CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49958 – net/sched: fix netdevice reference leaks in attach_default_qdiscs()
https://notcve.org/view.php?id=CVE-2022-49958
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: fix netdevice reference leaks in attach_default_qdiscs() In attach_default_qdiscs(), if a dev has multiple queues and queue 0 fails to attach qdisc because there is no memory in attach_one_default_qdisc(). Then dev->qdisc will be noop_qdisc by default. But the other queues may be able to successfully attach to default qdisc. In this case, the fallback to noqueue process will be triggered. If the original attached qdisc is not rel... • https://git.kernel.org/stable/c/bf6dba76d278d296b385b436d3ac7de56c190d44 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-49957 – kcm: fix strp_init() order and cleanup
https://notcve.org/view.php?id=CVE-2022-49957
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: kcm: fix strp_init() order and cleanup strp_init() is called just a few lines above this csk->sk_user_data check, it also initializes strp->work etc., therefore, it is unnecessary to call strp_done() to cancel the freshly initialized work. And if sk_user_data is already used by KCM, psock->strp should not be touched, particularly strp->work state, so we need to move strp_init() after the csk->sk_user_data check. This also makes a lockdep wa... • https://git.kernel.org/stable/c/44890e9ff771ef11777b2d1ebf8589255eb12502 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49956 – staging: rtl8712: fix use after free bugs
https://notcve.org/view.php?id=CVE-2022-49956
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl() functions don't do anything except free the "pcmd" pointer. It results in a use after free. Delete them. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl() functions don't do anything except free the "pcmd... • https://git.kernel.org/stable/c/2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49955 – powerpc/rtas: Fix RTAS MSR[HV] handling for Cell
https://notcve.org/view.php?id=CVE-2022-49955
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Fix RTAS MSR[HV] handling for Cell The semi-recent changes to MSR handling when entering RTAS (firmware) cause crashes on IBM Cell machines. An example trace: kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0) BUG: Unable to handle kernel instruction fetch Faulting instruction address: 0x2fff01a8 Oops: Kernel access of bad area, sig: 11 [#1] BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell Modules linked... • https://git.kernel.org/stable/c/b6b1c3ce06ca438eb24e0f45bf0e63ecad0369f5 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49954 – Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
https://notcve.org/view.php?id=CVE-2022-49954
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], for iforce_close() waiting at wait_event_interruptible() with dev->mutex held is blocking input_disconnect_device() from __input_unregister_device(). It seems that the cause is simply that commit c2b27ef672992a20 ("Input: iforce - wait for command completion when closing the device") forgot to call wake_up() afte... • https://git.kernel.org/stable/c/c2b27ef672992a206e5b221b8676972dd840ffa5 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49953 – iio: light: cm3605: Fix an error handling path in cm3605_probe()
https://notcve.org/view.php?id=CVE-2022-49953
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: cm3605: Fix an error handling path in cm3605_probe() The commit in Fixes also introduced a new error handling path which should goto the existing error handling path. Otherwise some resources leak. In the Linux kernel, the following vulnerability has been resolved: iio: light: cm3605: Fix an error handling path in cm3605_probe() The commit in Fixes also introduced a new error handling path which should goto the existing error ha... • https://git.kernel.org/stable/c/0d31d91e614505803a0788b92f9f1a83178d8a9a •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49952 – misc: fastrpc: fix memory corruption on probe
https://notcve.org/view.php?id=CVE-2022-49952
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the probed-session count to avoid corrupting memory beyond the fixed-size slab-allocated session array when there are more than FASTRPC_MAX_SESSIONS sessions defined in the devicetree. In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the probed-session count to avoid c... • https://git.kernel.org/stable/c/f6f9279f2bf0e37e2f1fb119d8832b8568536a04 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49951 – firmware_loader: Fix use-after-free during unregister
https://notcve.org/view.php?id=CVE-2022-49951
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call to device_unregister() could result in the dev_release function freeing the fw_upload_priv structure before it is dereferenced for the call to module_put(). This bug was found by the kernel test robot using CONFIG_KASAN while running the firmware selftests. device_unregister(&fw_sysfs->dev); module_put(fw_upload_priv->mo... • https://git.kernel.org/stable/c/97730bbb242cde22b7140acd202ffd88823886c9 •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49950 – misc: fastrpc: fix memory corruption on open
https://notcve.org/view.php?id=CVE-2022-49950
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The probe session-duplication overflow check incremented the session count also when there were no more available sessions so that memory beyond the fixed-size slab-allocated session array could be corrupted in fastrpc_session_alloc() on open(). In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The probe session-duplication overflow c... • https://git.kernel.org/stable/c/f6f9279f2bf0e37e2f1fb119d8832b8568536a04 •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49949 – firmware_loader: Fix memory leak in firmware upload
https://notcve.org/view.php?id=CVE-2022-49949
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fw_upload is allocated in firmware_upload_register(). This data needs to be freed in fw_dev_release(). Create a new fw_upload_free() function in sysfs_upload.c to handle the firmware-upload specific memory frees and incorporate the missing kfree call for the fw_upload structure. In the Linux kernel, the following vulnerability has been ... • https://git.kernel.org/stable/c/97730bbb242cde22b7140acd202ffd88823886c9 •