CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49545 – ALSA: usb-audio: Cancel pending work at closing a MIDI substream
https://notcve.org/view.php?id=CVE-2022-49545
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For fixing the race, make sure to cancel the pending work at closing. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB M... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49544 – ipw2x00: Fix potential NULL dereference in libipw_xmit()
https://notcve.org/view.php?id=CVE-2022-49544
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The fo... • https://git.kernel.org/stable/c/f1bf6638af9e9bbbb6fb0b769054fb7db1ae652f • CWE-476: NULL Pointer Dereference •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49543 – ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()
https://notcve.org/view.php?id=CVE-2022-49543
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() When test device recovery with below command, it has warning in message as below. echo assert > /sys/kernel/debug/ath11k/wcn6855\ hw2.0/simulate_fw_crash echo assert > /sys/kernel/debug/ath11k/qca6390\ hw2.0/simulate_fw_crash warning message: [ 1965.642121] ath11k_pci 0000:06:00.0: simulating firmware assert crash [ 1968.471364] ieee80211 phy0: Hardware restart was requested... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49540 – rcu-tasks: Fix race in schedule and flush work
https://notcve.org/view.php?id=CVE-2022-49540
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix race in schedule and flush work While booting secondary CPUs, cpus_read_[lock/unlock] is not keeping online cpumask stable. The transient online mask results in below calltrace. [ 0.324121] CPU1: Booted secondary processor 0x0000000001 [0x410fd083] [ 0.346652] Detected PIPT I-cache on CPU2 [ 0.347212] CPU2: Booted secondary processor 0x0000000002 [0x410fd083] [ 0.377255] Detected PIPT I-cache on CPU3 [ 0.377823] CPU3: Booted ... • https://git.kernel.org/stable/c/c84aad765406c4c7573ce449e8a9977ebb8f4cb9 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49538 – ALSA: jack: Access input_dev under mutex
https://notcve.org/view.php?id=CVE-2022-49538
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_report, which causes NULL pointer dereference. In order to prevent this serialize access to input_dev using mutex lock. In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_repo... • https://git.kernel.org/stable/c/32b8544296b944b204b33f9837701d4d0b9adefe • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49536 – scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
https://notcve.org/view.php?id=CVE-2022-49536
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: native_queued_spin_lock_slowpath+0x192 _raw_spin_lock_irqsave+0x32 lpfc_handle_fcp_err+0x4c6 lpfc_fcp_io_cmd_wqe_cmpl+0x964 lpfc_sli4_fp_handle_cqe+0x266 __lpfc_sli4_process_cq+0x105 __lpfc_sli4_hba_process_cq+0x3c lpfc_cq_poll_hdler+0x16 irq_poll_softirq+0x76 __softirqentry_text_start+0xe4 ir... • https://git.kernel.org/stable/c/c2017260eea2db62e7bb1b7cbb1759f1d11ed067 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49534 – scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
https://notcve.org/view.php?id=CVE-2022-49534
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s login_mbox). Check if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(), and then free it back to phba->mbox_mem_pool along with mbox->ctx_buf for service parameters. For lpfc_els_rsp_reject() failure, free both the ctx_... • https://git.kernel.org/stable/c/858c9f6c19c6f9bf86cbbc64ce0d17c61d6131b8 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49533 – ath11k: Change max no of active probe SSID and BSSID to fw capability
https://notcve.org/view.php?id=CVE-2022-49533
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: Change max no of active probe SSID and BSSID to fw capability The maximum number of SSIDs in a for active probe requests is currently reported as 16 (WLAN_SCAN_PARAMS_MAX_SSID) when registering the driver. The scan_req_params structure only has the capacity to hold 10 SSIDs. This leads to a buffer overflow which can be triggered from wpa_supplicant in userspace. When copying the SSIDs into the scan_req_params structure in the ath11k... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49532 – drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
https://notcve.org/view.php?id=CVE-2022-49532
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: [ 168.567394] FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 [ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1 [ 168.567406] Hardware name... • https://git.kernel.org/stable/c/dc5698e80cf724770283e10414054662bdf6ccfa • CWE-476: NULL Pointer Dereference •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49531 – loop: implement ->free_disk
https://notcve.org/view.php?id=CVE-2022-49531
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: implement ->free_disk Ensure that the lo_device which is stored in the gendisk private data is valid until the gendisk is freed. Currently the loop driver uses a lot of effort to make sure a device is not freed when it is still in use, but to to fix a potential deadlock this will be relaxed a bit soon. In the Linux kernel, the following vulnerability has been resolved: loop: implement ->free_disk Ensure that the lo_device which is sto... • https://git.kernel.org/stable/c/73285082745045bcd64333c1fbaa88f8490f2626 • CWE-667: Improper Locking •