CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49396 – phy: qcom-qmp: fix reset-controller leak on probe errors
https://notcve.org/view.php?id=CVE-2022-49396
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to release the lane reset controller in case of a late probe error (e.g. probe deferral). Note that due to the reset controller being defined in devicetree in "lane" child nodes, devm_reset_control_get_exclusive() cannot be used directly. In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to ... • https://git.kernel.org/stable/c/e78f3d15e115e8e764d4b1562b4fa538f2e22f6b •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49395 – um: Fix out-of-bounds read in LDT setup
https://notcve.org/view.php?id=CVE-2022-49395
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number of longs, not bytes. ================================================================== BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x70/0xe0 Read of size 128 at addr 000000006411f6f0 by task swapper/1 CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0+ #18 Call Trace: show_stack.cold+0x166/0x2a7 __dump_stack+0x3a/0x43 dump_sta... • https://git.kernel.org/stable/c/858259cf7d1c443c836a2022b78cb281f0a9b95e •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49394 – blk-iolatency: Fix inflight count imbalances and IO hangs on offline
https://notcve.org/view.php?id=CVE-2022-49394
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per cgroup. As this tracking can be expensive, it is disabled when no cgroup has iolatency configured for the device. To ensure that the inflight counters stay balanced, iolatency_set_limit() freezes the request_queue while manipulating the enabled counter, which ensures that no IO is in flight and thus all counters are z... • https://git.kernel.org/stable/c/6d482bc5697763eb1214f207286daa201b32d20a •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49393 – misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl
https://notcve.org/view.php?id=CVE-2022-49393
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl This is another instance of incorrect use of list iterator and checking it for NULL. The list iterator value 'map' will *always* be set and non-NULL by list_for_each_entry(), so it is incorrect to assume that the iterator value will be NULL if the list is empty (in this case, the check 'if (!map) {' will always be false and never exit as expected). To fix the bug, use a new vari... • https://git.kernel.org/stable/c/5c1b97c7d7b736e6439af4f43a65837bc72f56c1 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49392 – serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe
https://notcve.org/view.php?id=CVE-2022-49392
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe platform_get_resource() may fail and return NULL, so we should better check it's return value to avoid a NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe platform_get_resource() may fail and return NULL, so we should better check it's retu... • https://git.kernel.org/stable/c/54da3e381c2b55289b220601f403f17df7b20597 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49391 – remoteproc: mtk_scp: Fix a potential double free
https://notcve.org/view.php?id=CVE-2022-49391
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: mtk_scp: Fix a potential double free 'scp->rproc' is allocated using devm_rproc_alloc(), so there is no need to free it explicitly in the remove function. In the Linux kernel, the following vulnerability has been resolved: remoteproc: mtk_scp: Fix a potential double free 'scp->rproc' is allocated using devm_rproc_alloc(), so there is no need to free it explicitly in the remove function. • https://git.kernel.org/stable/c/c1407ac1099ab9726c31d38d806f3150f494c494 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49390 – macsec: fix UAF bug for real_dev
https://notcve.org/view.php?id=CVE-2022-49390
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev Create a new macsec device but not get reference to real_dev. That can not ensure that real_dev is freed after macsec. That will trigger the UAF bug for real_dev as following: ================================================================== BUG: KASAN: use-after-free in macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662 Call Trace: ... macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662 dev_get_iflink... • https://git.kernel.org/stable/c/2bce1ebed17da54c65042ec2b962e3234bad5b47 • CWE-416: Use After Free •
CVSS: 5.6EPSS: 0%CPEs: 11EXPL: 0CVE-2022-49389 – usb: usbip: fix a refcount leak in stub_probe()
https://notcve.org/view.php?id=CVE-2022-49389
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails after that, usb_put_dev() needs to be called to release the reference. Fix this by moving usb_put_dev() to sdev_free error path handling. Find this by code review. In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc... • https://git.kernel.org/stable/c/3ff67445750a84de67faaf52c6e1895cb09f2c56 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49388 – ubi: ubi_create_volume: Fix use-after-free when volume creation failed
https://notcve.org/view.php?id=CVE-2022-49388
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ubi: ubi_create_volume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'eba_tbl' in ubi_create_volume()'s error handling path: ubi_eba_replace_table(vol, eba_tbl) vol->eba_tbl = tbl out_mapping: ubi_eba_destroy_table(eba_tbl) // Free 'eba_tbl' out_unlock: put_device(&vol->dev) vol_release kfree(tbl->entries) // UAF Fix it by removing redundant 'eba_tbl' releasing. Fetch a reproducer in [Link]. In the L... • https://git.kernel.org/stable/c/493cfaeaa0c9bc0c79ce5751193d49fdac9aaaec • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49387 – watchdog: rzg2l_wdt: Fix 32bit overflow issue
https://notcve.org/view.php?id=CVE-2022-49387
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2l_wdt: Fix 32bit overflow issue The value of timer_cycle_us can be 0 due to 32bit overflow. For eg:- If we assign the counter value "0xfff" for computing maxval. This patch fixes this issue by appending ULL to 1024, so that it is promoted to 64bit. This patch also fixes the warning message, 'watchdog: Invalid min and max timeout values, resetting to 0!'. In the Linux kernel, the following vulnerability has been resolved: watch... • https://git.kernel.org/stable/c/2cbc5cd0b55fa2310cc557c77b0665f5e00272de •