0x36/0x1e2 kasan_report+0xb9/0xf0 __asan_load4+0x6b/0x80 blk... • https://git.kernel.org/stable/c/a07b4970f464f13640e28e16dad6cfa33647cc99 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48696 – regmap: spi: Reserve space for register address/padding
https://notcve.org/view.php?id=CVE-2022-48696
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the max_raw_read and max_raw_write limits in regmap_spi struct do not take into account the additional size of the transmitted register address and padding. This may result in exceeding the maximum permitted SPI message size, which could cause undefined behaviour, e.g. data corruption. Fix regmap_get_spi_bus() to properly adjust the above mentioned limits by reserving spa... • https://git.kernel.org/stable/c/f231ff38b7b23197013b437128d196710fe282da • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48694 – RDMA/irdma: Fix drain SQ hang with no completion
https://notcve.org/view.php?id=CVE-2022-48694
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error target the wrong CQ. This causes the ib_drain_sq to hang with no completion. Fix this to generate completions on the right CQ. [ 863.969340] INFO: task kworker/u52:2:671 blocked for more than 122 seconds. [ 863.979224] Not tainted 5.14.0-130.el9.x86_64 #1 [ 863.986588] "echo 0 > /proc/sys/kernel/hung_t... • https://git.kernel.org/stable/c/81091d7696ae71627ff80bbf2c6b0986d2c1cce3 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48693 – soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
https://notcve.org/view.php?id=CVE-2022-48693
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs In brcmstb_pm_probe(), there are two kinds of leak bugs: (1) we need to add of_node_put() when for_each__matching_node() breaks (2) we need to add iounmap() for each iomap in fail path En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: brcmstb: pm-arm: corrige los errores de fuga de refcount y __iomem En brcmstb_pm_probe(), hay dos tipos de errores de fuga... • https://git.kernel.org/stable/c/0b741b8234c86065fb6954d32d427b3f7e14756f • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48692 – RDMA/srp: Set scmnd->result only when scmnd is not NULL
https://notcve.org/view.php?id=CVE-2022-48692
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd->result only when scmnd is not NULL This change fixes the following kernel NULL pointer dereference which is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address: 0000000000000170 PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 9 Comm: kworker/0:1H Kdump: loaded Not tainted 6.0.0-rc1+ #37 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0df... • https://git.kernel.org/stable/c/ad215aaea4f9d637f441566cdbbc610e9849e1fa • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48691 – netfilter: nf_tables: clean up hook list when offload flags check fails
https://notcve.org/view.php?id=CVE-2022-48691
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clean up hook list when offload flags check fails splice back the hook list so nft_chain_release_hook() has a chance to release the hooks. BUG: memory leak unreferenced object 0xffff88810180b100 (size 96): comm "syz-executor133", pid 3619, jiffies 4294945714 (age 12.690s) hex dump (first 32 bytes): 28 64 23 02 81 88 ff ff 28 64 23 02 81 88 ff ff (d#.....(d#..... 90 a8 aa 83 ff ff ff ff 00 00 b5 0f 81 88... • https://git.kernel.org/stable/c/d54725cd11a57c30f650260cfb0a92c268bdc3e0 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48689 – tcp: TX zerocopy should not sense pfmemalloc status
https://notcve.org/view.php?id=CVE-2022-48689
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using page_is_pfmemalloc() is moot, and possibly could give false positives. There has been attempts to make page_is_pfmemalloc() more robust, but not using it in the first place in this context is probably better, removi... • https://git.kernel.org/stable/c/c07aea3ef4d4076f18f567b98ed01e082e02ed51 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •