CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49136 – Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set
https://notcve.org/view.php?id=CVE-2022-49136
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has been set as that means hci_unregister_dev has been called so it will likely cause a uaf after the timeout as the hdev will be freed. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set hci_cmd_sync_queue shall return an er... • https://git.kernel.org/stable/c/1c69ef84a808676cceb69210addf5df45b741323 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49135 – drm/amd/display: Fix memory leak
https://notcve.org/view.php?id=CVE-2022-49135
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak [why] Resource release is needed on the error handling path to prevent memory leak. [how] Fix this by adding kfree on the error handling path. • https://git.kernel.org/stable/c/7e10369c72db7a0e2f77b2e306aadc07aef6b07a •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49134 – mlxsw: spectrum: Guard against invalid local ports
https://notcve.org/view.php?id=CVE-2022-49134
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Guard against invalid local ports When processing events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not for the CPU port (local port 0), which exists, but does not have all the fields as any local port. This can result in a NULL pointer dereference when trying access 'struct mlxsw_sp_port' fields which are not initialized for CPU port. Commit 63b08b1... • https://git.kernel.org/stable/c/4cad27ba2e5a5843a7fab5aa30de2b8e8c3db3a8 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49133 – drm/amdkfd: svm range restore work deadlock when process exit
https://notcve.org/view.php?id=CVE-2022-49133
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: svm range restore work deadlock when process exit kfd_process_notifier_release flush svm_range_restore_work which calls svm_range_list_lock_and_flush_work to flush deferred_list work, but if deferred_list work mmput release the last user, it will call exit_mmap -> notifier_release, it is deadlock with below backtrace. Move flush svm_range_restore_work to kfd_process_wq_release to avoid deadlock. Then svm_range_restore_work take ... • https://git.kernel.org/stable/c/a6be83086e91891081e0589e4b4645bf4643e897 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49124 – x86/mce: Work around an erratum on fast string copy instructions
https://notcve.org/view.php?id=CVE-2022-49124
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1) An uncorrected error. 2) That error must be in first cache line of a page. 3) Kernel must execute page_copy from the page immediately before that page. The fast string copy instructions ("REP; MOVS*") could consume an uncorrectable memory error i... • https://git.kernel.org/stable/c/ba37c73be3d5632f6fb9fa20b250ce45560ca85d •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49122 – dm ioctl: prevent potential spectre v1 gadget
https://notcve.org/view.php?id=CVE-2022-49122
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec. • https://git.kernel.org/stable/c/76c94651005f58885facf9c973007f5ea01ab01f •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49121 – scsi: pm8001: Fix tag leaks on error
https://notcve.org/view.php?id=CVE-2022-49121
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix tag leaks on error In pm8001_chip_set_dev_state_req(), pm8001_chip_fw_flash_update_req(), pm80xx_chip_phy_ctl_req() and pm8001_chip_reg_dev_req() add missing calls to pm8001_tag_free() to free the allocated tag when pm8001_mpi_build_cmd() fails. Similarly, in pm8001_exec_internal_task_abort(), if the chip ->task_abort method fails, the tag allocated for the abort request task must be freed. Add the missing call to pm8001_t... • https://git.kernel.org/stable/c/a0bb65eadbf942024226241d9d99fed17168940b •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49120 – scsi: pm8001: Fix task leak in pm8001_send_abort_all()
https://notcve.org/view.php?id=CVE-2022-49120
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix task leak in pm8001_send_abort_all() In pm8001_send_abort_all(), make sure to free the allocated sas task if pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail. • https://git.kernel.org/stable/c/2051044d7901f1a9d7be95d0d32e53b88e9548f7 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49119 – scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()
https://notcve.org/view.php?id=CVE-2022-49119
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() In pm8001_chip_fw_flash_update_build(), if pm8001_chip_fw_flash_update_build() fails, the struct fw_control_ex allocated must be freed. • https://git.kernel.org/stable/c/d83574666bac4b1462e90df393fbed6c5f57d1a3 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49118 – scsi: hisi_sas: Free irq vectors in order for v3 HW
https://notcve.org/view.php?id=CVE-2022-49118
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Free irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, the driver will free the IRQ vectors before freeing the IRQs in free_irq(), and this will cause a kernel BUG like this: ------------[ cut here ]------------ kernel BUG at drivers/pci/msi.c:369! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Call trace: free_msi_irqs+0x118/0x13c pci_disable_msi+0xfc/0x120 pci_free_irq_vector... • https://git.kernel.org/stable/c/224903cc60d045576393c3b16907742f23e6c740 •