CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48967 – NFC: nci: Bounds check struct nfc_target arrays
https://notcve.org/view.php?id=CVE-2022-48967
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18) This appears to be a legitimate lack of bounds checking in nci_add_new_protocol(). Add the missing checks. In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_ta... • https://git.kernel.org/stable/c/019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5 •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48966 – net: mvneta: Prevent out of bounds read in mvneta_config_rss()
https://notcve.org/view.php?id=CVE-2022-48966
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkeding to ensure that it is not beyond the end of the cpu bitmap. In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes fr... • https://git.kernel.org/stable/c/cad5d847a093077b499a8b0bbfe6804b9226c03e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48965 – gpio/rockchip: fix refcount leak in rockchip_gpiolib_register()
https://notcve.org/view.php?id=CVE-2022-48965
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: gpio/rockchip: fix refcount leak in rockchip_gpiolib_register() The node returned by of_get_parent() with refcount incremented, of_node_put() needs be called when finish using it. So add it in the end of of_pinctrl_get(). In the Linux kernel, the following vulnerability has been resolved: gpio/rockchip: fix refcount leak in rockchip_gpiolib_register() The node returned by of_get_parent() with refcount incremented, of_node_put() needs be cal... • https://git.kernel.org/stable/c/936ee2675eee1faca0dcdfa79165c7990422e0fc •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48962 – net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
https://notcve.org/view.php?id=CVE-2022-48962
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-afte... • https://git.kernel.org/stable/c/542ae60af24f02e130e62cb3b7c23163a2350056 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48961 – net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
https://notcve.org/view.php?id=CVE-2022-48961
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix unbalanced fwnode reference count in mdio_device_release() There is warning report about of_node refcount leak while probing mdio device: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /spi/soc@0/mdio@710700c0/ethernet@4 In of_mdiobus_register_device(), we increase fwnode refcount by fwnode_handle_get() before associating the of_node w... • https://git.kernel.org/stable/c/a9049e0c513c4521dbfaa302af8ed08b3366b41f •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48960 – net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
https://notcve.org/view.php?id=CVE-2022-48960
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free... • https://git.kernel.org/stable/c/57c5bc9ad7d799e9507ba6e993398d2c55f03fab •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48959 – net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()
https://notcve.org/view.php?id=CVE-2022-48959
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() When dsa_devlink_region_create failed in sja1105_setup_devlink_regions(), priv->regions is not released. In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() When dsa_devlink_region_create failed in sja1105_setup_devlink_regions(), priv->regions is not released. • https://git.kernel.org/stable/c/bf425b82059e0b0752c0026353c1902112200837 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48958 – ethernet: aeroflex: fix potential skb leak in greth_init_rings()
https://notcve.org/view.php?id=CVE-2022-48958
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in greth_init_rings() The greth_init_rings() function won't free the newly allocated skb when dma_mapping_error() returns error, so add dev_kfree_skb() to fix it. Compile tested only. In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in greth_init_rings() The greth_init_rings() function won't free the newly allocated skb when dma_mapping_... • https://git.kernel.org/stable/c/d4c41139df6e74c6fff0cbac43e51cab782133be •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48957 – dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()
https://notcve.org/view.php?id=CVE-2022-48957
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() The cmd_buff needs to be freed when error happened in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove(). In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() The cmd_buff needs to be freed when error happened in dpaa2_... • https://git.kernel.org/stable/c/1110318d83e8011c4dfcb2f7dd343bcfb1623c5f •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48956 – ipv6: avoid use-after-free in ip6_fragment()
https://notcve.org/view.php?id=CVE-2022-48956
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot reported: BUG: KASAN: use-after-free in ip6_dst_idev include/net/ip6_fib.h:245 [inline] BUG: KASAN: use-after-free in ip6_fragment+0x2724/0x2770 net/ipv6/ip6_output.c:951 Read of size 8 at addr ffff88801d403e80 by task syz-executor.3/7618 CPU: 1 PID: 7618 Comm: ... • https://git.kernel.org/stable/c/1758fd4688eb92c796e75bdb1d256dc558ef9581 •