CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48959 – net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()
https://notcve.org/view.php?id=CVE-2022-48959
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() When dsa_devlink_region_create failed in sja1105_setup_devlink_regions(), priv->regions is not released. In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() When dsa_devlink_region_create failed in sja1105_setup_devlink_regions(), priv->regions is not released. • https://git.kernel.org/stable/c/bf425b82059e0b0752c0026353c1902112200837 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48958 – ethernet: aeroflex: fix potential skb leak in greth_init_rings()
https://notcve.org/view.php?id=CVE-2022-48958
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in greth_init_rings() The greth_init_rings() function won't free the newly allocated skb when dma_mapping_error() returns error, so add dev_kfree_skb() to fix it. Compile tested only. In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in greth_init_rings() The greth_init_rings() function won't free the newly allocated skb when dma_mappi... • https://git.kernel.org/stable/c/d4c41139df6e74c6fff0cbac43e51cab782133be •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48957 – dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()
https://notcve.org/view.php?id=CVE-2022-48957
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() The cmd_buff needs to be freed when error happened in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove(). In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() The cmd_buff needs to be freed when error happened in dpaa... • https://git.kernel.org/stable/c/1110318d83e8011c4dfcb2f7dd343bcfb1623c5f •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48956 – ipv6: avoid use-after-free in ip6_fragment()
https://notcve.org/view.php?id=CVE-2022-48956
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot reported: BUG: KASAN: use-after-free in ip6_dst_idev include/net/ip6_fib.h:245 [inline] BUG: KASAN: use-after-free in ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951 Read of size 8 at addr ffff88801d403e80 by task syz-executor.3/7618 CPU: 1 PID: 7618 ... • https://git.kernel.org/stable/c/1758fd4688eb92c796e75bdb1d256dc558ef9581 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48955 – net: thunderbolt: fix memory leak in tbnet_open()
https://notcve.org/view.php?id=CVE-2022-48955
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: thunderbolt: fix memory leak in tbnet_open() When tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in tb_xdomain_alloc_out_hopid() is not released. Add tb_xdomain_release_out_hopid() to the error path to release ida. In the Linux kernel, the following vulnerability has been resolved: net: thunderbolt: fix memory leak in tbnet_open() When tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in tb_xdomain_alloc_ou... • https://git.kernel.org/stable/c/180b0689425c6fb2b35e69a3316ee38371a782df •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48954 – s390/qeth: fix use-after-free in hsci
https://notcve.org/view.php?id=CVE-2022-48954
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix use-after-free in hsci KASAN found that addr was dereferenced after br2dev_event_work was freed. ================================================================== BUG: KASAN: use-after-free in qeth_l2_br2dev_worker+0x5ba/0x6b0 Read of size 1 at addr 00000000fdcea440 by task kworker/u760:4/540 CPU: 17 PID: 540 Comm: kworker/u760:4 Tainted: G E 6.1.0-20221128.rc7.git1.5aa3bed4ce83.300.fc36.s390x+kasan #1 Har... • https://git.kernel.org/stable/c/f7936b7b2663c99a096a5c432ba96ab1e91a6c0f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48953 – rtc: cmos: Fix event handler registration ordering issue
https://notcve.org/view.php?id=CVE-2022-48953
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpi_install_fixed_event_handler() enables the event automatically on success, it is incorrect to call it before the handler routine passed to it is ready to handle events. Unfortunately, the rtc-cmos driver does exactly the incorrect thing by calling cmos_wake_setup(), which passes rtc_handler() to acpi_install_fixed_event_handler(), before cmos_do_probe(), because rtc_han... • https://git.kernel.org/stable/c/a474aaedac99ba86e28ef6c912a7647c482db6dd •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48952 – PCI: mt7621: Add sentinel to quirks table
https://notcve.org/view.php?id=CVE-2022-48952
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: mt7621: Add sentinel to quirks table Current driver is missing a sentinel in the struct soc_device_attribute array, which causes an oops when assessed by the soc_device_match(mt7621_pcie_quirks_match) call. This was only exposed once the CONFIG_SOC_MT7621 mt7621 soc_dev_attr was fixed to register the SOC as a device, in: commit 7c18b64bba3b ("mips: ralink: mt7621: do not use kzalloc too early") Fix it by adding the required sentin... • https://git.kernel.org/stable/c/b483b4e4d3f6bfd5089b9e6dc9ba259879c6ce6f •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48951 – ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
https://notcve.org/view.php?id=CVE-2022-48951
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() The bounds checks in snd_soc_put_volsw_sx() are only being applied to the first channel, meaning it is possible to write out of bounds values to the second channel in stereo controls. Add appropriate checks. In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() The bounds checks in snd_soc... • https://git.kernel.org/stable/c/56288987843c3cb343e81e5fa51549cbaf541bd0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48950 – perf: Fix perf_pending_task() UaF
https://notcve.org/view.php?id=CVE-2022-48950
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: perf: Fix perf_pending_task() UaF Per syzbot it is possible for perf_pending_task() to run after the event is free()'d. There are two related but distinct cases: - the task_work was already queued before destroying the event; - destroying the event itself queues the task_work. The first cannot be solved using task_work_cancel() since perf_release() itself might be called from a task_work (____fput), which means the current->task_works... • https://git.kernel.org/stable/c/8bffa95ac19ff27c8261904f89d36c7fcf215d59 •