CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48847 – watch_queue: Fix filter limit check
https://notcve.org/view.php?id=CVE-2022-48847
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: watch_queue: Fix filter limit check In watch_queue_set_filter(), there are a couple of places where we check that the filter type value does not exceed what the type_filter bitmap can hold. One place calculates the number of bits by: if (tf[i].type >= sizeof(wfilter->type_filter) * 8) which is fine, but the second does: if (tf[i].type >= sizeof(wfilter->type_filter) * BITS_PER_LONG) which is not. This can lead to a couple of out-of-bounds w... • https://git.kernel.org/stable/c/c73be61cede5882f9605a852414db559c0ebedfd • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48845 – MIPS: smp: fill in sibling and core maps earlier
https://notcve.org/view.php?id=CVE-2022-48845
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: MIPS: smp: fill in sibling and core maps earlier After enabling CONFIG_SCHED_CORE (landed during 5.14 cycle), 2-core 2-thread-per-core interAptiv (CPS-driven) started emitting the following: [ 0.025698] CPU1 revision is: 0001a120 (MIPS interAptiv (multi)) [ 0.048183] ------------[ cut here ]------------ [ 0.048187] WARNING: CPU: 1 PID: 0 at kernel/sched/core.c:6025 sched_core_cpu_starting+0x198/0x240 [ 0.048220] Modules linked in: [ 0.04823... • https://git.kernel.org/stable/c/7315f8538db009605ffba00370678142ef00ac98 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48844 – Bluetooth: hci_core: Fix leaking sent_cmd skb
https://notcve.org/view.php?id=CVE-2022-48844
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix leaking sent_cmd skb sent_cmd memory is not freed before freeing hci_dev causing it to leak it contents. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix leaking sent_cmd skb sent_cmd memory is not freed before freeing hci_dev causing it to leak it contents. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bug fixes. • https://git.kernel.org/stable/c/3679ccc09d8806686d579095ed504e045af7f7d6 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48843 – drm/vrr: Set VRR capable prop only if it is attached to connector
https://notcve.org/view.php?id=CVE-2022-48843
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vrr: Set VRR capable prop only if it is attached to connector VRR capable property is not attached by default to the connector It is attached only if VRR is supported. So if the driver tries to call drm core set prop function without it being attached that causes NULL dereference. In the Linux kernel, the following vulnerability has been resolved: drm/vrr: Set VRR capable prop only if it is attached to connector VRR capable property is ... • https://git.kernel.org/stable/c/941e8bcd2b2ba95490738e33dfeca27168452779 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48839 – net/packet: fix slab-out-of-bounds access in packet_recvmsg()
https://notcve.org/view.php?id=CVE-2022-48839
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[], triggering a too big copy [1] Presumably, users of af_packet using mmap() already gets correct metadata from the mapped buffer, we can simply make sure to clear 12 bytes that might be copied to user space later. BUG: KASAN: stack-ou... • https://git.kernel.org/stable/c/0fb375fb9b93b7d822debc6a734052337ccfdb1f • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48838 – usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
https://notcve.org/view.php?id=CVE-2022-48838
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320 Read of size 8 at addr ffff88802b934098 by task udevd/3689 CPU: 2 PID: 3689 Comm: udevd Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48837 – usb: gadget: rndis: prevent integer overflow in rndis_set_response()
https://notcve.org/view.php?id=CVE-2022-48837
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: prevent integer overflow in rndis_set_response() If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: usb: gadget:rndis: previene el desbordamiento de enteros en rndis_set_response() Si "BufOffset" es muy grande la operación "BufOffset + 8" puede tener un desbordamiento de enteros. In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/ff0a90739925734c91c7e39befe3f4378e0c1369 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-48836 – Input: aiptek - properly check endpoint type
https://notcve.org/view.php?id=CVE-2022-48836
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint. Fix it by replacing old desc.bNumEndpoints check with usb_find_common_endpoints() helper for finding endpoints Fail log: usb 5-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0x... • https://git.kernel.org/stable/c/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48835 – scsi: mpt3sas: Page fault in reply q processing
https://notcve.org/view.php?id=CVE-2022-48835
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Page fault in reply q processing A page fault was encountered in mpt3sas on a LUN reset error path: [ 145.763216] mpt3sas_cm1: Task abort tm failed: handle(0x0002),timeout(30) tr_method(0x0) smid(3) msix_index(0) [ 145.778932] scsi 1:0:0:0: task abort: FAILED scmd(0x0000000024ba29a2) [ 145.817307] scsi 1:0:0:0: attempting device reset! scmd(0x0000000024ba29a2) [ 145.827253] scsi 1:0:0:0: [sg1] tag#2 CDB: Receive Diagnostic 1c... • https://git.kernel.org/stable/c/711a923c14d9a48d15a30a2c085184954bf04931 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48834 – usb: usbtmc: Fix bug in pipe direction for control transfers
https://notcve.org/view.php?id=CVE-2022-48834
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fix bug in pipe direction for control transfers The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: BOGUS control dir, pipe 80001e80 doesn't match bRequestType 0 WARNING: CPU: 0 PID: 3813 at drivers/usb/core/urb.c:412 usb_submit_urb+0x13a5/0x1970 drivers/usb/core/urb.c:410 Modules linked in: CPU: 0 PID: 3813 Comm: syz-executor122 Not tainted 5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0 ... Call Trace: