CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49291 – ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
https://notcve.org/view.php?id=CVE-2022-49291
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against the concurrent calls of PCM hw_params and hw_free ioctls, which may result in a UAF. Since the existing PCM stream lock can't be used for protecting the whole ioctl operations, we need a new mutex to protect those racy calls. This patch introduced a new mutex, runtime->buffer_mutex, and applies it to both hw_params... • https://git.kernel.org/stable/c/a42aa926843acca96c0dfbde2e835b8137f2f092 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49289 – uaccess: fix integer overflow on access_ok()
https://notcve.org/view.php?id=CVE-2022-49289
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on access_ok() Three architectures check the end of a user access against the address limit without taking a possible overflow into account. Passing a negative length or another overflow in here returns success when it should not. Use the most common correct implementation here, which optimizes for a constant 'size' argument, and turns the common case into a single comparison. • https://git.kernel.org/stable/c/7567746e1c0d66ac0ef8a9d8816ca694462c7370 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49288 – ALSA: pcm: Fix races among concurrent prealloc proc writes
https://notcve.org/view.php?id=CVE-2022-49288
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the PCM open_mutex to the proc write operation for avoiding the racy proc writes and the PCM stream open (and further operations). In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race... • https://git.kernel.org/stable/c/e7786c445bb67a9a6e64f66ebd6b7215b153ff7d • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49286 – tpm: use try_get_ops() in tpm-space.c
https://notcve.org/view.php?id=CVE-2022-49286
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: use try_get_ops() in tpm-space.c As part of the series conversion to remove nested TPM operations: https://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/ exposure of the chip->tpm_mutex was removed from much of the upper level code. In this conversion, tpm2_del_space() was missed. This didn't matter much because it's usually called closely after a converted operation, so there's only a very tiny race window... • https://git.kernel.org/stable/c/5b1d2561a03e534064b51c50c774657833d3d2cf •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49285 – iio: accel: mma8452: use the correct logic to get mma8452_data
https://notcve.org/view.php?id=CVE-2022-49285
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: accel: mma8452: use the correct logic to get mma8452_data The original logic to get mma8452_data is wrong, the *dev point to the device belong to iio_dev. we can't use this dev to find the correct i2c_client. The original logic happen to work because it finally use dev->driver_data to get iio_dev. Here use the API to_i2c_client() is wrong and make reader confuse. To correct the logic, it should be like this struct mma8452_data *data = ... • https://git.kernel.org/stable/c/c3cdd6e48e35b7a02f28e301ef30a87ff3cd6527 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49281 – cifs: fix handlecache and multiuser
https://notcve.org/view.php?id=CVE-2022-49281
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their own handle for a cached directory. When we umount such a share we much make sure to release the pinned down dentry for each such tcon and not just the master tcon. Otherwise we will get nasty warnings on umount that dentries are still in use: [ 3459.590047] BUG: Dentry 00000000115c6f41{i=12000000019d95,n=/} still i... • https://git.kernel.org/stable/c/2fafbc198613823943c106d1ec9b516da692059f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49280 – NFSD: prevent underflow in nfssvc_decode_writeargs()
https://notcve.org/view.php?id=CVE-2022-49280
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvc_decode_writeargs() Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs() warn: no lower bound on 'args->len' Change the type to unsigned to prevent this issue. • https://git.kernel.org/stable/c/1a33e0de60feda402d05ac8a6cf409c19ea3e0b3 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49279 – NFSD: prevent integer overflow on 32 bit systems
https://notcve.org/view.php?id=CVE-2022-49279
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent integer overflow on 32 bit systems On a 32 bit system, the "len * sizeof(*p)" operation can have an integer overflow. • https://git.kernel.org/stable/c/3a2789e8ccb4a3e2a631f6817a2d3bb98b8c4fd8 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49277 – jffs2: fix memory leak in jffs2_do_mount_fs
https://notcve.org/view.php?id=CVE-2022-49277
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_mount_fs If jffs2_build_filesystem() in jffs2_do_mount_fs() returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object 0xffff88811b25a640 (size 64): comm "mount", pid 691, jiffies 4294957728 (age 71.952s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... • https://git.kernel.org/stable/c/e631ddba588783edd521c5a89f7b2902772fb691 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49276 – jffs2: fix memory leak in jffs2_scan_medium
https://notcve.org/view.php?id=CVE-2022-49276
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_scan_medium If an error is returned in jffs2_scan_eraseblock() and some memory has been added to the jffs2_summary *s, we can observe the following kmemleak report: -------------------------------------------- unreferenced object 0xffff88812b889c40 (size 64): comm "mount", pid 692, jiffies 4294838325 (age 34.288s) hex dump (first 32 bytes): 40 48 b5 14 81 88 ff ff 01 e0 31 00 00 00 50 00 @H........1...P. 00 0... • https://git.kernel.org/stable/c/e631ddba588783edd521c5a89f7b2902772fb691 •