CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49112 – mt76: fix monitor mode crash with sdio driver
https://notcve.org/view.php?id=CVE-2022-49112
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: fix monitor mode crash with sdio driver mt7921s driver may receive frames with fragment buffers. If there is a CTS packet received in monitor mode, the payload is 10 bytes only and need 6 bytes header padding after RXD buffer. However, only RXD in the first linear buffer, if we pull buffer size RXD-size+6 bytes with skb_pull(), that would trigger "BUG_ON(skb->len < skb->data_len)" in __skb_pull(). To avoid the nonlinear buffer issue, ... • https://git.kernel.org/stable/c/7bc04215a66b60e198aecaee8418f6d79fa19faa •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49111 – Bluetooth: Fix use after free in hci_send_acl
https://notcve.org/view.php?id=CVE-2022-49111
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receiving HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without first checking if conn->type is in fact AMP_LINK and in case it is do properly cleanup upper layers with hci_disconn_cfm: ================================================================== BUG: KASAN: use-after-free in hci_send_acl+0xaba/0xc50 Read of size 8 at addr ffff88800e... • https://git.kernel.org/stable/c/9eef6b3a9e38d5f8ad315b2a7db153392e6a77d6 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49110 – netfilter: conntrack: revisit gc autotuning
https://notcve.org/view.php?id=CVE-2022-49110
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: revisit gc autotuning as of commit 4608fdfc07e1 ("netfilter: conntrack: collect all entries in one cycle") conntrack gc was changed to run every 2 minutes. On systems where conntrack hash table is set to large value, most evictions happen from gc worker rather than the packet path due to hash table distribution. This causes netlink event overflows when events are collected. This change collects average expiry of scanne... • https://git.kernel.org/stable/c/4608fdfc07e116f9fc0895beb40abad7cdb5ee3d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49109 – ceph: fix inode reference leakage in ceph_get_snapdir()
https://notcve.org/view.php?id=CVE-2022-49109
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode reference leakage in ceph_get_snapdir() The ceph_get_inode() will search for or insert a new inode into the hash for the given vino, and return a reference to it. If new is non-NULL, its reference is consumed. We should release the reference when in error handing cases. In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode reference leakage in ceph_get_snapdir() The ceph_get_inode() will search ... • https://git.kernel.org/stable/c/9030aaf9bf0a1eee47a154c316c789e959638b0f • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49107 – ceph: fix memory leak in ceph_readdir when note_last_dentry returns error
https://notcve.org/view.php?id=CVE-2022-49107
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error Reset the last_readdir at the same time, and add a comment explaining why we don't free last_readdir when dir_emit returns false. • https://git.kernel.org/stable/c/9030aaf9bf0a1eee47a154c316c789e959638b0f • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49106 – staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances
https://notcve.org/view.php?id=CVE-2022-49106
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances vchiq_get_state() can return a NULL pointer. So handle this cases and avoid a NULL pointer derefence in vchiq_dump_platform_instances. • https://git.kernel.org/stable/c/71bad7f086419dc674244b91ca35a12bfa4cb597 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49104 – staging: vchiq_core: handle NULL result of find_service_by_handle
https://notcve.org/view.php?id=CVE-2022-49104
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: vchiq_core: handle NULL result of find_service_by_handle In case of an invalid handle the function find_servive_by_handle returns NULL. So take care of this and avoid a NULL pointer dereference. • https://git.kernel.org/stable/c/71bad7f086419dc674244b91ca35a12bfa4cb597 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49100 – virtio_console: eliminate anonymous module_init & module_exit
https://notcve.org/view.php?id=CVE-2022-49100
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_console: eliminate anonymous module_init & module_exit Eliminate anonymous module_init() and module_exit(), which can lead to confusion or ambiguity when reading System.map, crashes/oops/bugs, or an initcall_debug log. Give each of these init and exit functions unique driver-specific names to eliminate the anonymous names. Example 1: (System.map) ffffffff832fc78c t init ffffffff832fc79e t init ffffffff832fc8f8 t init Example 2: (init... • https://git.kernel.org/stable/c/31610434bc3523c0b01a10917a1185096a03c4c8 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49098 – Drivers: hv: vmbus: Fix potential crash on module unload
https://notcve.org/view.php?id=CVE-2022-49098
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix potential crash on module unload The vmbus driver relies on the panic notifier infrastructure to perform some operations when a panic event is detected. Since vmbus can be built as module, it is required that the driver handles both registering and unregistering such panic notifier callback. After commit 74347a99e73a ("x86/Hyper-V: Unload vmbus channel in hv panic callback") though, the panic notifier registration is... • https://git.kernel.org/stable/c/5e059fc0f054309036d3f612bc8b0a502ca58545 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49095 – scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
https://notcve.org/view.php?id=CVE-2022-49095
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() The error handling path of the probe releases a resource that is not freed in the remove function. In some cases, a ioremap() must be undone. Add the missing iounmap() call in the remove function. In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() The error handling path of the probe releases a resource ... • https://git.kernel.org/stable/c/45804fbb00eea27bdf4d62751681228a9e2844e9 •