CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49197 – af_netlink: Fix shift out of bounds in group mask calculation
https://notcve.org/view.php?id=CVE-2022-49197
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: af_netlink: Fix shift out of bounds in group mask calculation When a netlink message is received, netlink_recvmsg() fills in the address of the sender. One of the fields is the 32-bit bitfield nl_groups, which carries the multicast group on which the message was received. The least significant bit corresponds to group 1, and therefore the highest group that the field can represent is 32. Above that, the UB sanitizer flags the out-of-bounds ... • https://git.kernel.org/stable/c/f7fa9b10edbb9391bdd4ec8e8b3d621d0664b198 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49196 – powerpc/pseries: Fix use after free in remove_phb_dynamic()
https://notcve.org/view.php?id=CVE-2022-49196
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix use after free in remove_phb_dynamic() In remove_phb_dynamic() we use &phb->io_resource, after we've called device_unregister(&host_bridge->dev). But the unregister may have freed phb, because pcibios_free_controller_deferred() is the release function for the host_bridge. If there are no outstanding references when we call device_unregister() then phb will be freed out from under us. This has gone mainly unnoticed, but ... • https://git.kernel.org/stable/c/2dd9c11b9d4dfbd6c070eab7b81197f65e82f1a0 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49194 – net: bcmgenet: Use stronger register read/writes to assure ordering
https://notcve.org/view.php?id=CVE-2022-49194
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Use stronger register read/writes to assure ordering GCC12 appears to be much smarter about its dependency tracking and is aware that the relaxed variants are just normal loads and stores and this is causing problems like: [ 210.074549] ------------[ cut here ]------------ [ 210.079223] NETDEV WATCHDOG: enabcm6e4ei0 (bcmgenet): transmit queue 1 timed out [ 210.086717] WARNING: CPU: 1 PID: 0 at net/sched/sch_generic.c:529 dev_... • https://git.kernel.org/stable/c/69d2ea9c798983c4a7157278ec84ff969d1cd8e8 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49191 – mxser: fix xmit_buf leak in activate when LSR == 0xff
https://notcve.org/view.php?id=CVE-2022-49191
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmit_buf leak in activate when LSR == 0xff When LSR is 0xff in ->activate() (rather unlike), we return an error. Provided ->shutdown() is not called when ->activate() fails, nothing actually frees the buffer in this case. Fix this by properly freeing the buffer in a designated label. We jump there also from the "!info->type" if now too. • https://git.kernel.org/stable/c/6769140d304731f0a3b177470a2adb4bacd9036b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49190 – kernel/resource: fix kfree() of bootmem memory again
https://notcve.org/view.php?id=CVE-2022-49190
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree() of bootmem memory again Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_resource(). And it's required to release the resource using free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case. • https://git.kernel.org/stable/c/ebff7d8f270d045338d9f4796014f4db429a17f9 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49189 – clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
https://notcve.org/view.php?id=CVE-2022-49189
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a requirement on certain newer platforms to support M/N as (2/3) and the final D value calculated results in underflow errors. As the current implementation does not check for D value is within the accepted range for a given M & N value. Update the logic to calculate the final D value based on the range. • https://git.kernel.org/stable/c/99cbd064b059f222c8839ba433a68b2d6ee33066 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49188 – remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region
https://notcve.org/view.php?id=CVE-2022-49188
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region The device_node pointer is returned by of_parse_phandle() or of_get_child_by_name() with refcount incremented. We should use of_node_put() on it when done. This function only call of_node_put(node) when of_address_to_resource succeeds, missing error cases. • https://git.kernel.org/stable/c/051fb70fd4ea40fbc7139186a4890b2fe5cb1e76 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49185 – pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
https://notcve.org/view.php?id=CVE-2022-49185
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe This node pointer is returned by of_parse_phandle() with refcount incremented in this function. Calling of_node_put() to avoid the refcount leak. • https://git.kernel.org/stable/c/32e67eee670e1254ee5ab41e2f454680acb9c17c •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49180 – LSM: general protection fault in legacy_parse_param
https://notcve.org/view.php?id=CVE-2022-49180
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacy_parse_param The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular case Smack sees a mount option that it recognizes, and returns 0. A call to a BPF hook follows, which returns -ENOPARAM, which confuses the caller because Smack has processed its data. The SELinux hook incorrectl... • https://git.kernel.org/stable/c/ddcdda888e14ca451b3ee83d11b65b2a9c8e783b •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49179 – block, bfq: don't move oom_bfqq
https://notcve.org/view.php?id=CVE-2022-49179
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq Our test report a UAF: [ 2073.019181] ================================================================== [ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168 [ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584 [ 2073.019192] [ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5 [ 2073.019198] Hardware name: QEMU KVM Virtual Machine... • https://git.kernel.org/stable/c/c4f5a678add58a8a0e7ee5e038496b376ea6d205 • CWE-416: Use After Free •