CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49024 – can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods
https://notcve.org/view.php?id=CVE-2022-49024
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods In m_can_pci_remove() and error handling path of m_can_pci_probe(), m_can_class_free_dev() should be called to free resource allocated by m_can_class_allocate_dev(), otherwise there will be memleak. In the Linux kernel, the following vulnerability has been resolved: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods In m_can_pci_remove() and... • https://git.kernel.org/stable/c/cab7ffc0324f053c8fb56c821cdd63dc0383270d •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49023 – wifi: cfg80211: fix buffer overflow in elem comparison
https://notcve.org/view.php?id=CVE-2022-49023
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. Since the element itself is already checked to fit, we only need to check the length. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. Since ... • https://git.kernel.org/stable/c/0b8fb8235be8be99a197e8d948fc0a2df8dc261a •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49022 – wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
https://notcve.org/view.php?id=CVE-2022-49022
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration Fix possible out-of-bound access in ieee80211_get_rate_duration routine as reported by the following UBSAN report: UBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47 index 15 is out of range for type 'u16 [12]' CPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic Hardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017 Wor... • https://git.kernel.org/stable/c/db3e1c40cf2f973fbdd52ae0b59a9472b1c04f4a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49021 – net: phy: fix null-ptr-deref while probe() failed
https://notcve.org/view.php?id=CVE-2022-49021
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe() failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 253 Comm: 507-spi-dm9051 Tainted: G B N 6.1.0-rc3+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:klist_put+0x2d/0xd0 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49020 – net/9p: Fix a potential socket leak in p9_socket_open
https://notcve.org/view.php?id=CVE-2022-49020
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix a potential socket leak in p9_socket_open Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). If the creation of p9_trans_fd fails, p9_fd_create_tcp() and p9_fd_create_unix() will return an error directly instead of releasing the cscoket, which will result in a socket leak. This patch adds sock_release() to fix the leak issue. In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix... • https://git.kernel.org/stable/c/6b18662e239a032f908b7f6e164bdf7e2e0a32c9 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49019 – net: ethernet: nixge: fix NULL dereference
https://notcve.org/view.php?id=CVE-2022-49019
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: nixge: fix NULL dereference In function nixge_hw_dma_bd_release() dereference of NULL pointer priv->rx_bd_v is possible for the case of its allocation failure in nixge_hw_dma_bd_init(). Move for() loop with priv->rx_bd_v dereference under the check for its validity. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: nixge: fix NU... • https://git.kernel.org/stable/c/492caffa8a1a405f661c111acabfe6b8b9645db8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49018 – mptcp: fix sleep in atomic at close time
https://notcve.org/view.php?id=CVE-2022-49018
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sleep in atomic at close time Matt reported a splat at msk close time: BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packetdrill preempt_count: 201, expected: 0 RCU nest depth: 0, expected: 0 4 locks held by packetdrill/155: #0: ffff888001536990 (&sb->s_type->i_mutex_key#6){+.+.}-{3:3}, at: __sock_release (net/socket.c:650) #1: fff... • https://git.kernel.org/stable/c/30e51b923e436b631e8d5b77fa5e318c6b066dc7 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49017 – tipc: re-fetch skb cb after tipc_msg_validate
https://notcve.org/view.php?id=CVE-2022-49017
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipc_msg_validate As the call trace shows, the original skb was freed in tipc_msg_validate(), and dereferencing the old skb cb would cause an use-after-free crash. BUG: KASAN: use-after-free in tipc_crypto_rcv_complete+0x1835/0x2240 [tipc] Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49016 – net: mdiobus: fix unbalanced node reference count
https://notcve.org/view.php?id=CVE-2022-49016
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mdiobus: fix unbalanced node reference count I got the following report while doing device(mscc-miim) load test with CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC enabled: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /spi/soc@0/mdio@7107009c/ethernet-phy@0 If the 'fwnode' is not an acpi node, the refcount is get in fwnode_mdiobus_phy_device_registe... • https://git.kernel.org/stable/c/bc1bee3b87ee48bd97ef7fd306445132ba2041b0 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49015 – net: hsr: Fix potential use-after-free
https://notcve.org/view.php?id=CVE-2022-49015
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netif_rx() which may free it, after calling this, dereferencing skb may trigger use-after-free. In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netif_rx() which may free it, after calling this, dereferencing skb may trigger use-after-free. • https://git.kernel.org/stable/c/f421436a591d34fa5279b54a96ac07d70250cc8d •