CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48659 – mm/slub: fix to return errno if kmalloc() fails
https://notcve.org/view.php?id=CVE-2022-48659
In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc() fails In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to out-of-memory, if it fails, return errno correctly rather than triggering panic via BUG_ON(); kernel BUG at mm/slub.c:5893! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Call trace: sysfs_slab_add+0x258/0x260 mm/slub.c:5973 __kmem_cache_create+0x60/0x118 mm/slub.c:4899 create_cache mm/slab_common.c:229 [inline] kmem_cache_create_usercopy+0x19c/0x31c mm/slab_common.c:335 kmem_cache_create+0x1c/0x28 mm/slab_common.c:390 f2fs_kmem_cache_create fs/f2fs/f2fs.h:2766 [inline] f2fs_init_xattr_caches+0x78/0xb4 fs/f2fs/xattr.c:808 f2fs_fill_super+0x1050/0x1e0c fs/f2fs/super.c:4149 mount_bdev+0x1b8/0x210 fs/super.c:1400 f2fs_mount+0x44/0x58 fs/f2fs/super.c:4512 legacy_get_tree+0x30/0x74 fs/fs_context.c:610 vfs_get_tree+0x40/0x140 fs/super.c:1530 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x914 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x2f8/0x408 fs/namespace.c:3568 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/slub: corrección para devolver errno si kmalloc() falla. En create_unique_id(), kmalloc(, GFP_KERNEL) puede fallar debido a falta de memoria, si falla, regrese errno correctamente en lugar de provocar pánico mediante BUG_ON(); ¡ERROR del kernel en mm/slub.c:5893! Error interno: Ups - ERROR: 0 [#1] Seguimiento de llamada SMP PREEMPT: sysfs_slab_add+0x258/0x260 mm/slub.c:5973 __kmem_cache_create+0x60/0x118 mm/slub.c:4899 create_cache mm/slab_common.c:229 [ en línea] kmem_cache_create_usercopy+0x19c/0x31c mm/slab_common.c:335 kmem_cache_create+0x1c/0x28 mm/slab_common.c:390 f2fs_kmem_cache_create fs/f2fs/f2fs.h:2766 [en línea] f2fs_init_xattr_caches+0x 78/0xb4 fs/f2fs/xattr. c:808 f2fs_fill_super+0x1050/0x1e0c fs/f2fs/super.c:4149 mount_bdev+0x1b8/0x210 fs/super.c:1400 f2fs_mount+0x44/0x58 fs/f2fs/super.c:4512 Legacy_get_tree+0x30/0x74 fs/ fs_context.c:610 vfs_get_tree+0x40/0x140 fs/super.c:1530 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x914 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [ en línea] __do_sys_mount fs/namespace.c:3591 [en línea] __se_sys_mount fs/namespace.c:3568 [en línea] __arm64_sys_mount+0x2f8/0x408 fs/namespace.c:3568 • https://git.kernel.org/stable/c/81819f0fc8285a2a5a921c019e3e3d7b6169d225 https://git.kernel.org/stable/c/e9219fa63c5c25804af82c7aa54d1ec770ebe457 https://git.kernel.org/stable/c/a1d83a19cec3bfeb2b3547a1f7631e432a766d1c https://git.kernel.org/stable/c/e996821717c5cf8aa1e1abdb6b3d900a231e3755 https://git.kernel.org/stable/c/016b150992eebc32c4a18f783cf2bb6e2545a3d9 https://git.kernel.org/stable/c/379ac7905ff3f0a6a4e507d3e9f710ec4fab9124 https://git.kernel.org/stable/c/2d6e55e0c03804e1e227b80a5746e086d6c6696c https://git.kernel.org/stable/c/02bcd951aa3c2cea95fb241c20802e950 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48657 – arm64: topology: fix possible overflow in amu_fie_setup()
https://notcve.org/view.php?id=CVE-2022-48657
