CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49009 – hwmon: (asus-ec-sensors) Add checks for devm_kcalloc
https://notcve.org/view.php?id=CVE-2022-49009
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference. In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference. • https://git.kernel.org/stable/c/d0ddfd241e5719d696bc0b081e260db69d368668 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49008 – can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down
https://notcve.org/view.php?id=CVE-2022-49008
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down In can327_feed_frame_to_netdev(), it did not free the skb when netdev is down, and all callers of can327_feed_frame_to_netdev() did not free allocated skb too. That would trigger skb leak. Fix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev is down. Not tested, just compiled. In the Linux kernel, the following vulnerability has been ... • https://git.kernel.org/stable/c/43da2f07622f41376c7ddab8f73dc2b1d3ab9715 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49007 – nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
https://notcve.org/view.php?id=CVE-2022-49007
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() Syzbot reported a null-ptr-deref bug: NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 3603 Comm: segctord Not tainted 6.1.0-rc2-syzk... • https://git.kernel.org/stable/c/2f2c59506ae39496588ceb8b88bdbdbaed895d63 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49006 – tracing: Free buffers when a used dynamic event is removed
https://notcve.org/view.php?id=CVE-2022-49006
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that is available (not currently used by other events). A type number is the identifier of the binary blobs in the tracing ring buffer (known as events) to map them to logic that can parse the binary blob. The issue is that if a dynamic event (like a kprobe event) is... • https://git.kernel.org/stable/c/77b44d1b7c28360910cdbd427fb62d485c08674c •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49005 – ASoC: ops: Fix bounds check for _sx controls
https://notcve.org/view.php?id=CVE-2022-49005
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Fix bounds check for _sx controls For _sx controls the semantics of the max field is not the usual one, max is the number of steps rather than the maximum value. This means that our check in snd_soc_put_volsw_sx() needs to just check against the maximum value. In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Fix bounds check for _sx controls For _sx controls the semantics of the max field is not the ... • https://git.kernel.org/stable/c/9e5c40b5706d8aae2cf70bd7e01f0b4575a642d0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49004 – riscv: Sync efi page table's kernel mappings before switching
https://notcve.org/view.php?id=CVE-2022-49004
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAP_STACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is allocated in a new PGD (one that was not present at the moment of the efi page table creation or not synced in a previous vmalloc fault), the kernel will take a trap when switching to the efi page table when the vmal... • https://git.kernel.org/stable/c/b91540d52a08b65eb6a2b09132e1bd54fa82754c •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49003 – nvme: fix SRCU protection of nvme_ns_head list
https://notcve.org/view.php?id=CVE-2022-49003
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme: fix SRCU protection of nvme_ns_head list Walking the nvme_ns_head siblings list is protected by the head's srcu in nvme_ns_head_submit_bio() but not nvme_mpath_revalidate_paths(). Removing namespaces from the list also fails to synchronize the srcu. Concurrent scan work can therefore cause use-after-frees. Hold the head's srcu lock in nvme_mpath_revalidate_paths() and synchronize with the srcu, not the global RCU, in nvme_ns_remove().... • https://git.kernel.org/stable/c/e7d65803e2bb5bc739548b67a5fc72c626cf7e3b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49002 – iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
https://notcve.org/view.php?id=CVE-2022-49002
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing... • https://git.kernel.org/stable/c/2e45528930388658603ea24d49cf52867b928d3e •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49001 – riscv: fix race when vmap stack overflow
https://notcve.org/view.php?id=CVE-2022-49001
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: fix race when vmap stack overflow Currently, when detecting vmap stack overflow, riscv firstly switches to the so called shadow stack, then use this shadow stack to call the get_overflow_stack() to get the overflow stack. However, there's a race here if two or more harts use the same shadow stack at the same time. To solve this race, we introduce spin_shadow_stack atomic var, which will be swap between its own address and 0 in atomic... • https://git.kernel.org/stable/c/31da94c25aea835ceac00575a9fd206c5a833fed •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49000 – iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
https://notcve.org/view.php?id=CVE-2022-49000
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix PCI device refcount leak in has_external_pci() for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pc... • https://git.kernel.org/stable/c/89a6079df791aeace2044ea93be1b397195824ec •