CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49342 – net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register
https://notcve.org/view.php?id=CVE-2022-49342
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register of_get_child_by_name() returns a node pointer with refcount incr... • https://git.kernel.org/stable/c/55954f3bfdacc5908515b0c306cea23e77fab740 •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49341 – bpf, arm64: Clear prog->jited_len along prog->jited
https://notcve.org/view.php?id=CVE-2022-49341
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog->jited_len along prog->jited syzbot reported an illegal copy_to_user() attempt from bpf_prog_get_info_by_fd() [1] There was no repro yet on this bug, but I think that commit 0aef499f3172 ("mm/usercopy: Detect vmalloc overruns") is exposing a prior bug in bpf arm64. bpf_prog_get_info_by_fd() looks at prog->jited_len to determine if the JIT image can be copied out to user space. My theory is that syzbot managed to get a... • https://git.kernel.org/stable/c/db496944fdaaf2a67d2f60529f5dc23abf809506 •
CVSS: 3.6EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49340 – ip_gre: test csum_start instead of transport header
https://notcve.org/view.php?id=CVE-2022-49340
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ip_gre: test csum_start instead of transport header GRE with TUNNEL_CSUM will apply local checksum offload on CHECKSUM_PARTIAL packets. ipgre_xmit must validate csum_start after an optional skb_pull, else lco_csum may trigger an overflow. The original check was if (csum && skb_checksum_start(skb) < skb->data) return -EINVAL; This had false positives when skb_checksum_start is undefined: when ip_summed is not CHECKSUM_PARTIAL. A discussed re... • https://git.kernel.org/stable/c/774430026bd9a472d08c5d3c33351a782315771a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49339 – net: ipv6: unexport __init-annotated seg6_hmac_init()
https://notcve.org/view.php?id=CVE-2022-49339
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport __init-annotated seg6_hmac_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. ... • https://git.kernel.org/stable/c/bf355b8d2c30a289232042cacc1cfaea4923936c •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49337 – ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
https://notcve.org/view.php?id=CVE-2022-49337
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock When user_dlm_destroy_lock failed, it didn't clean up the flags it set before exit. For USER_LOCK_IN_TEARDOWN, if this function fails because of lock is still in used, next time when unlink invokes this function, it will return succeed, and then unlink will remove inode and dentry if lock is not in used(file closed), but the dlm lock is still linked in dlm lock resource, then when ba... • https://git.kernel.org/stable/c/1434cd71ad9f3a6beda3036972983b6c4869207c •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49336 – drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
https://notcve.org/view.php?id=CVE-2022-49336
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem When the mapping is already reaped the unmap must be a no-op, as we would otherwise try to remove the mapping twice, corrupting the involved data structures. In the Linux kernel, the following vulnerability has been resolved: drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem When the mapping is already reaped the unmap must be a no-op, as we would otherwise try ... • https://git.kernel.org/stable/c/19323b3671a85788569d15685c8f83a05ec48cbb •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49335 – drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
https://notcve.org/view.php?id=CVE-2022-49335
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. Submitting a cs with 0 chunks, causes an oops later, found trying to execute the wrong userspace driver. MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo [172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8 [172536.665188] #PF: supervisor read access in kernel mode [172536.665189] #PF: error_code(0x0000) - not-present page [172536.665191] PGD 6712a0067 P4D 6712a... • https://git.kernel.org/stable/c/8189f44270db1be78169e11eec51a3eeb980bc63 •
CVSS: 5.6EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49331 – nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
https://notcve.org/view.php?id=CVE-2022-49331
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() to those failure paths. In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() to those failure paths. • https://git.kernel.org/stable/c/26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49330 – tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
https://notcve.org/view.php?id=CVE-2022-49330
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd syzbot got a new report [1] finally pointing to a very old bug, added in initial support for MTU probing. tcp_mtu_probe() has checks about starting an MTU probe if tcp_snd_cwnd(tp) >= 11. But nothing prevents tcp_snd_cwnd(tp) to be reduced later and before the MTU probe succeeds. This bug would lead to potential zero-divides. Debugging added in commit 40570375356c ("tcp: add accessors to rea... • https://git.kernel.org/stable/c/5d424d5a674f782d0659a3b66d951f412901faee •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49328 – mt76: fix use-after-free by removing a non-RCU wcid pointer
https://notcve.org/view.php?id=CVE-2022-49328
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: fix use-after-free by removing a non-RCU wcid pointer Fixes an issue caught by KASAN about use-after-free in mt76_txq_schedule by protecting mtxq->wcid with rcu_lock between mt76_txq_schedule and sta_info_[alloc, free]. [18853.876689] ================================================================== [18853.876751] BUG: KASAN: use-after-free in mt76_txq_schedule+0x204/0xaf8 [mt76] [18853.876773] Read of size 8 at addr ffffffaf989a2138... • https://git.kernel.org/stable/c/7bc04215a66b60e198aecaee8418f6d79fa19faa • CWE-416: Use After Free •