CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49026 – e100: Fix possible use after free in e100_xmit_prepare
https://notcve.org/view.php?id=CVE-2022-49026
In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100_xmit_prepare In e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will resend the skb. But the skb is already freed, which will cause UAF bug when the upper layer resends the skb. Remove the harmful free. • https://git.kernel.org/stable/c/5e5d49422dfb035ca9e280cd61d434095c151272 https://git.kernel.org/stable/c/b775f37d943966f6f77dca402f5a9dedce502c25 https://git.kernel.org/stable/c/9fc27d22cdb9b1fcd754599d216a8992fed280cd https://git.kernel.org/stable/c/b46f6144ab89d3d757ead940759c505091626a7d https://git.kernel.org/stable/c/45605c75c52c7ae7bfe902214343aabcfe5ba0ff •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49025 – net/mlx5e: Fix use-after-free when reverting termination table
https://notcve.org/view.php?id=CVE-2022-49025
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second one or afterwards fails the driver reverts usage of term tables but doesn't reset the assignment in attr->dests[num_vport_dests].termtbl which case a use-after-free when releasing the rule. Fix by resetting the assignment of termtbl to null. • https://git.kernel.org/stable/c/10caabdaad5ace85577a453da97d1f8d3b944427 https://git.kernel.org/stable/c/0a2d73a77060c3cbdc6e801cd5d979d674cd404b https://git.kernel.org/stable/c/0d2f9d95d9fbe993f3c4bafb87d59897b0325aff https://git.kernel.org/stable/c/372eb550faa0757349040fd43f59483cbfdb2c0b https://git.kernel.org/stable/c/e6d2d26a49c3a9cd46b232975e45236304810904 https://git.kernel.org/stable/c/52c795af04441d76f565c4634f893e5b553df2ae •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49024 – can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods
https://notcve.org/view.php?id=CVE-2022-49024
In the Linux kernel, the following vulnerability has been resolved: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods In m_can_pci_remove() and error handling path of m_can_pci_probe(), m_can_class_free_dev() should be called to free resource allocated by m_can_class_allocate_dev(), otherwise there will be memleak. • https://git.kernel.org/stable/c/cab7ffc0324f053c8fb56c821cdd63dc0383270d https://git.kernel.org/stable/c/ea8dc27bb044e19868155e500ce397007be98656 https://git.kernel.org/stable/c/0bbb88651ef6b7fbb1bf75ec7ba69add632e834b https://git.kernel.org/stable/c/1eca1d4cc21b6d0fc5f9a390339804c0afce9439 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49023 – wifi: cfg80211: fix buffer overflow in elem comparison
https://notcve.org/view.php?id=CVE-2022-49023
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. Since the element itself is already checked to fit, we only need to check the length. • https://git.kernel.org/stable/c/0b8fb8235be8be99a197e8d948fc0a2df8dc261a https://git.kernel.org/stable/c/f5c2ec288a865dbe3706b09bed12302e9f6d696b https://git.kernel.org/stable/c/9e6b79a3cd17620d467311b30d56f2648f6880aa https://git.kernel.org/stable/c/88a6fe3707888bd1893e9741157a7035c4159ab6 https://git.kernel.org/stable/c/391cb872553627bdcf236c03ee7d5adb275e37e1 https://git.kernel.org/stable/c/9f16b5c82a025cd4c864737409234ddc44fb166a •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49022 – wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
https://notcve.org/view.php?id=CVE-2022-49022
In the Linux kernel, the following vulnerability has been resolved: wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration Fix possible out-of-bound access in ieee80211_get_rate_duration routine as reported by the following UBSAN report: UBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47 index 15 is out of range for type 'u16 [12]' CPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic Hardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017 Workqueue: mt76 mt76u_tx_status_data [mt76_usb] Call Trace: <TASK> show_stack+0x4e/0x61 dump_stack_lvl+0x4a/0x6f dump_stack+0x10/0x18 ubsan_epilogue+0x9/0x43 __ubsan_handle_out_of_bounds.cold+0x42/0x47 ieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211] ? ieee80211_tx_status_ext+0x32e/0x640 [mac80211] ieee80211_calc_rx_airtime+0xda/0x120 [mac80211] ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211] mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib] mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib] mt76u_tx_status_data+0x67/0xd0 [mt76_usb] process_one_work+0x225/0x400 worker_thread+0x50/0x3e0 ? process_one_work+0x400/0x400 kthread+0xe9/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 • https://git.kernel.org/stable/c/db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a https://git.kernel.org/stable/c/0184ede0ec61b9cd075babfaa45081b1bf322234 https://git.kernel.org/stable/c/59b54f0563b6546c94bdb6823d3b382c75407019 https://git.kernel.org/stable/c/f0fcad4c7201ecfaa17357f4ce0c50b4708df22d https://git.kernel.org/stable/c/3e8f7abcc3473bc9603323803aeaed4ffcc3a2ab •