CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49551 – usb: isp1760: Fix out-of-bounds array access
https://notcve.org/view.php?id=CVE-2022-49551
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: isp1760: Fix out-of-bounds array access Running the driver through kasan gives an interesting splat: BUG: KASAN: global-out-of-bounds in isp1760_register+0x180/0x70c Read of size 20 at addr f1db2e64 by task swapper/0/1 (...) isp1760_register from isp1760_plat_probe+0x1d8/0x220 (...) This happens because the loop reading the regmap fields for the different ISP1760 variants look like this: for (i = 0; i < HC_FIELD_MAX; i++) { ... } Meani... • https://git.kernel.org/stable/c/1da9e1c06873350c99ba49a052f92de85f2c69f2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49549 – x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails
https://notcve.org/view.php?id=CVE-2022-49549
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails In mce_threshold_create_device(), if threshold_create_bank() fails, the previously allocated threshold banks array @bp will be leaked because the call to mce_threshold_remove_device() will not free it. This happens because mce_threshold_remove_device() fetches the pointer through the threshold_banks per-CPU variable but bp is written there only after the bank creation is succes... • https://git.kernel.org/stable/c/6458de97fc15530b54477c4e2b70af653e8ac3d9 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49548 – bpf: Fix potential array overflow in bpf_trampoline_get_progs()
https://notcve.org/view.php?id=CVE-2022-49548
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix potential array overflow in bpf_trampoline_get_progs() The cnt value in the 'cnt >= BPF_MAX_TRAMP_PROGS' check does not include BPF_TRAMP_MODIFY_RETURN bpf programs, so the number of the attached BPF_TRAMP_MODIFY_RETURN bpf programs in a trampoline can exceed BPF_MAX_TRAMP_PROGS. When this happens, the assignment '*progs++ = aux->prog' in bpf_trampoline_get_progs() will cause progs array overflow as the progs field in the bpf_tramp... • https://git.kernel.org/stable/c/88fd9e5352fe05f7fe57778293aebd4cd106960b •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49547 – btrfs: fix deadlock between concurrent dio writes when low on free data space
https://notcve.org/view.php?id=CVE-2022-49547
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between concurrent dio writes when low on free data space When reserving data space for a direct IO write we can end up deadlocking if we have multiple tasks attempting a write to the same file range, there are multiple extents covered by that file range, we are low on available space for data and the writes don't expand the inode's i_size. The deadlock can happen like this: 1) We have a file with an i_size of 1M, at off... • https://git.kernel.org/stable/c/f0bfa76a11e93d0fe2c896fcb566568c5e8b5d3f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49546 – x86/kexec: fix memory leak of elf header buffer
https://notcve.org/view.php?id=CVE-2022-49546
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xffffc900002a9000 (size 4096): comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s) hex dump (first 32 bytes): 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............ 04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..>............. backtrace: [<0000000016a8ef9f>] __vmalloc_node_range+0x101/0x170 [<000000002b66b6c0>] __v... • https://git.kernel.org/stable/c/8765a423a87d74ef24ea02b43b2728fe4039f248 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49545 – ALSA: usb-audio: Cancel pending work at closing a MIDI substream
https://notcve.org/view.php?id=CVE-2022-49545
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For fixing the race, make sure to cancel the pending work at closing. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB M... • https://git.kernel.org/stable/c/40bdb5ec957aca5c5c1924602bef6b0ab18e22d3 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49544 – ipw2x00: Fix potential NULL dereference in libipw_xmit()
https://notcve.org/view.php?id=CVE-2022-49544
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference • https://git.kernel.org/stable/c/1ff6b0727c8988f25eeb670b6c038c1120bb58dd •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49543 – ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()
https://notcve.org/view.php?id=CVE-2022-49543
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() When test device recovery with below command, it has warning in message as below. echo assert > /sys/kernel/debug/ath11k/wcn6855\ hw2.0/simulate_fw_crash echo assert > /sys/kernel/debug/ath11k/qca6390\ hw2.0/simulate_fw_crash warning message: [ 1965.642121] ath11k_pci 0000:06:00.0: simulating firmware assert crash [ 1968.471364] ieee80211 phy0: Hardware restart was requested... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49542 – scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()
https://notcve.org/view.php?id=CVE-2022-49542
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() In an attempt to log message 0126 with LOG_TRACE_EVENT, the following hard lockup call trace hangs the system. Call Trace: _raw_spin_lock_irqsave+0x32/0x40 lpfc_dmp_dbg.part.32+0x28/0x220 [lpfc] lpfc_cmpl_els_fdisc+0x145/0x460 [lpfc] lpfc_sli_cancel_jobs+0x92/0xd0 [lpfc] lpfc_els_flush_cmd+0x43c/0x670 [lpfc] lpfc_els_flush_all_cmd+0x37/0x60 [lpfc] lpfc_sli4_async_event_pro... • https://git.kernel.org/stable/c/271725e4028559ae7974d762a8467dc9de412f2e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49541 – cifs: fix potential double free during failed mount
https://notcve.org/view.php?id=CVE-2022-49541
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799 • https://git.kernel.org/stable/c/ce0008a0e410cdd95f0d8cd81b2902ec10a660c4 •