CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49480 – ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe
https://notcve.org/view.php?id=CVE-2022-49480
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe of_find_device_by_node() takes reference, we should use put_device() to release it. when devm_kzalloc() fails, it doesn't have a put_device(), it will cause refcount leak. Add missing put_device() to fix this. In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe of_find_device_by_node() takes reference, we should use put_de... • https://git.kernel.org/stable/c/6a5f850aa83a1d844d27e3e53ca2f247e55d438b •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49479 – mt76: fix tx status related use-after-free race on station removal
https://notcve.org/view.php?id=CVE-2022-49479
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: fix tx status related use-after-free race on station removal There is a small race window where ongoing tx activity can lead to a skb getting added to the status tracking idr after that idr has already been cleaned up, which will keep the wcid linked in the status poll list. Fix this by only adding status skbs if the wcid pointer is still assigned in dev->wcid, which gets cleared early by mt76_sta_pre_rcu_remove In the Linux kernel, t... • https://git.kernel.org/stable/c/bd1e3e7b693c17a04e7d2bd9119daa482b7c7720 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49478 – media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
https://notcve.org/view.php?id=CVE-2022-49478
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Syzbot reported that -1 is used as array index. The problem was in missing validation check. hdw->unit_number is initialized with -1 and then if init table walk fails this value remains unchanged. Since code blindly uses this member for array indexing adding sanity check is the easiest fix for that. hdw->workpoll initialization moved upper to prevent warning in __flush_work... • https://git.kernel.org/stable/c/d855497edbfbf9e19a17f4a1154bca69cb4bd9ba •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49477 – ASoC: samsung: Fix refcount leak in aries_audio_probe
https://notcve.org/view.php?id=CVE-2022-49477
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: samsung: Fix refcount leak in aries_audio_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. If extcon_find_edev_by_node() fails, it doesn't call of_node_put() Calling of_node_put() after extcon_find_edev_by_node() to fix this. In the Linux kernel, the following vulnerability has been resolved: ASoC: samsung: Fix refcount leak in aries_audio_probe of_parse_phandle() ... • https://git.kernel.org/stable/c/7a3a7671fa6c7e90aff5f4242add2a40587b85ef •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49476 – mt76: mt7921: fix kernel crash at mt7921_pci_remove
https://notcve.org/view.php?id=CVE-2022-49476
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel crash at mt7921_pci_remove The crash log shown it is possible that mt7921_irq_handler is called while devm_free_irq is being handled so mt76_free_device need to be postponed until devm_free_irq is completed to solve the crash we free the mt76 device too early. [ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 9299.339705] #PF: supervisor read access in kernel mode [ 9299.339735] #PF: e... • https://git.kernel.org/stable/c/5c14a5f944b91371961548b1907802f74a4d2e5c •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49475 – spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()
https://notcve.org/view.php?id=CVE-2022-49475
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() It will cause null-ptr-deref if platform_get_resource_byname() returns NULL, we need check the return value. In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() It will cause null-ptr-deref if platform_get_resource_byname() returns NULL, we need check the return... • https://git.kernel.org/stable/c/858e26a515c28df3ef542d9c09493b54a329d6cf •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-49474 – Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
https://notcve.org/view.php?id=CVE-2022-49474
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Connecting the same socket twice consecutively in sco_sock_connect() could lead to a race condition where two sco_conn objects are created but only one is associated with the socket. If the socket is closed before the SCO connection is established, the timer associated with the dangling sco_conn object won't be canceled. As the sock object is being freed, the use-after-... • https://git.kernel.org/stable/c/22c66af08230a7030bdb88accffaec3424695631 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49473 – ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
https://notcve.org/view.php?id=CVE-2022-49473
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not needed anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* of_parse_phandle() returns a node pointer with refcount incremented, we should... • https://git.kernel.org/stable/c/6748d05590594837e42dfa975879fb275099f0b2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49472 – net: phy: micrel: Allow probing without .driver_data
https://notcve.org/view.php?id=CVE-2022-49472
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driver_data Currently, if the .probe element is present in the phy_driver structure and the .driver_data is not, a NULL pointer dereference happens. Allow passing .probe without .driver_data by inserting NULL checks for priv->type. In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driver_data Currently, if the .probe element is present in the... • https://git.kernel.org/stable/c/7dcb404662839a4ed1a9703658fee979eb894ca4 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49471 – rtw89: cfo: check mac_id to avoid out-of-bounds
https://notcve.org/view.php?id=CVE-2022-49471
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtw89: cfo: check mac_id to avoid out-of-bounds Somehow, hardware reports incorrect mac_id and pollute memory. Check index before we access the array. UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23 index 188 is out of range for type 's32 [64]' CPU: 1 PID: 51550 Comm: irq/35-rtw89_pc Tainted: G OE Call Trace: