CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49749 – i2c: designware: use casting of u64 in clock multiplication to avoid overflow
https://notcve.org/view.php?id=CVE-2022-49749
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: designware: use casting of u64 in clock multiplication to avoid overflow In functions i2c_dw_scl_lcnt() and i2c_dw_scl_hcnt() may have overflow by depending on the values of the given parameters including the ic_clk. For example in our use case where ic_clk is larger than one million, multiplication of ic_clk * 4700 will result in 32 bit overflow. Add cast of u64 to the calculation to avoid multiplication overflow, and use the correspo... • https://git.kernel.org/stable/c/2373f6b9744d5373b886f3ce1a985193cca0a356 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49747 – erofs/zmap.c: Fix incorrect offset calculation
https://notcve.org/view.php?id=CVE-2022-49747
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: erofs/zmap.c: Fix incorrect offset calculation Effective offset to add to length was being incorrectly calculated, which resulted in iomap->length being set to 0, triggering a WARN_ON in iomap_iter_done(). Fix that, and describe it in comments. This was reported as a crash by syzbot under an issue about a warning encountered in iomap_iter_done(), but unrelated to erofs. C reproducer: https://syzkaller.appspot.com/text?tag=ReproC&x=1037a6b28... • https://git.kernel.org/stable/c/2144859229c1e74f52d3ea067338d314a83a8afb •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49746 – dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
https://notcve.org/view.php?id=CVE-2022-49746
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init If the function sdma_load_context() fails, the sdma_desc will be freed, but the allocated desc->bd is forgot to be freed. We already met the sdma_load_context() failure case and the log as below: [ 450.699064] imx-sdma 30bd0000.dma-controller: Timeout waiting for CH0 ready ... In this case, the desc->bd will not be freed without this change. In the Linux kernel, the follo... • https://git.kernel.org/stable/c/80ee99e52936b2c04cc37b17a14b2ae2f9d282ac •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49743 – ovl: Use "buf" flexible array for memcpy() destination
https://notcve.org/view.php?id=CVE-2022-49743
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ovl: Use "buf" flexible array for memcpy() destination The "buf" flexible array needs to be the memcpy() destination to avoid false positive run-time warning from the recent FORTIFY_SOURCE hardening: memcpy: detected field-spanning write (size 93) of single field "&fh->fb" at fs/overlayfs/export.c:799 (size 21) In the Linux kernel, the following vulnerability has been resolved: ovl: Use "buf" flexible array for memcpy() destination The "buf... • https://git.kernel.org/stable/c/a77141a06367825d639ac51b04703d551163e36c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49742 – f2fs: initialize locks earlier in f2fs_fill_super()
https://notcve.org/view.php?id=CVE-2022-49742
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: initialize locks earlier in f2fs_fill_super() syzbot is reporting lockdep warning at f2fs_handle_error() [1], for spin_lock(&sbi->error_lock) is called before spin_lock_init() is called. For safe locking in error handling, move initialization of locks (and obvious structures) in f2fs_fill_super() to immediately after memory allocation. In the Linux kernel, the following vulnerability has been resolved: f2fs: initialize locks earlier i... • https://git.kernel.org/stable/c/ddeff03bb33810fcf2f0c18e03d099cf0aacda62 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49741 – fbdev: smscufx: fix error handling code in ufx_usb_probe
https://notcve.org/view.php?id=CVE-2022-49741
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: fix error handling code in ufx_usb_probe The current error handling code in ufx_usb_probe have many unmatching issues, e.g., missing ufx_free_usb_list, destroy_modedb label should only include framebuffer_release, fb_dealloc_cmap only matches fb_alloc_cmap. My local syzkaller reports a memory leak bug: memory leak in ufx_usb_probe BUG: memory leak unreferenced object 0xffff88802f879580 (size 128): comm "kworker/0:7", pid 174... • https://git.kernel.org/stable/c/3b3d3127f5b4291ae4caaf50f7b66089ad600480 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49740 – wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads
https://notcve.org/view.php?id=CVE-2022-49740
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmf_construct_chaninfo() and brcmf_enable_bw40_2g() when the count value of channel specifications provided by the device is greater than the length of 'list->element[]', decided by the size of the 'list' allocated with kzalloc(). The patch adds checks that make the functions free the buf... • https://git.kernel.org/stable/c/9cf5e99c1ae1a85286a76c9a970202750538394c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49739 – gfs2: Always check inode size of inline inodes
https://notcve.org/view.php?id=CVE-2022-49739
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range when reading inodes from disk (gfs2_dinode_in()). This prevents us from on-disk corruption. The two checks in stuffed_readpage() and gfs2_unstuffer_page() that just truncate inline data to the maximum allowed size don't actually make sense, and they can be removed now as well. In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/45df749f827c286adbc951f2a4865b67f0442ba9 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49738 – f2fs: fix to do sanity check on i_extra_isize in is_alive()
https://notcve.org/view.php?id=CVE-2022-49738
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_extra_isize in is_alive() syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline] BUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline] BUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline] BUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 Read of size 4 at addr ffff888076557568 by task kwo... • https://git.kernel.org/stable/c/e5142a4935c1f15841d06047b8130078fc4d7b8f •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52936 – kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-52936
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() When calling deb... • https://git.kernel.org/stable/c/066ecbf1a53eb0b92b10c8df7808666be6ea5681 •