CVSS: 5.6EPSS: 0%CPEs: 11EXPL: 0CVE-2022-49389 – usb: usbip: fix a refcount leak in stub_probe()
https://notcve.org/view.php?id=CVE-2022-49389
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails after that, usb_put_dev() needs to be called to release the reference. Fix this by moving usb_put_dev() to sdev_free error path handling. Find this by code review. In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc... • https://git.kernel.org/stable/c/3ff67445750a84de67faaf52c6e1895cb09f2c56 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49388 – ubi: ubi_create_volume: Fix use-after-free when volume creation failed
https://notcve.org/view.php?id=CVE-2022-49388
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: ubi_create_volume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'eba_tbl' in ubi_create_volume()'s error handling path: ubi_eba_replace_table(vol, eba_tbl) vol->eba_tbl = tbl out_mapping: ubi_eba_destroy_table(eba_tbl) // Free 'eba_tbl' out_unlock: put_device(&vol->dev) vol_release kfree(tbl->entries) // UAF Fix it by removing redundant 'eba_tbl' releasing. Fetch a reproducer in [Link]. In the L... • https://git.kernel.org/stable/c/493cfaeaa0c9bc0c79ce5751193d49fdac9aaaec • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49386 – net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks
https://notcve.org/view.php?id=CVE-2022-49386
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. am65_cpsw_init_cpts() and am65_cpsw_nuss_probe() don't release the refcount in error case. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix some re... • https://git.kernel.org/stable/c/93a76530316a3d8cc2d82c3deca48424fee92100 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49385 – driver: base: fix UAF when driver_attach failed
https://notcve.org/view.php?id=CVE-2022-49385
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: driver: base: fix UAF when driver_attach failed When driver_attach(drv); failed, the driver_private will be freed. But it has been added to the bus, which caused a UAF. To fix it, we need to delete it from the bus when failed. In the Linux kernel, the following vulnerability has been resolved: driver: base: fix UAF when driver_attach failed When driver_attach(drv); failed, the driver_private will be freed. But it has been added to the bus, ... • https://git.kernel.org/stable/c/190888ac01d059e38ffe77a2291d44cafa9016fb • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49382 – soc: rockchip: Fix refcount leak in rockchip_grf_init
https://notcve.org/view.php?id=CVE-2022-49382
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: rockchip: Fix refcount leak in rockchip_grf_init of_find_matching_node_and_match returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: soc: rockchip: Fix refcount leak in rockchip_grf_init of_find_matching_node_and_match returns a node pointer with refcount incremented, we should... • https://git.kernel.org/stable/c/4c58063d4258f6beb4fd5647db6b58f49e337c8f •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49381 – jffs2: fix memory leak in jffs2_do_fill_super
https://notcve.org/view.php?id=CVE-2022-49381
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_fill_super If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object 0xffff888105a65340 (size 64): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 ... • https://git.kernel.org/stable/c/e631ddba588783edd521c5a89f7b2902772fb691 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49380 – f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
https://notcve.org/view.php?id=CVE-2022-49380
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215897 I have encountered a bug in F2FS file system in kernel v5.17. The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can reproduce the bug by running the following commands: The kernel message is shown below: kernel BUG at fs/f2fs/f2fs.h:2511! Call Trace: f2fs_remove_inode_page+0x2a2/... • https://git.kernel.org/stable/c/f8b3c3fcf33105bc1ee7788e3b51b0a1ae42ae53 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49379 – driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction
https://notcve.org/view.php?id=CVE-2022-49379
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Mounting NFS rootfs was timing out when deferred_probe_timeout was non-zero [1]. This was because ip_auto_config() initcall times out waiting for the network interfaces to show up when deferred_probe_timeout was non-zero. While ip_auto_config() calls wait_for_device_probe() to make sure any currently running deferred probe work or asynchronous probe finishes, that... • https://git.kernel.org/stable/c/35a672363ab3e8dfe4ebcadb4dd0b2d06bb85ebe •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49378 – sfc: fix considering that all channels have TX queues
https://notcve.org/view.php?id=CVE-2022-49378
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sfc: fix considering that all channels have TX queues Normally, all channels have RX and TX queues, but this is not true if modparam efx_separate_tx_channels=1 is used. In that cases, some channels only have RX queues and others only TX queues (or more preciselly, they have them allocated, but not initialized). Fix efx_channel_has_tx_queues to return the correct value for this case too. Messages shown at probe time before the fix: sfc 0000:... • https://git.kernel.org/stable/c/8700aff089843399f95bc7701ae87b642b35a716 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49377 – blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx
https://notcve.org/view.php?id=CVE-2022-49377
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx blk_mq_run_hw_queues() could be run when there isn't queued request and after queue is cleaned up, at that time tagset is freed, because tagset lifetime is covered by driver, and often freed after blk_cleanup_queue() returns. So don't touch ->tagset for figuring out current default hctx by the mapping built in request queue, so use-after-free on tagset can be avoided. Meantime this way shou... • https://git.kernel.org/stable/c/b6e68ee82585f2ee890b0a897a6aacbf49a467bb • CWE-416: Use After Free •