CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49319 – iommu/arm-smmu-v3: check return value after calling platform_get_resource()
https://notcve.org/view.php?id=CVE-2022-49319
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. • https://git.kernel.org/stable/c/54c1e0e3bbcab2abe25b2874a43050ae5df87831 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49318 – f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
https://notcve.org/view.php?id=CVE-2022-49318
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Syzbot triggers two WARNs in f2fs_is_valid_blkaddr and __is_bitmap_valid. For example, in f2fs_is_valid_blkaddr, if type is DATA_GENERIC_ENHANCE or DATA_GENERIC_ENHANCE_READ, it invokes WARN_ON if blkaddr is not in the right range. The call trace is as follows: f2fs_get_node_info+0x45f/0x1070 read_node_page+0x577/0x1190 __get_node_page.part.0+0x9e/0x10e0 __get_node_page f2fs_get_node_page+0x109/... • https://git.kernel.org/stable/c/0a7a1fc7e71eecf2e5053a6c312c9f0dcbb9b8fd •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49317 – f2fs: avoid infinite loop to flush node pages
https://notcve.org/view.php?id=CVE-2022-49317
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid infinite loop to flush node pages xfstests/generic/475 can give EIO all the time which give an infinite loop to flush node page like below. Let's avoid it. [16418.518551] Call Trace: [16418.518553] ? dm_submit_bio+0x48/0x400 [16418.518574] ? submit_bio_checks+0x1ac/0x5a0 [16418.525207] __submit_bio+0x1a9/0x230 [16418.525210] ? kmem_cache_alloc+0x29e/0x3c0 [16418.525223] submit_bio_noacct+0xa8/0x2b0 [16418.525226] submit_bio+0x4d... • https://git.kernel.org/stable/c/bd47ea5d776d8b524fb6f60de3240f95603901dd •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49316 – NFSv4: Don't hold the layoutget locks across multiple RPC calls
https://notcve.org/view.php?id=CVE-2022-49316
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open() compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr(). The reason is that those calls could trigger a recall, which could deadlock. • https://git.kernel.org/stable/c/6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49315 – drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
https://notcve.org/view.php?id=CVE-2022-49315
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() There is a deadlock in rtllib_beacons_stop(), which is shown below: (Thread 1) | (Thread 2) | rtllib_send_beacon() rtllib_beacons_stop() | mod_timer() spin_lock_irqsave() //(1) | (wait a time) ... | rtllib_send_beacon_cb() del_timer_sync() | spin_lock_irqsave() //(2) (wait timer to stop) | ... We hold ieee->beacon_lock in position (1) of thread 1 and use del_timer_sync() to w... • https://git.kernel.org/stable/c/4681129fda9e8555392eaaadb239ec6a6e2b3e12 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49314 – tty: Fix a possible resource leak in icom_probe
https://notcve.org/view.php?id=CVE-2022-49314
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: Fix a possible resource leak in icom_probe When pci_read_config_dword failed, call pci_release_regions() and pci_disable_device() to recycle the resource previously allocated. • https://git.kernel.org/stable/c/f4c836d90da1ece88905d62ce2ce39a962f25d1a •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49313 – drivers: usb: host: Fix deadlock in oxu_bus_suspend()
https://notcve.org/view.php?id=CVE-2022-49313
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxu_bus_suspend() There is a deadlock in oxu_bus_suspend(), which is shown below: (Thread 1) | (Thread 2) | timer_action() oxu_bus_suspend() | mod_timer() spin_lock_irq() //(1) | (wait a time) ... | oxu_watchdog() del_timer_sync() | spin_lock_irq() //(2) (wait timer to stop) | ... We hold oxu->lock in position (1) of thread 1, and use del_timer_sync() to wait timer to stop, but timer handler also need oxu... • https://git.kernel.org/stable/c/9b58d255f27b0ed6a2e43208960864d67579db58 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49312 – staging: rtl8712: fix a potential memory leak in r871xu_drv_init()
https://notcve.org/view.php?id=CVE-2022-49312
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix a potential memory leak in r871xu_drv_init() In r871xu_drv_init(), if r8712_init_drv_sw() fails, then the memory allocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not properly released as there is no action will be performed by r8712_usb_dvobj_deinit(). To properly release it, we should call r8712_free_io_queue() in r8712_usb_dvobj_deinit(). Besides, in r871xu_dev_remove(), r8712_usb_dvobj_deinit() will ... • https://git.kernel.org/stable/c/5a89a92efc342dd7c44b6056da87debc598f9c73 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49311 – drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()
https://notcve.org/view.php?id=CVE-2022-49311
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() There is a deadlock in rtw_joinbss_event_prehandle(), which is shown below: (Thread 1) | (Thread 2) | _set_timer() rtw_joinbss_event_prehandle()| mod_timer() spin_lock_bh() //(1) | (wait a time) ... | _rtw_join_timeout_handler() del_timer_sync() | spin_lock_bh() //(2) (wait timer to stop) | ... We hold pmlmepriv->lock in position (1) of thread 1 and use del_timer_syn... • https://git.kernel.org/stable/c/ae60744d5fad840b9d056d35b4b652d95e755846 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49310 – char: xillybus: fix a refcount leak in cleanup_dev()
https://notcve.org/view.php?id=CVE-2022-49310
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: char: xillybus: fix a refcount leak in cleanup_dev() usb_get_dev is called in xillyusb_probe. So it is better to call usb_put_dev before xdev is released. • https://git.kernel.org/stable/c/bc8fceda3b89006e8a7dda8a097d36045d044c25 •