In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can potentially result in overflow -- multiplying by 1000ULL instead should avoid that... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: topología: corrige posible desbordamiento en amu_fie_setup() cpufreq_get_hw_max_freq() devuelve la frecuencia máxima en kHz como *unsigned int*, mientras que freq_inv_set_max_ratio() pasa esta frecuencia en Hz como 'u64 '. Multiplicar la frecuencia máxima por 1000 puede potencialmente resultar en un desbordamiento; multiplicar por 1000ULL debería evitar eso... Encontrado por el Centro de verificación de Linux (linuxtesting.org) con la herramienta de análisis estático SVACE. • https://git.kernel.org/stable/c/cd0ed03a8903a0b0c6fc36e32d133d1ddfe70cd6 https://git.kernel.org/stable/c/904f881b57360cf85de962d84d8614d94431f60e https://git.kernel.org/stable/c/3c3edb82d67b2be9231174ac2af4af60d4af7549 https://git.kernel.org/stable/c/bb6d99e27cbe6b30e4e3bbd32927fd3b0bdec6eb https://git.kernel.org/stable/c/d4955c0ad77dbc684fc716387070ac24801b8bca • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48656 – dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()
https://notcve.org/view.php?id=CVE-2022-48656
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference returned by of_parse_phandle() in fail path or when it is not used anymore. Here we only need to move the of_node_put() before the check. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: ti: k3-udma-private: corrige el error de fuga de recuento en of_xudma_dev_get() Deberíamos llamar a of_node_put() para la referencia devuelta por of_parse_phandle() en la ruta de error o cuando ya no se usa. Aquí solo necesitamos mover of_node_put() antes de la verificación. • https://git.kernel.org/stable/c/d702419134133db1eab2067dc6ea5723467fd917 https://git.kernel.org/stable/c/aa11dae059a439af82bae541b134f8f53ac177b5 https://git.kernel.org/stable/c/dd5a6c5a08752b613e83ad2cb5133e72a64b876d https://git.kernel.org/stable/c/a17df55bf6d536712da6902a83db82b82e67d5a2 https://git.kernel.org/stable/c/f9fdb0b86f087c2b7f6c6168dd0985a3c1eda87e • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48655 – firmware: arm_scmi: Harden accesses to the reset domains
https://notcve.org/view.php?id=CVE-2022-48655
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave. Add an internal consistency check before any such domains descriptors accesses. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scmi: Refuerza los accesos a los dominios de reinicio. El acceso a los descriptores de dominios de reinicio por el índice ante las solicitudes de los controladores SCMI a través de la interfaz de operaciones de reinicio de SCMI puede conducir potencialmente a violaciones fuera de los límites. si el controlador SCMI se comporta mal. Agregue una verificación de coherencia interna antes de que se acceda a dichos descriptores de dominio. • https://git.kernel.org/stable/c/95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108 https://git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de https://git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268 https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48654 – netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
https://notcve.org/view.php?id=CVE-2022-48654
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale kernel stack data to userspace. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nfnetlink_osf: corrige una posible coincidencia falsa en nf_osf_find() nf_osf_find() devuelve verdadero incorrectamente en caso de discrepancia, esto lleva a copiar el área de memoria no inicializada en nft_osf que puede usarse para filtrar el kernel obsoleto apilar datos en el espacio de usuario. • https://git.kernel.org/stable/c/22c7652cdaa8cd33ce78bacceb4e826a3f795873 https://git.kernel.org/stable/c/721ea8ac063d70c2078c4e762212705de6151764 https://git.kernel.org/stable/c/5d75fef3e61e797fab5c3fbba88caa74ab92ad47 https://git.kernel.org/stable/c/816eab147e5c6f6621922b8515ad9010ceb1735e https://git.kernel.org/stable/c/633c81c0449663f57d4138326d036dc6cfad674e https://git.kernel.org/stable/c/559c36c5a8d730c49ef805a72b213d3bba155cc8 • CWE-908: Use of Uninitialized Resource •