CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49430 – Input: gpio-keys - cancel delayed work only in case of GPIO
https://notcve.org/view.php?id=CVE-2022-49430
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys - cancel delayed work only in case of GPIO gpio_keys module can either accept gpios or interrupts. The module initializes delayed work in case of gpios only and is only used if debounce timer is not used, so make sure cancel_delayed_work_sync() is called only when its gpio-backed and debounce_use_hrtimer is false. This fixes the issue seen below when the gpio_keys module is unloaded and an interrupt pin is used instead of G... • https://git.kernel.org/stable/c/96c460687813915dedca9dd7d04ae0e90607fd79 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49429 – RDMA/hfi1: Prevent panic when SDMA is disabled
https://notcve.org/view.php?id=CVE-2022-49429
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent panic when SDMA is disabled If the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to hfi1_write_iter() will dereference a NULL pointer and panic. A typical stack frame is: sdma_select_user_engine [hfi1] hfi1_user_sdma_process_request [hfi1] hfi1_write_iter [hfi1] do_iter_readv_writev do_iter_write vfs_writev do_writev do_syscall_64 The fix is to test for SDMA in hfi1_write_iter() and fail the I/O with EINVAL. In the... • https://git.kernel.org/stable/c/33794e8e9bcb4affc0ebff9cdec85acc8b8a1762 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49428 – f2fs: fix to do sanity check on inline_dots inode
https://notcve.org/view.php?id=CVE-2022-49428
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on inline_dots inode As Wenqing reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215765 It will cause a kernel panic with steps: - mkdir mnt - mount tmp40.img mnt - ls mnt folio_mark_dirty+0x33/0x50 f2fs_add_regular_entry+0x541/0xad0 [f2fs] f2fs_add_dentry+0x6c/0xb0 [f2fs] f2fs_do_add_link+0x182/0x230 [f2fs] __recover_dot_dentries+0x2d6/0x470 [f2fs] f2fs_lookup+0x5af/0x6a0 [f2fs] __lookup_slow+0... • https://git.kernel.org/stable/c/510022a85839a8409d1e6a519bb86ce71a84f30a •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49427 – iommu/mediatek: Remove clk_disable in mtk_iommu_remove
https://notcve.org/view.php?id=CVE-2022-49427
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Remove clk_disable in mtk_iommu_remove After the commit b34ea31fe013 ("iommu/mediatek: Always enable the clk on resume"), the iommu clock is controlled by the runtime callback. thus remove the clk control in the mtk_iommu_remove. Otherwise, it will warning like: echo 14018000.iommu > /sys/bus/platform/drivers/mtk-iommu/unbind [ 51.413044] ------------[ cut here ]------------ [ 51.413648] vpp0_smi_iommu already disabled [ 51.... • https://git.kernel.org/stable/c/b34ea31fe013569d42b7e8681ef3f717f77c5b72 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49426 – iommu/arm-smmu-v3-sva: Fix mm use-after-free
https://notcve.org/view.php?id=CVE-2022-49426
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3-sva: Fix mm use-after-free We currently call arm64_mm_context_put() without holding a reference to the mm, which can result in use-after-free. Call mmgrab()/mmdrop() to ensure the mm only gets freed after we unpinned the ASID. In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3-sva: Fix mm use-after-free We currently call arm64_mm_context_put() without holding a reference to the mm, which ... • https://git.kernel.org/stable/c/32784a9562fb0518b12e9797ee2aec52214adf6f • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49425 – f2fs: fix dereference of stale list iterator after loop body
https://notcve.org/view.php?id=CVE-2022-49425
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix dereference of stale list iterator after loop body The list iterator variable will be a bogus pointer if no break was hit. Dereferencing it (cur->page in this case) could load an out-of-bounds/undefined value making it unsafe to use that in the comparision to determine if the specific element was found. Since 'cur->page' *can* be out-ouf-bounds it cannot be guaranteed that by chance (or intention of an attacker) it matches the val... • https://git.kernel.org/stable/c/8c242db9b8c01b252290e23827163787f07e01d1 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49424 – iommu/mediatek: Fix NULL pointer dereference when printing dev_name
https://notcve.org/view.php?id=CVE-2022-49424
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer dereference when printing dev_name When larbdev is NULL (in the case I hit, the node is incorrectly set iommus = <&iommu NUM>), it will cause device_link_add() fail and kernel crashes when we try to print dev_name(larbdev). Let's fail the probe if a larbdev is NULL to avoid invalid inputs from dts. It should work for normal correct setting and avoid the crash caused by my incorrect setting. Error log: [ 18.1... • https://git.kernel.org/stable/c/77fbe028d5a3f7fc6060c4454ead9510533acd1e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49423 – rtla: Avoid record NULL pointer dereference
https://notcve.org/view.php?id=CVE-2022-49423
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtla: Avoid record NULL pointer dereference Fix the following null/deref_null.cocci errors: ./tools/tracing/rtla/src/osnoise_hist.c:870:31-36: ERROR: record is NULL but dereferenced. ./tools/tracing/rtla/src/osnoise_top.c:650:31-36: ERROR: record is NULL but dereferenced. ./tools/tracing/rtla/src/timerlat_hist.c:905:31-36: ERROR: record is NULL but dereferenced. ./tools/tracing/rtla/src/timerlat_top.c:700:31-36: ERROR: record is NULL but de... • https://git.kernel.org/stable/c/51d64c3a181938da8fb56404524e15776e9c6bf8 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49422 – dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
https://notcve.org/view.php?id=CVE-2022-49422
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix the error handling path in idxd_cdev_register() If a call to alloc_chrdev_region() fails, the already allocated resources are leaking. Add the needed error handling path to fix the leak. In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix the error handling path in idxd_cdev_register() If a call to alloc_chrdev_region() fails, the already allocated resources are leaking. Add the need... • https://git.kernel.org/stable/c/42d279f9137ab7d5503836baec2739284b278d8f •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49421 – video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
https://notcve.org/view.php?id=CVE-2022-49421
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup of_parse_phandle() returns a node pointer with refcount incremented, we ... • https://git.kernel.org/stable/c/d10715be03bd8bad59ddc50236cb140c3bd73c7b •