CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49509 – media: i2c: max9286: fix kernel oops when removing module
https://notcve.org/view.php?id=CVE-2022-49509
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix kernel oops when removing module When removing the max9286 module we get a kernel oops: Unable to handle kernel paging request at virtual address 000000aa00000094 Mem abort info: ESR = 0x96000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000... • https://git.kernel.org/stable/c/66d8c9d2422da21ed41f75c03ba0685987b65fe0 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49508 – HID: elan: Fix potential double free in elan_input_configured
https://notcve.org/view.php?id=CVE-2022-49508
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elan_input_configured 'input' is a managed resource allocated with devm_input_allocate_device(), so there is no need to call input_free_device() explicitly or there will be a double free. According to the doc of devm_input_allocate_device(): * Managed input devices do not need to be explicitly unregistered or * freed as it will be done automatically when owner device unbinds from * its driver (or bind... • https://git.kernel.org/stable/c/9a6a4193d65b853020ef0e66cecdf9e64a863883 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49507 – regulator: da9121: Fix uninit-value in da9121_assign_chip_model()
https://notcve.org/view.php?id=CVE-2022-49507
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: da9121: Fix uninit-value in da9121_assign_chip_model() KASAN report slab-out-of-bounds in __regmap_init as follows: BUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841 Read of size 1 at addr ffff88803678cdf1 by task xrun/9137 CPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49506 – drm/mediatek: Add vblank register/unregister callback functions
https://notcve.org/view.php?id=CVE-2022-49506
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add vblank register/unregister callback functions We encountered a kernel panic issue that callback data will be NULL when it's using in ovl irq handler. There is a timing issue between mtk_disp_ovl_irq_handler() and mtk_ovl_disable_vblank(). To resolve this issue, we use the flow to register/unregister vblank cb: - Register callback function and callback data when crtc creates. - Unregister callback function and callback data... • https://git.kernel.org/stable/c/9b0704988b151824a51133dc4c921f4273c5d839 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-49505 – NFC: NULL out the dev->rfkill to prevent UAF
https://notcve.org/view.php?id=CVE-2022-49505
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFC: NULL out the dev->rfkill to prevent UAF Commit 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register_device") assumes the device_is_registered() in function nfc_dev_up() will help to check when the rfkill is unregistered. However, this check only take effect when device_del(&dev->dev) is done in nfc_unregister_device(). Hence, the rfkill object is still possible be dereferenced. The crash trace in latest kernel (5.18-rc2): [ 68.76... • https://git.kernel.org/stable/c/ff169909eac9e00bf1aa0af739ba6ddfb1b1d135 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49504 – scsi: lpfc: Inhibit aborts if external loopback plug is inserted
https://notcve.org/view.php?id=CVE-2022-49504
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Inhibit aborts if external loopback plug is inserted After running a short external loopback test, when the external loopback is removed and a normal cable inserted that is directly connected to a target device, the system oops in the llpfc_set_rrq_active() routine. When the loopback was inserted an FLOGI was transmit. As we're looped back, we receive the FLOGI request. The FLOGI is ABTS'd as we recognize the same wppn thus unde... • https://git.kernel.org/stable/c/a1516930cb605caee3bc7b4f3b7994b88c0b8505 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49503 – ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
https://notcve.org/view.php?id=CVE-2022-49503
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix The "rxstatus->rs_keyix" eventually gets passed to test_bit() so we need to ensure that it is within the bitmap. drivers/net/wireless/ath/ath9k/common.c:46 ath9k_cmn_rx_accept() error: passing untrusted data 'rx_stats->rs_keyix' to 'test_bit()' In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix potential out of bounds access with in... • https://git.kernel.org/stable/c/4ed1a8d4a25711f780b96920fff2bb531229e322 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49502 – media: rga: fix possible memory leak in rga_probe
https://notcve.org/view.php?id=CVE-2022-49502
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: rga: fix possible memory leak in rga_probe rga->m2m_dev needs to be freed when rga_probe fails. • https://git.kernel.org/stable/c/8ddc89437ccefa18279918c19a61fd81527f40b9 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49501 – usbnet: Run unregister_netdev() before unbind() again
https://notcve.org/view.php?id=CVE-2022-49501
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregister_netdev() before unbind() again Commit 2c9d6c2b871d ("usbnet: run unbind() before unregister_netdev()") sought to fix a use-after-free on disconnect of USB Ethernet adapters. It turns out that a different fix is necessary to address the issue: https://lore.kernel.org/netdev/18b3541e5372bc9b9fc733d422f4e698c089077c.1650177997.git.lukas@wunner.de/ So the commit was not necessary. The commit made binding and unbinding of ... • https://git.kernel.org/stable/c/6d5deb242874d924beccf7eb3cef04c1c3b0da79 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49498 – ALSA: pcm: Check for null pointer of pointer substream before dereferencing it
https://notcve.org/view.php?id=CVE-2022-49498
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Check for null pointer of pointer substream before dereferencing it Pointer substream is being dereferenced on the assignment of pointer card before substream is being null checked with the macro PCM_RUNTIME_CHECK. Although PCM_RUNTIME_CHECK calls BUG_ON, it still is useful to perform the the pointer check before card is assigned. In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Check for null pointe... • https://git.kernel.org/stable/c/d4cfb30fce03093ad944e0b44bd8f40bdad5330e •