CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48972 – mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
https://notcve.org/view.php?id=CVE-2022-48972
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114 Call Trace:
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48971 – Bluetooth: Fix not cleanup led when bt_init fails
https://notcve.org/view.php?id=CVE-2022-48971
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix not cleanup led when bt_init fails bt_init() calls bt_leds_init() to register led, but if it fails later, bt_leds_cleanup() is not called to unregister it. This can cause panic if the argument "bluetooth-power" in text is freed and then another led_trigger_register() tries to access it: BUG: unable to handle page fault for address: ffffffffc06d3bc0 RIP: 0010:strcmp+0xc/0x30 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48969 – xen-netfront: Fix NULL sring after live migration
https://notcve.org/view.php?id=CVE-2022-48969
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Fix NULL sring after live migration A NAPI is setup for each network sring to poll data to kernel The sring with source host is destroyed before live migration and new sring with target host is setup after live migration. The NAPI for the old sring is not deleted until setup new sring with target host after migration. With busy_poll/busy_read enabled, the NAPI can be polled before got deleted when resume VM. BUG: unable to han... • https://git.kernel.org/stable/c/4ec2411980d0fd2995e8dea8a06fe57aa47523cb •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48967 – NFC: nci: Bounds check struct nfc_target arrays
https://notcve.org/view.php?id=CVE-2022-48967
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18) This appears to be a legitimate lack of bounds checking in nci_add_new_protocol(). Add the missing checks. In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_ta... • https://git.kernel.org/stable/c/019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5 •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48966 – net: mvneta: Prevent out of bounds read in mvneta_config_rss()
https://notcve.org/view.php?id=CVE-2022-48966
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkeding to ensure that it is not beyond the end of the cpu bitmap. In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes fr... • https://git.kernel.org/stable/c/cad5d847a093077b499a8b0bbfe6804b9226c03e •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48962 – net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
https://notcve.org/view.php?id=CVE-2022-48962
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-afte... • https://git.kernel.org/stable/c/542ae60af24f02e130e62cb3b7c23163a2350056 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48961 – net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
https://notcve.org/view.php?id=CVE-2022-48961
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix unbalanced fwnode reference count in mdio_device_release() There is warning report about of_node refcount leak while probing mdio device: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /spi/soc@0/mdio@710700c0/ethernet@4 In of_mdiobus_register_device(), we increase fwnode refcount by fwnode_handle_get() before associating the of_node w... • https://git.kernel.org/stable/c/a9049e0c513c4521dbfaa302af8ed08b3366b41f •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48960 – net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
https://notcve.org/view.php?id=CVE-2022-48960
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free... • https://git.kernel.org/stable/c/57c5bc9ad7d799e9507ba6e993398d2c55f03fab •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48958 – ethernet: aeroflex: fix potential skb leak in greth_init_rings()
https://notcve.org/view.php?id=CVE-2022-48958
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in greth_init_rings() The greth_init_rings() function won't free the newly allocated skb when dma_mapping_error() returns error, so add dev_kfree_skb() to fix it. Compile tested only. In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in greth_init_rings() The greth_init_rings() function won't free the newly allocated skb when dma_mapping_... • https://git.kernel.org/stable/c/d4c41139df6e74c6fff0cbac43e51cab782133be •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48956 – ipv6: avoid use-after-free in ip6_fragment()
https://notcve.org/view.php?id=CVE-2022-48956
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot reported: BUG: KASAN: use-after-free in ip6_dst_idev include/net/ip6_fib.h:245 [inline] BUG: KASAN: use-after-free in ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951 Read of size 8 at addr ffff88801d403e80 by task syz-executor.3/7618 CPU: 1 PID: 7618 Comm: ... • https://git.kernel.org/stable/c/1758fd4688eb92c796e75bdb1d256dc558ef9581 •