CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49472 – net: phy: micrel: Allow probing without .driver_data
https://notcve.org/view.php?id=CVE-2022-49472
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driver_data Currently, if the .probe element is present in the phy_driver structure and the .driver_data is not, a NULL pointer dereference happens. Allow passing .probe without .driver_data by inserting NULL checks for priv->type. In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driver_data Currently, if the .probe element is present in the... • https://git.kernel.org/stable/c/7dcb404662839a4ed1a9703658fee979eb894ca4 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49471 – rtw89: cfo: check mac_id to avoid out-of-bounds
https://notcve.org/view.php?id=CVE-2022-49471
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtw89: cfo: check mac_id to avoid out-of-bounds Somehow, hardware reports incorrect mac_id and pollute memory. Check index before we access the array. UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23 index 188 is out of range for type 's32 [64]' CPU: 1 PID: 51550 Comm: irq/35-rtw89_pc Tainted: G OE Call Trace:
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49470 – Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event
https://notcve.org/view.php?id=CVE-2022-49470
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event We should not access skb buffer data anymore after hci_recv_frame was called. [ 39.634809] BUG: KASAN: use-after-free in btmtksdio_recv_event+0x1b0 [ 39.634855] Read of size 1 at addr ffffff80cf28a60d by task kworker [ 39.634962] Call trace: [ 39.634974] dump_backtrace+0x0/0x3b8 [ 39.634999] show_stack+0x20/0x2c [ 39.635016] dump_stack_lvl+0x60/0x78 [ 39.635040] print_address_... • https://git.kernel.org/stable/c/9aebfd4a2200ab8075e44379c758bccefdc589bb • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49469 – btrfs: fix anon_dev leak in create_subvol()
https://notcve.org/view.php?id=CVE-2022-49469
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anon_dev leak in create_subvol() When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root() fail in create_subvol(), we return without freeing anon_dev. Reorganize the error handling in create_subvol() to fix this. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anon_dev leak in create_subvol() When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root() fail in creat... • https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49468 – thermal/core: Fix memory leak in __thermal_cooling_device_register()
https://notcve.org/view.php?id=CVE-2022-49468
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: thermal/core: Fix memory leak in __thermal_cooling_device_register() I got memory leak as follows when doing fault injection test: unreferenced object 0xffff888010080000 (size 264312): comm "182", pid 102533, jiffies 4296434960 (age 10.100s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff 40 7f 1f b9 ff ff ff ff ........@....... backtrace: [<0000000038b2f4fc>] kmalloc_order... • https://git.kernel.org/stable/c/8ea229511e06f9635ecc338dcbe0db41a73623f0 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49467 – drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
https://notcve.org/view.php?id=CVE-2022-49467
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() drm_gem_object_lookup will call drm_gem_object_get inside. So cursor_bo needs to be put when msm_gem_get_and_pin_iova fails. In the Linux kernel, the following vulnerability has been resolved: drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() drm_gem_object_lookup will call drm_gem_object_get inside. So cursor_bo needs to be put when msm_gem_get_and_pin_iova fails. • https://git.kernel.org/stable/c/e172d10a9c4acc69bb07cbe9142ded2df791ff1f •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49465 – blk-throttle: Set BIO_THROTTLED when bio has been throttled
https://notcve.org/view.php?id=CVE-2022-49465
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-throttle: Set BIO_THROTTLED when bio has been throttled 1.In current process, all bio will set the BIO_THROTTLED flag after __blk_throtl_bio(). 2.If bio needs to be throttled, it will start the timer and stop submit bio directly. Bio will submit in blk_throtl_dispatch_work_fn() when the timer expires.But in the current process, if bio is throttled. The BIO_THROTTLED will be set to bio after timer start. If the bio has been completed, it... • https://git.kernel.org/stable/c/0cfc8a0fb07cde61915e4a77c4794c47de3114a4 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49463 – thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe
https://notcve.org/view.php?id=CVE-2022-49463
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe of_find_node_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe of_find_node_by_name() returns a node pointer with refcount ... • https://git.kernel.org/stable/c/e20db70dba1c0783b9878ce37171ad560b1ebaf3 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49462 – drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
https://notcve.org/view.php?id=CVE-2022-49462
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. a6xx_gmu_init() passes the node to of_find_device_by_node() and of_dma_configure(), of_find_device_by_node() will takes its reference, of_dma_configure() doesn't need the node after usage. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the follo... • https://git.kernel.org/stable/c/4b565ca5a2cbbbb6345e8789da89c193b6b00e5a •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49460 – PM / devfreq: rk3399_dmc: Disable edev on remove()
https://notcve.org/view.php?id=CVE-2022-49460
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: rk3399_dmc: Disable edev on remove() Otherwise we hit an unablanced enable-count when unbinding the DFI device: [ 1279.659119] ------------[ cut here ]------------ [ 1279.659179] WARNING: CPU: 2 PID: 5638 at drivers/devfreq/devfreq-event.c:360 devfreq_event_remove_edev+0x84/0x8c ... [ 1279.659352] Hardware name: Google Kevin (DT) [ 1279.659363] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--) [ 1279.659371] pc : devfreq_ev... • https://git.kernel.org/stable/c/664736e2cc09e504ce58ec61164d029d1f2651bb •