CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49235 – ath9k_htc: fix uninit value bugs
https://notcve.org/view.php?id=CVE-2022-49235
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htc_connect_service() svc_meta_len and pad are not initialized. Based on code it looks like in current skb there is no service data, so simply initialize svc_meta_len to 0. htc_issue_send() does not initialize htc_frame_hdr::control array. Based on firmware code, it will initialize it by itself, so simply zero w... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49232 – drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
https://notcve.org/view.php?id=CVE-2022-49232
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() In amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode() is assigned to mode and is passed to drm_mode_probed_add() directly after that. drm_mode_probed_add() passes &mode->head to list_add_tail(), and there is a dereference of it in list_add_tail() without recoveries, which could lead to NULL pointer dereference on failure of amdgpu_d... • https://git.kernel.org/stable/c/e7b07ceef2a650e5ed8ca37997689e086c680daf •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49226 – net: asix: add proper error handling of usb read errors
https://notcve.org/view.php?id=CVE-2022-49226
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asix_read_cmd() reads less bytes, than was requested by caller. Since all read requests are performed via asix_read_cmd() let's catch usb related error there and add __must_check notation to be sure all callers actually check return value. So, this patch adds sanity check inside asix_read_cmd(), that simpl... • https://git.kernel.org/stable/c/d9fe64e511144c1ee7d7555b4111f09dde9692ef •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49224 – power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
https://notcve.org/view.php?id=CVE-2022-49224
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add(): If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Fix memory leak by calling kobject_put(). • https://git.kernel.org/stable/c/8c0984e5a75337df513047ec92a6c09d78e3e5cd •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49220 – dax: make sure inodes are flushed before destroy cache
https://notcve.org/view.php?id=CVE-2022-49220
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dax: make sure inodes are flushed before destroy cache A bug can be triggered by following command $ modprobe nd_pmem && modprobe -r nd_pmem [ 10.060014] BUG dax_cache (Not tainted): Objects remaining in dax_cache on __kmem_cache_shutdown() [ 10.060938] Slab 0x0000000085b729ac objects=9 used=1 fp=0x000000004f5ae469 flags=0x200000000010200(slab|head|node) [ 10.062433] Call Trace: [ 10.062673] dump_stack_lvl+0x34/0x44 [ 10.062865] slab_err+0x... • https://git.kernel.org/stable/c/7b6be8444e0f0dd675b54d059793423d3c9b4c03 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49217 – scsi: pm8001: Fix abort all task initialization
https://notcve.org/view.php?id=CVE-2022-49217
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xx_send_abort_all(), the n_elem field of the ccb used is not initialized to 0. This missing initialization sometimes lead to the task completion path seeing the ccb with a non-zero n_elem resulting in the execution of invalid dma_unmap_sg() calls in pm8001_ccb_task_free(), causing a crash such as: [ 197.676341] RIP: 0010:iommu_dma_unmap_sg+0x6d/0x280 [ 197.700204] RSP: 0018:ffff889bbcf8... • https://git.kernel.org/stable/c/c6b9ef5779c3e1edfa9de949d2a51252bc347663 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49216 – drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
https://notcve.org/view.php?id=CVE-2022-49216
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Fix reference leak in tegra_dsi_ganged_probe The reference taken by 'of_find_device_by_node()' must be released when not needed anymore. Add put_device() call to fix this. • https://git.kernel.org/stable/c/e94236cde4d519cdecd45e2435defba33abdc99f •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49212 – mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
https://notcve.org/view.php?id=CVE-2022-49212
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init The reference counting issue happens in several error handling paths on a refcounted object "nc->dmac". In these paths, the function simply returns the error code, forgetting to balance the reference count of "nc->dmac", increased earlier by dma_request_channel(), which may cause refcount leaks. Fix it by decrementing the refcount of specific object in those error paths. • https://git.kernel.org/stable/c/f88fc122cc34c2545dec9562eaab121494e401ef •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49197 – af_netlink: Fix shift out of bounds in group mask calculation
https://notcve.org/view.php?id=CVE-2022-49197
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: af_netlink: Fix shift out of bounds in group mask calculation When a netlink message is received, netlink_recvmsg() fills in the address of the sender. One of the fields is the 32-bit bitfield nl_groups, which carries the multicast group on which the message was received. The least significant bit corresponds to group 1, and therefore the highest group that the field can represent is 32. Above that, the UB sanitizer flags the out-of-bounds ... • https://git.kernel.org/stable/c/f7fa9b10edbb9391bdd4ec8e8b3d621d0664b198 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49196 – powerpc/pseries: Fix use after free in remove_phb_dynamic()
https://notcve.org/view.php?id=CVE-2022-49196
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix use after free in remove_phb_dynamic() In remove_phb_dynamic() we use &phb->io_resource, after we've called device_unregister(&host_bridge->dev). But the unregister may have freed phb, because pcibios_free_controller_deferred() is the release function for the host_bridge. If there are no outstanding references when we call device_unregister() then phb will be freed out from under us. This has gone mainly unnoticed, but ... • https://git.kernel.org/stable/c/2dd9c11b9d4dfbd6c070eab7b81197f65e82f1a0 •