CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52918 – media: pci: cx23885: check cx23885_vdev_init() return
https://notcve.org/view.php?id=CVE-2023-52918
22 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwind if it is NULL. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulatio... • https://git.kernel.org/stable/c/8e31b096e2e1949bc8f0be019c9ae70d414404c6 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49033 – btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
https://notcve.org/view.php?id=CVE-2022-49033
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() Syzkaller reported BUG as follows: BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 Call Trace:
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49032 – iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
https://notcve.org/view.php?id=CVE-2022-49032
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr ffffffffc00e4658 by task cat/278 Call Trace: afe4404_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4404_channel_leds+0x18/0xffffffffffffe9c0 This issue can be reproduce by singe command: $ cat... • https://git.kernel.org/stable/c/b36e8257641a043764c62240316610c81e36376c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49031 – iio: health: afe4403: Fix oob read in afe4403_read_raw
https://notcve.org/view.php?id=CVE-2022-49031
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0 Read of size 4 at addr ffffffffc02ac638 by task cat/279 Call Trace: afe4403_read_raw iio_read_channel_info dev_attr_show The buggy address belongs to the variable: afe4403_channel_leds+0x18/0xffffffffffffe9e0 This issue can be reproduced by singe command: $ cat /sys/b... • https://git.kernel.org/stable/c/b36e8257641a043764c62240316610c81e36376c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49030 – libbpf: Handle size overflow for ringbuf mmap
https://notcve.org/view.php?id=CVE-2022-49030
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: libbpf: Handle size overflow for ringbuf mmap The maximum size of ringbuf is 2GB on x86-64 host, so 2 * max_entries will overflow u32 when mapping producer page and data pages. Only casting max_entries to size_t is not enough, because for 32-bits application on 64-bits kernel the size of read-only mmap region also could overflow size_t. So fixing it by casting the size of read-only mmap region into a __u64 and checking whether or not the... • https://git.kernel.org/stable/c/bf99c936f9478a05d51e9f101f90de70bee9a89c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49029 – hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
https://notcve.org/view.php?id=CVE-2022-49029
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will be freed, but data->list will not be removed from driver_data.bmc_data, then list traversal may cause UAF. Fix by removeing it from driver_data.bmc_data before free(). • https://git.kernel.org/stable/c/57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49028 – ixgbevf: Fix resource leak in ixgbevf_init_module()
https://notcve.org/view.php?id=CVE-2022-49028
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Add destroy_workqueue() in fail path to prevent the resource leak. Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak") • https://git.kernel.org/stable/c/40a13e2493c9882cb4d09054d81a5063cd1589a2 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49027 – iavf: Fix error handling in iavf_init_module()
https://notcve.org/view.php?id=CVE-2022-49027
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: iavf: Fix error handling in iavf_init_module() The iavf_init_module() won't destroy workqueue when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver() failed to prevent the resource leak. Similar to the handling of u132_hcd_init in commit f276e002793c ("usb: u132-hcd: fix resource leak") • https://git.kernel.org/stable/c/2803b16c10ea7eec170c485388f5f26ae30e92fe •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49026 – e100: Fix possible use after free in e100_xmit_prepare
https://notcve.org/view.php?id=CVE-2022-49026
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100_xmit_prepare In e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will resend the skb. But the skb is already freed, which will cause UAF bug when the upper layer resends the skb. Remove the harmful free. • https://git.kernel.org/stable/c/5e5d49422dfb035ca9e280cd61d434095c151272 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49025 – net/mlx5e: Fix use-after-free when reverting termination table
https://notcve.org/view.php?id=CVE-2022-49025
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second one or afterwards fails the driver reverts usage of term tables but doesn't reset the assignment in attr->dests[num_vport_dests].termtbl which case a use-after-free when releasing the rule. Fix by resetting the assignment of termtbl to null. • https://git.kernel.org/stable/c/10caabdaad5ace85577a453da97d1f8d3b944427 •