CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49390 – macsec: fix UAF bug for real_dev
https://notcve.org/view.php?id=CVE-2022-49390
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev Create a new macsec device but not get reference to real_dev. That can not ensure that real_dev is freed after macsec. That will trigger the UAF bug for real_dev as following: ================================================================== BUG: KASAN: use-after-free in macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662 Call Trace: ... macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662 dev_get_iflink... • https://git.kernel.org/stable/c/2bce1ebed17da54c65042ec2b962e3234bad5b47 •
CVSS: -EPSS: %CPEs: 11EXPL: 0CVE-2022-49389 – usb: usbip: fix a refcount leak in stub_probe()
https://notcve.org/view.php?id=CVE-2022-49389
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails after that, usb_put_dev() needs to be called to release the reference. Fix this by moving usb_put_dev() to sdev_free error path handling. Find this by code review. • https://git.kernel.org/stable/c/3ff67445750a84de67faaf52c6e1895cb09f2c56 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49388 – ubi: ubi_create_volume: Fix use-after-free when volume creation failed
https://notcve.org/view.php?id=CVE-2022-49388
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: ubi_create_volume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'eba_tbl' in ubi_create_volume()'s error handling path: ubi_eba_replace_table(vol, eba_tbl) vol->eba_tbl = tbl out_mapping: ubi_eba_destroy_table(eba_tbl) // Free 'eba_tbl' out_unlock: put_device(&vol->dev) vol_release kfree(tbl->entries) // UAF Fix it by removing redundant 'eba_tbl' releasing. Fetch a reproducer in [Link]. • https://git.kernel.org/stable/c/493cfaeaa0c9bc0c79ce5751193d49fdac9aaaec •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49387 – watchdog: rzg2l_wdt: Fix 32bit overflow issue
https://notcve.org/view.php?id=CVE-2022-49387
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2l_wdt: Fix 32bit overflow issue The value of timer_cycle_us can be 0 due to 32bit overflow. For eg:- If we assign the counter value "0xfff" for computing maxval. This patch fixes this issue by appending ULL to 1024, so that it is promoted to 64bit. This patch also fixes the warning message, 'watchdog: Invalid min and max timeout values, resetting to 0!'. • https://git.kernel.org/stable/c/2cbc5cd0b55fa2310cc557c77b0665f5e00272de •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49386 – net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks
https://notcve.org/view.php?id=CVE-2022-49386
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. am65_cpsw_init_cpts() and am65_cpsw_nuss_probe() don't release the refcount in error case. Add missing of_node_put() to avoid refcount leak. • https://git.kernel.org/stable/c/93a76530316a3d8cc2d82c3deca48424fee92100 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49385 – driver: base: fix UAF when driver_attach failed
https://notcve.org/view.php?id=CVE-2022-49385
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: driver: base: fix UAF when driver_attach failed When driver_attach(drv); failed, the driver_private will be freed. But it has been added to the bus, which caused a UAF. To fix it, we need to delete it from the bus when failed. • https://git.kernel.org/stable/c/190888ac01d059e38ffe77a2291d44cafa9016fb •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49384 – md: fix double free of io_acct_set bioset
https://notcve.org/view.php?id=CVE-2022-49384
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: md: fix double free of io_acct_set bioset Now io_acct_set is alloc and free in personality. Remove the codes that free io_acct_set in md_free and md_stop. • https://git.kernel.org/stable/c/00e3d58f50a875343124bcf5a9637520a492b0d1 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2022-49383 – watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context'
https://notcve.org/view.php?id=CVE-2022-49383
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context' This patch fixes the issue 'BUG: Invalid wait context' during restart() callback by using clk_prepare_enable() instead of pm_runtime_get_sync() for turning on the clocks during restart. This issue is noticed when testing with renesas_defconfig. [ 42.213802] reboot: Restarting system [ 42.217860] [ 42.219364] ============================= [ 42.223368] [ BUG: Invalid wait context ] [ 42.227... • https://git.kernel.org/stable/c/2cbc5cd0b55fa2310cc557c77b0665f5e00272de •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49382 – soc: rockchip: Fix refcount leak in rockchip_grf_init
https://notcve.org/view.php?id=CVE-2022-49382
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: rockchip: Fix refcount leak in rockchip_grf_init of_find_matching_node_and_match returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. • https://git.kernel.org/stable/c/4c58063d4258f6beb4fd5647db6b58f49e337c8f •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49381 – jffs2: fix memory leak in jffs2_do_fill_super
https://notcve.org/view.php?id=CVE-2022-49381
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_fill_super If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object 0xffff888105a65340 (size 64): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 ... • https://git.kernel.org/stable/c/e631ddba588783edd521c5a89f7b2902772fb691 •