CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48815 – net: dsa: bcm_sf2: don't use devres for mdiobus
https://notcve.org/view.php?id=CVE-2022-48815
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The Starfighter 2 is a platform device, so the initial set o... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48814 – net: dsa: seville: register the mdiobus under devres
https://notcve.org/view.php?id=CVE-2022-48814
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: seville: register the mdiobus under devres As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The Seville VSC9959 switch is a platform device, so the... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48813 – net: dsa: felix: don't use devres for mdiobus
https://notcve.org/view.php?id=CVE-2022-48813
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The Felix VSC9959 switch is a PCI device, so the initial set o... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48812 – net: dsa: lantiq_gswip: don't use devres for mdiobus
https://notcve.org/view.php?id=CVE-2022-48812
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: don't use devres for mdiobus As explained in commits: 74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres") 5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() will panic when called from devm_mdiobus_free() <- devres_release_all() <- __device_release_driver(), and that mdiobus was not previously unregistered. The GSWIP switch is a platform device, so the initial s... • https://git.kernel.org/stable/c/ac3a68d56651c3dad2c12c7afce065fe15267f44 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48811 – ibmvnic: don't release napi in __ibmvnic_open()
https://notcve.org/view.php?id=CVE-2022-48811
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ibmvnic: don't release napi in __ibmvnic_open() If __ibmvnic_open() encounters an error such as when setting link state, it calls release_resources() which frees the napi structures needlessly. Instead, have __ibmvnic_open() only clean up the work it did so far (i.e. disable napi and irqs) and leave the rest to the callers. If caller of __ibmvnic_open() is ibmvnic_open(), it should release the resources immediately. If the caller is do_rese... • https://git.kernel.org/stable/c/ed651a10875f13135a5f59c1bae4d51b377b3925 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48810 – ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
https://notcve.org/view.php?id=CVE-2022-48810
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path ip[6]mr_free_table() can only be called under RTNL lock. RTNL: assertion failed at net/core/dev.c (10367) WARNING: CPU: 1 PID: 5890 at net/core/dev.c:10367 unregister_netdevice_many+0x1246/0x1850 net/core/dev.c:10367 Modules linked in: CPU: 1 PID: 5890 Comm: syz-executor.2 Not tainted 5.16.0-syzkaller-11627-g422ee58dc0ef #0 Hardware name: Google Google Compute Engi... • https://git.kernel.org/stable/c/f243e5a7859a24d10975afb9a1708cac624ba6f1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48809 – net: fix a memleak when uncloning an skb dst and its metadata
https://notcve.org/view.php?id=CVE-2022-48809
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fix a memleak when uncloning an skb dst and its metadata When uncloning an skb dst and its associated metadata, a new dst+metadata is allocated and later replaces the old one in the skb. This is helpful to have a non-shared dst+metadata attached to a specific skb. The issue is the uncloned dst+metadata is initialized with a refcount of 1, which is increased to 2 before attaching it to the skb. When tun_dst_unclone returns, the dst+meta... • https://git.kernel.org/stable/c/fc4099f17240767554ff3a73977acb78ef615404 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48806 – eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
https://notcve.org/view.php?id=CVE-2022-48806
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX Commit effa453168a7 ("i2c: i801: Don't silently correct invalid transfer size") revealed that ee1004_eeprom_read() did not properly limit how many bytes to read at once. In particular, i2c_smbus_read_i2c_block_data_or_emulated() takes the length to read as an u8. If count == 256 after taking into account the offset and page boundary, the cast to u8 overflows. And this is common when use... • https://git.kernel.org/stable/c/aca56c298e2a6d20ab6308e203a8d37f2a7759d3 •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 2CVE-2022-48805 – net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
https://notcve.org/view.php?id=CVE-2022-48805
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup ax88179_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The metadata array (hdr_off..hdr_off+2*pkt_cnt) can be out of bounds, causing OOB reads and (on big-endian systems) OOB endianness flips. - A packet can overlap the metadata array, causing a later OOB endianness flip to corrupt data used by ... • https://packetstorm.news/files/id/188959 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48804 – vt_ioctl: fix array_index_nospec in vt_setactivate
https://notcve.org/view.php?id=CVE-2022-48804
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with array_index_nospec. Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amster... • https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90 •