CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49232 – drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
https://notcve.org/view.php?id=CVE-2022-49232
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() In amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode() is assigned to mode and is passed to drm_mode_probed_add() directly after that. drm_mode_probed_add() passes &mode->head to list_add_tail(), and there is a dereference of it in list_add_tail() without recoveries, which could lead to NULL pointer dereference on failure of amdgpu_d... • https://git.kernel.org/stable/c/e7b07ceef2a650e5ed8ca37997689e086c680daf •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49226 – net: asix: add proper error handling of usb read errors
https://notcve.org/view.php?id=CVE-2022-49226
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asix_read_cmd() reads less bytes, than was requested by caller. Since all read requests are performed via asix_read_cmd() let's catch usb related error there and add __must_check notation to be sure all callers actually check return value. So, this patch adds sanity check inside asix_read_cmd(), that simpl... • https://git.kernel.org/stable/c/d9fe64e511144c1ee7d7555b4111f09dde9692ef •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49224 – power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
https://notcve.org/view.php?id=CVE-2022-49224
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add(): If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Fix memory leak by calling kobject_put(). • https://git.kernel.org/stable/c/8c0984e5a75337df513047ec92a6c09d78e3e5cd •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49220 – dax: make sure inodes are flushed before destroy cache
https://notcve.org/view.php?id=CVE-2022-49220
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dax: make sure inodes are flushed before destroy cache A bug can be triggered by following command $ modprobe nd_pmem && modprobe -r nd_pmem [ 10.060014] BUG dax_cache (Not tainted): Objects remaining in dax_cache on __kmem_cache_shutdown() [ 10.060938] Slab 0x0000000085b729ac objects=9 used=1 fp=0x000000004f5ae469 flags=0x200000000010200(slab|head|node) [ 10.062433] Call Trace: [ 10.062673] dump_stack_lvl+0x34/0x44 [ 10.062865] slab_err+0x... • https://git.kernel.org/stable/c/7b6be8444e0f0dd675b54d059793423d3c9b4c03 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49219 – vfio/pci: fix memory leak during D3hot to D0 transition
https://notcve.org/view.php?id=CVE-2022-49219
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix memory leak during D3hot to D0 transition If 'vfio_pci_core_device::needs_pm_restore' is set (PCI device does not have No_Soft_Reset bit set in its PMCSR config register), then the current PCI state will be saved locally in 'vfio_pci_core_device::pm_save' during D0->D3hot transition and same will be restored back during D3hot->D0 transition. For saving the PCI state locally, pci_store_saved_state() is being used and the pci_lo... • https://git.kernel.org/stable/c/51ef3a004b1eb6241e56b3aa8495769a092a4dc2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49217 – scsi: pm8001: Fix abort all task initialization
https://notcve.org/view.php?id=CVE-2022-49217
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xx_send_abort_all(), the n_elem field of the ccb used is not initialized to 0. This missing initialization sometimes lead to the task completion path seeing the ccb with a non-zero n_elem resulting in the execution of invalid dma_unmap_sg() calls in pm8001_ccb_task_free(), causing a crash such as: [ 197.676341] RIP: 0010:iommu_dma_unmap_sg+0x6d/0x280 [ 197.700204] RSP: 0018:ffff889bbcf8... • https://git.kernel.org/stable/c/c6b9ef5779c3e1edfa9de949d2a51252bc347663 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49216 – drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
https://notcve.org/view.php?id=CVE-2022-49216
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Fix reference leak in tegra_dsi_ganged_probe The reference taken by 'of_find_device_by_node()' must be released when not needed anymore. Add put_device() call to fix this. • https://git.kernel.org/stable/c/e94236cde4d519cdecd45e2435defba33abdc99f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49215 – xsk: Fix race at socket teardown
https://notcve.org/view.php?id=CVE-2022-49215
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. The current xsk unbind code in xsk_unbind_dev() starts by setting xs->state to XSK_UNBOUND, sets xs->dev to NULL and then waits for any NAPI processing to terminate using synchronize_net(). After that, the release code starts to tear down the socket state and free allocated memory. BUG: kernel NULL pointer dereferen... • https://git.kernel.org/stable/c/42fddcc7c64b723a867c7b2f5f7505e244212f13 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49212 – mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
https://notcve.org/view.php?id=CVE-2022-49212
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init The reference counting issue happens in several error handling paths on a refcounted object "nc->dmac". In these paths, the function simply returns the error code, forgetting to balance the reference count of "nc->dmac", increased earlier by dma_request_channel(), which may cause refcount leaks. Fix it by decrementing the refcount of specific object in those error paths. • https://git.kernel.org/stable/c/f88fc122cc34c2545dec9562eaab121494e401ef •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49209 – bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
https://notcve.org/view.php?id=CVE-2022-49209
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full If tcp_bpf_sendmsg() is running while sk msg is full. When sk_msg_alloc() returns -ENOMEM error, tcp_bpf_sendmsg() goes to wait_for_memory. If partial memory has been alloced by sk_msg_alloc(), that is, msg_tx->sg.size is greater than osize after sk_msg_alloc(), memleak occurs. To fix we use sk_msg_trim() to release the allocated memory, then goto wait for memory. Other call ... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •