CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49206 – RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
https://notcve.org/view.php?id=CVE-2022-49206
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in error flow for subscribe event routine In case the second xa_insert() fails, the obj_event is not released. Fix the error unwind flow to free that memory to avoid a memory leak. • https://git.kernel.org/stable/c/7597385371425febdaa8c6a1da3625d4ffff16f5 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49205 – bpf, sockmap: Fix double uncharge the mem of sk_msg
https://notcve.org/view.php?id=CVE-2022-49205
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix double uncharge the mem of sk_msg If tcp_bpf_sendmsg is running during a tear down operation, psock may be freed. tcp_bpf_sendmsg() tcp_bpf_send_verdict() sk_msg_return() tcp_bpf_sendmsg_redir() unlikely(!psock)) sk_msg_free() The mem of msg has been uncharged in tcp_bpf_send_verdict() by sk_msg_return(), and would be uncharged by sk_msg_free() again. When psock is null, we can simply returning an error code, this would th... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49204 – bpf, sockmap: Fix more uncharged while msg has more_data
https://notcve.org/view.php?id=CVE-2022-49204
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix more uncharged while msg has more_data In tcp_bpf_send_verdict(), if msg has more data after tcp_bpf_sendmsg_redir(): tcp_bpf_send_verdict() tosend = msg->sg.size //msg->sg.size = 22220 case __SK_REDIRECT: sk_msg_return() //uncharged msg->sg.size(22220) sk->sk_forward_alloc tcp_bpf_sendmsg_redir() //after tcp_bpf_sendmsg_redir, msg->sg.size=11000 goto more_data; tosend = msg->sg.size //msg->sg.size = 11000 case __SK_REDIRE... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49201 – ibmvnic: fix race between xmit and reset
https://notcve.org/view.php?id=CVE-2022-49201
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnic_xmit() accessing an scrq after it has been freed in the reset path. It can result in a crash like: Kernel attempted to read user page (0) - exploit attempt? (uid: 0) BUG: Kernel NULL pointer dereference on read at 0x00000000 Faulting instruction address: 0xc0080000016189f8 Oops: Kernel access of bad area, sig: 11 [#1] ... N... • https://git.kernel.org/stable/c/7ed5b31f4a6695a21f617df07646e9b15c6c1d29 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49200 – Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
https://notcve.org/view.php?id=CVE-2022-49200
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt Fix the following kernel oops in btmtksdio_interrrupt [ 14.339134] btmtksdio_interrupt+0x28/0x54 [ 14.339139] process_sdio_pending_irqs+0x68/0x1a0 [ 14.339144] sdio_irq_work+0x40/0x70 [ 14.339154] process_one_work+0x184/0x39c [ 14.339160] worker_thread+0x228/0x3e8 [ 14.339168] kthread+0x148/0x3ac [ 14.339176] ret_from_fork+0x10/0x30 That happened because hdev->power_on is already ... • https://git.kernel.org/stable/c/9aebfd4a2200ab8075e44379c758bccefdc589bb •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49197 – af_netlink: Fix shift out of bounds in group mask calculation
https://notcve.org/view.php?id=CVE-2022-49197
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: af_netlink: Fix shift out of bounds in group mask calculation When a netlink message is received, netlink_recvmsg() fills in the address of the sender. One of the fields is the 32-bit bitfield nl_groups, which carries the multicast group on which the message was received. The least significant bit corresponds to group 1, and therefore the highest group that the field can represent is 32. Above that, the UB sanitizer flags the out-of-bounds ... • https://git.kernel.org/stable/c/f7fa9b10edbb9391bdd4ec8e8b3d621d0664b198 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49196 – powerpc/pseries: Fix use after free in remove_phb_dynamic()
https://notcve.org/view.php?id=CVE-2022-49196
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix use after free in remove_phb_dynamic() In remove_phb_dynamic() we use &phb->io_resource, after we've called device_unregister(&host_bridge->dev). But the unregister may have freed phb, because pcibios_free_controller_deferred() is the release function for the host_bridge. If there are no outstanding references when we call device_unregister() then phb will be freed out from under us. This has gone mainly unnoticed, but ... • https://git.kernel.org/stable/c/2dd9c11b9d4dfbd6c070eab7b81197f65e82f1a0 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49194 – net: bcmgenet: Use stronger register read/writes to assure ordering
https://notcve.org/view.php?id=CVE-2022-49194
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Use stronger register read/writes to assure ordering GCC12 appears to be much smarter about its dependency tracking and is aware that the relaxed variants are just normal loads and stores and this is causing problems like: [ 210.074549] ------------[ cut here ]------------ [ 210.079223] NETDEV WATCHDOG: enabcm6e4ei0 (bcmgenet): transmit queue 1 timed out [ 210.086717] WARNING: CPU: 1 PID: 0 at net/sched/sch_generic.c:529 dev_... • https://git.kernel.org/stable/c/69d2ea9c798983c4a7157278ec84ff969d1cd8e8 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49191 – mxser: fix xmit_buf leak in activate when LSR == 0xff
https://notcve.org/view.php?id=CVE-2022-49191
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmit_buf leak in activate when LSR == 0xff When LSR is 0xff in ->activate() (rather unlike), we return an error. Provided ->shutdown() is not called when ->activate() fails, nothing actually frees the buffer in this case. Fix this by properly freeing the buffer in a designated label. We jump there also from the "!info->type" if now too. • https://git.kernel.org/stable/c/6769140d304731f0a3b177470a2adb4bacd9036b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49190 – kernel/resource: fix kfree() of bootmem memory again
https://notcve.org/view.php?id=CVE-2022-49190
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree() of bootmem memory again Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_resource(). And it's required to release the resource using free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case. • https://git.kernel.org/stable/c/ebff7d8f270d045338d9f4796014f4db429a17f9 •