CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49477 – ASoC: samsung: Fix refcount leak in aries_audio_probe
https://notcve.org/view.php?id=CVE-2022-49477
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: samsung: Fix refcount leak in aries_audio_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. If extcon_find_edev_by_node() fails, it doesn't call of_node_put() Calling of_node_put() after extcon_find_edev_by_node() to fix this. In the Linux kernel, the following vulnerability has been resolved: ASoC: samsung: Fix refcount leak in aries_audio_probe of_parse_phandle() ... • https://git.kernel.org/stable/c/7a3a7671fa6c7e90aff5f4242add2a40587b85ef •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49476 – mt76: mt7921: fix kernel crash at mt7921_pci_remove
https://notcve.org/view.php?id=CVE-2022-49476
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel crash at mt7921_pci_remove The crash log shown it is possible that mt7921_irq_handler is called while devm_free_irq is being handled so mt76_free_device need to be postponed until devm_free_irq is completed to solve the crash we free the mt76 device too early. [ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 9299.339705] #PF: supervisor read access in kernel mode [ 9299.339735] #PF: e... • https://git.kernel.org/stable/c/5c14a5f944b91371961548b1907802f74a4d2e5c •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49475 – spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()
https://notcve.org/view.php?id=CVE-2022-49475
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() It will cause null-ptr-deref if platform_get_resource_byname() returns NULL, we need check the return value. In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() It will cause null-ptr-deref if platform_get_resource_byname() returns NULL, we need check the return... • https://git.kernel.org/stable/c/858e26a515c28df3ef542d9c09493b54a329d6cf •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-49474 – Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
https://notcve.org/view.php?id=CVE-2022-49474
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Connecting the same socket twice consecutively in sco_sock_connect() could lead to a race condition where two sco_conn objects are created but only one is associated with the socket. If the socket is closed before the SCO connection is established, the timer associated with the dangling sco_conn object won't be canceled. As the sock object is being freed, the use-after-... • https://git.kernel.org/stable/c/22c66af08230a7030bdb88accffaec3424695631 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49473 – ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
https://notcve.org/view.php?id=CVE-2022-49473
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not needed anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* of_parse_phandle() returns a node pointer with refcount incremented, we should... • https://git.kernel.org/stable/c/6748d05590594837e42dfa975879fb275099f0b2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49472 – net: phy: micrel: Allow probing without .driver_data
https://notcve.org/view.php?id=CVE-2022-49472
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driver_data Currently, if the .probe element is present in the phy_driver structure and the .driver_data is not, a NULL pointer dereference happens. Allow passing .probe without .driver_data by inserting NULL checks for priv->type. In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driver_data Currently, if the .probe element is present in the... • https://git.kernel.org/stable/c/7dcb404662839a4ed1a9703658fee979eb894ca4 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49471 – rtw89: cfo: check mac_id to avoid out-of-bounds
https://notcve.org/view.php?id=CVE-2022-49471
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtw89: cfo: check mac_id to avoid out-of-bounds Somehow, hardware reports incorrect mac_id and pollute memory. Check index before we access the array. UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23 index 188 is out of range for type 's32 [64]' CPU: 1 PID: 51550 Comm: irq/35-rtw89_pc Tainted: G OE Call Trace:
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49470 – Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event
https://notcve.org/view.php?id=CVE-2022-49470
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event We should not access skb buffer data anymore after hci_recv_frame was called. [ 39.634809] BUG: KASAN: use-after-free in btmtksdio_recv_event+0x1b0 [ 39.634855] Read of size 1 at addr ffffff80cf28a60d by task kworker [ 39.634962] Call trace: [ 39.634974] dump_backtrace+0x0/0x3b8 [ 39.634999] show_stack+0x20/0x2c [ 39.635016] dump_stack_lvl+0x60/0x78 [ 39.635040] print_address_... • https://git.kernel.org/stable/c/9aebfd4a2200ab8075e44379c758bccefdc589bb • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49469 – btrfs: fix anon_dev leak in create_subvol()
https://notcve.org/view.php?id=CVE-2022-49469
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anon_dev leak in create_subvol() When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root() fail in create_subvol(), we return without freeing anon_dev. Reorganize the error handling in create_subvol() to fix this. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anon_dev leak in create_subvol() When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root() fail in creat... • https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49468 – thermal/core: Fix memory leak in __thermal_cooling_device_register()
https://notcve.org/view.php?id=CVE-2022-49468
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: thermal/core: Fix memory leak in __thermal_cooling_device_register() I got memory leak as follows when doing fault injection test: unreferenced object 0xffff888010080000 (size 264312): comm "182", pid 102533, jiffies 4296434960 (age 10.100s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff 40 7f 1f b9 ff ff ff ff ........@....... backtrace: [<0000000038b2f4fc>] kmalloc_order... • https://git.kernel.org/stable/c/8ea229511e06f9635ecc338dcbe0db41a73623f0 •