CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49522 – mmc: jz4740: Apply DMA engine limits to maximum segment size
https://notcve.org/view.php?id=CVE-2022-49522
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: jz4740: Apply DMA engine limits to maximum segment size Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and limit the maximum segment size based on the DMA engine's capabilities. This is needed to avoid warnings like the following with CONFIG_DMA_API_DEBUG=y. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 21 at kernel/dma/debug.c:1162 debug_dma_map_sg+0x2f4/0x39c DMA-API: jz4780-dma 13420000.dma-contr... • https://git.kernel.org/stable/c/7923f95997a79cef2ad161a2facae64c25a0bca0 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49521 – scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
https://notcve.org/view.php?id=CVE-2022-49521
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() If no handler is found in lpfc_complete_unsol_iocb() to match the rctl of a received frame, the frame is dropped and resources are leaked. Fix by returning resources when discarding an unhandled frame type. Update lpfc_fc_frame_check() handling of NOP basic link service. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfc_sli4_... • https://git.kernel.org/stable/c/fa1b509d41c5433672f72c0615cf4aefa0611c99 •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49520 – arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
https://notcve.org/view.php?id=CVE-2022-49520
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall If a compat process tries to execute an unknown system call above the __ARM_NR_COMPAT_END number, the kernel sends a SIGILL signal to the offending process. Information about the error is printed to dmesg in compat_arm_syscall() -> arm64_notify_die() -> arm64_force_sig_fault() -> arm64_show_signal(). arm64_show_signal() interprets a non-zero value for current->thread.fa... • https://git.kernel.org/stable/c/efd183d988b416fcdf6f7c298a17ced4859ca77d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49519 – ath10k: skip ath10k_halt during suspend for driver state RESTARTING
https://notcve.org/view.php?id=CVE-2022-49519
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath10k: skip ath10k_halt during suspend for driver state RESTARTING Double free crash is observed when FW recovery(caused by wmi timeout/crash) is followed by immediate suspend event. The FW recovery is triggered by ath10k_core_restart() which calls driver clean up via ath10k_halt(). When the suspend event occurs between the FW recovery, the restart worker thread is put into frozen state until suspend completes. The suspend event triggers a... • https://git.kernel.org/stable/c/8aa3750986ffcf73e0692db3b40dd3a8e8c0c575 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49517 – ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
https://notcve.org/view.php?id=CVE-2022-49517
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe This node pointer is returned by of_parse_phandle() with refcount incremented in this function. Calling of_node_put() to avoid the refcount leak. In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe This node pointer is returned by of_parse_phandle() with refcount incremented in this fu... • https://git.kernel.org/stable/c/8625c1dbd87631572f8e2c05bc67736b73d6f02f •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49514 – ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
https://notcve.org/view.php?id=CVE-2022-49514
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Call of_node_put(platform_node) to avoid refcount leak in the error path. In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Call of_node_put(platform_node) to avoid refcount leak in the error path. • https://git.kernel.org/stable/c/94319ba10ecabc8f28129566d1f5793e3e7a0a79 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49513 – cpufreq: governor: Use kobject release() method to free dbs_data
https://notcve.org/view.php?id=CVE-2022-49513
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release() method to free dbs_data The struct dbs_data embeds a struct gov_attr_set and the struct gov_attr_set embeds a kobject. Since every kobject must have a release() method and we can't use kfree() to free it directly, so introduce cpufreq_dbs_data_release() to release the dbs_data via the kobject::release() method. This fixes the calltrace like below: ODEBUG: free active (active state 0) object type: tim... • https://git.kernel.org/stable/c/c4435630361d9bebf7154a0c842dc1fb7ae39c99 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49512 – mtd: rawnand: denali: Use managed device resources
https://notcve.org/view.php?id=CVE-2022-49512
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: denali: Use managed device resources All of the resources used by this driver has managed interfaces, so use them. Otherwise we will get the following splat: [ 4.472703] denali-nand-pci 0000:00:05.0: timeout while waiting for irq 0x1000 [ 4.474071] denali-nand-pci: probe of 0000:00:05.0 failed with error -5 [ 4.473538] nand: No NAND device found [ 4.474068] BUG: unable to handle page fault for address: ffffc90005000410 [ 4.475... • https://git.kernel.org/stable/c/93db446a424cee9387b532995e6b516667079555 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49508 – HID: elan: Fix potential double free in elan_input_configured
https://notcve.org/view.php?id=CVE-2022-49508
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elan_input_configured 'input' is a managed resource allocated with devm_input_allocate_device(), so there is no need to call input_free_device() explicitly or there will be a double free. According to the doc of devm_input_allocate_device(): * Managed input devices do not need to be explicitly unregistered or * freed as it will be done automatically when owner device unbinds from * its driver (or bind... • https://git.kernel.org/stable/c/9a6a4193d65b853020ef0e66cecdf9e64a863883 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-49505 – NFC: NULL out the dev->rfkill to prevent UAF
https://notcve.org/view.php?id=CVE-2022-49505
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFC: NULL out the dev->rfkill to prevent UAF Commit 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register_device") assumes the device_is_registered() in function nfc_dev_up() will help to check when the rfkill is unregistered. However, this check only take effect when device_del(&dev->dev) is done in nfc_unregister_device(). Hence, the rfkill object is still possible be dereferenced. The crash trace in latest kernel (5.18-rc2): [ 68.76... • https://git.kernel.org/stable/c/ff169909eac9e00bf1aa0af739ba6ddfb1b1d135 • CWE-416: Use After Free •