CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49241 – ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe
https://notcve.org/view.php?id=CVE-2022-49241
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe The device_node pointer is returned by of_parse_phandle() with refcount incremented. We should use of_node_put() on it when done. This function only calls of_node_put() in the regular path. And it will cause refcount leak in error path. • https://git.kernel.org/stable/c/fdbcb3cba54b29a37dfe42acdc0e72c543e0807d •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49235 – ath9k_htc: fix uninit value bugs
https://notcve.org/view.php?id=CVE-2022-49235
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htc_connect_service() svc_meta_len and pad are not initialized. Based on code it looks like in current skb there is no service data, so simply initialize svc_meta_len to 0. htc_issue_send() does not initialize htc_frame_hdr::control array. Based on firmware code, it will initialize it by itself, so simply zero w... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49217 – scsi: pm8001: Fix abort all task initialization
https://notcve.org/view.php?id=CVE-2022-49217
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xx_send_abort_all(), the n_elem field of the ccb used is not initialized to 0. This missing initialization sometimes lead to the task completion path seeing the ccb with a non-zero n_elem resulting in the execution of invalid dma_unmap_sg() calls in pm8001_ccb_task_free(), causing a crash such as: [ 197.676341] RIP: 0010:iommu_dma_unmap_sg+0x6d/0x280 [ 197.700204] RSP: 0018:ffff889bbcf8... • https://git.kernel.org/stable/c/c6b9ef5779c3e1edfa9de949d2a51252bc347663 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49197 – af_netlink: Fix shift out of bounds in group mask calculation
https://notcve.org/view.php?id=CVE-2022-49197
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: af_netlink: Fix shift out of bounds in group mask calculation When a netlink message is received, netlink_recvmsg() fills in the address of the sender. One of the fields is the 32-bit bitfield nl_groups, which carries the multicast group on which the message was received. The least significant bit corresponds to group 1, and therefore the highest group that the field can represent is 32. Above that, the UB sanitizer flags the out-of-bounds ... • https://git.kernel.org/stable/c/f7fa9b10edbb9391bdd4ec8e8b3d621d0664b198 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49196 – powerpc/pseries: Fix use after free in remove_phb_dynamic()
https://notcve.org/view.php?id=CVE-2022-49196
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix use after free in remove_phb_dynamic() In remove_phb_dynamic() we use &phb->io_resource, after we've called device_unregister(&host_bridge->dev). But the unregister may have freed phb, because pcibios_free_controller_deferred() is the release function for the host_bridge. If there are no outstanding references when we call device_unregister() then phb will be freed out from under us. This has gone mainly unnoticed, but ... • https://git.kernel.org/stable/c/2dd9c11b9d4dfbd6c070eab7b81197f65e82f1a0 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49191 – mxser: fix xmit_buf leak in activate when LSR == 0xff
https://notcve.org/view.php?id=CVE-2022-49191
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmit_buf leak in activate when LSR == 0xff When LSR is 0xff in ->activate() (rather unlike), we return an error. Provided ->shutdown() is not called when ->activate() fails, nothing actually frees the buffer in this case. Fix this by properly freeing the buffer in a designated label. We jump there also from the "!info->type" if now too. • https://git.kernel.org/stable/c/6769140d304731f0a3b177470a2adb4bacd9036b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49190 – kernel/resource: fix kfree() of bootmem memory again
https://notcve.org/view.php?id=CVE-2022-49190
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree() of bootmem memory again Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_resource(). And it's required to release the resource using free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case. • https://git.kernel.org/stable/c/ebff7d8f270d045338d9f4796014f4db429a17f9 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49189 – clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
https://notcve.org/view.php?id=CVE-2022-49189
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a requirement on certain newer platforms to support M/N as (2/3) and the final D value calculated results in underflow errors. As the current implementation does not check for D value is within the accepted range for a given M & N value. Update the logic to calculate the final D value based on the range. • https://git.kernel.org/stable/c/99cbd064b059f222c8839ba433a68b2d6ee33066 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49185 – pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
https://notcve.org/view.php?id=CVE-2022-49185
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe This node pointer is returned by of_parse_phandle() with refcount incremented in this function. Calling of_node_put() to avoid the refcount leak. • https://git.kernel.org/stable/c/32e67eee670e1254ee5ab41e2f454680acb9c17c •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49180 – LSM: general protection fault in legacy_parse_param
https://notcve.org/view.php?id=CVE-2022-49180
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacy_parse_param The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular case Smack sees a mount option that it recognizes, and returns 0. A call to a BPF hook follows, which returns -ENOPARAM, which confuses the caller because Smack has processed its data. The SELinux hook incorrectl... • https://git.kernel.org/stable/c/ddcdda888e14ca451b3ee83d11b65b2a9c8e783b •