CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49287 – tpm: fix reference counting for struct tpm_chip
https://notcve.org/view.php?id=CVE-2022-49287
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: fix reference counting for struct tpm_chip The following sequence of operations results in a refcount warning: 1. Open device /dev/tpmrm. 2. Remove module tpm_tis_spi. 3. Write a TPM command to the file descriptor opened at step 1. ------------[ cut here ]------------ WARNING: CPU: 3 PID: 1161 at lib/refcount.c:25 kobject_get+0xa0/0xa4 refcount_t: addition on 0; use-after-free. Modules linked in: tpm_tis_spi tpm_tis_core tpm mdio_bcm_u... • https://git.kernel.org/stable/c/8979b02aaf1d6de8d52cc143aa4da961ed32e5a2 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49286 – tpm: use try_get_ops() in tpm-space.c
https://notcve.org/view.php?id=CVE-2022-49286
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: use try_get_ops() in tpm-space.c As part of the series conversion to remove nested TPM operations: https://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/ exposure of the chip->tpm_mutex was removed from much of the upper level code. In this conversion, tpm2_del_space() was missed. This didn't matter much because it's usually called closely after a converted operation, so there's only a very tiny race window... • https://git.kernel.org/stable/c/5b1d2561a03e534064b51c50c774657833d3d2cf •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49285 – iio: accel: mma8452: use the correct logic to get mma8452_data
https://notcve.org/view.php?id=CVE-2022-49285
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: accel: mma8452: use the correct logic to get mma8452_data The original logic to get mma8452_data is wrong, the *dev point to the device belong to iio_dev. we can't use this dev to find the correct i2c_client. The original logic happen to work because it finally use dev->driver_data to get iio_dev. Here use the API to_i2c_client() is wrong and make reader confuse. To correct the logic, it should be like this struct mma8452_data *data = ... • https://git.kernel.org/stable/c/c3cdd6e48e35b7a02f28e301ef30a87ff3cd6527 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49284 – coresight: syscfg: Fix memleak on registration failure in cscfg_create_device
https://notcve.org/view.php?id=CVE-2022-49284
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fix memleak on registration failure in cscfg_create_device device_register() calls device_initialize(), according to doc of device_initialize: Use put_device() to give up your reference instead of freeing * @dev directly once you have called this function. To prevent potential memleak, use put_device() for error handling. • https://git.kernel.org/stable/c/85e2414c518a03a21dddd4bc88fec2723c5e1197 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49283 – firmware: sysfb: fix platform-device leak in error path
https://notcve.org/view.php?id=CVE-2022-49283
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: sysfb: fix platform-device leak in error path Make sure to free the platform device also in the unlikely event that registration fails. • https://git.kernel.org/stable/c/8633ef82f101c040427b57d4df7b706261420b94 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49282 – f2fs: quota: fix loop condition at f2fs_quota_sync()
https://notcve.org/view.php?id=CVE-2022-49282
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix loop condition at f2fs_quota_sync() cnt should be passed to sb_has_quota_active() instead of type to check active quota properly. Moreover, when the type is -1, the compiler with enough inline knowledge can discard sb_has_quota_active() check altogether, causing a NULL pointer dereference at the following inode_lock(dqopt->files[cnt]): [ 2.796010] Unable to handle kernel NULL pointer dereference at virtual address 000000000... • https://git.kernel.org/stable/c/a02982545e61020c23f411b073ba5171381138e4 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49281 – cifs: fix handlecache and multiuser
https://notcve.org/view.php?id=CVE-2022-49281
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their own handle for a cached directory. When we umount such a share we much make sure to release the pinned down dentry for each such tcon and not just the master tcon. Otherwise we will get nasty warnings on umount that dentries are still in use: [ 3459.590047] BUG: Dentry 00000000115c6f41{i=12000000019d95,n=/} still i... • https://git.kernel.org/stable/c/2fafbc198613823943c106d1ec9b516da692059f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49280 – NFSD: prevent underflow in nfssvc_decode_writeargs()
https://notcve.org/view.php?id=CVE-2022-49280
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvc_decode_writeargs() Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs() warn: no lower bound on 'args->len' Change the type to unsigned to prevent this issue. • https://git.kernel.org/stable/c/1a33e0de60feda402d05ac8a6cf409c19ea3e0b3 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49279 – NFSD: prevent integer overflow on 32 bit systems
https://notcve.org/view.php?id=CVE-2022-49279
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent integer overflow on 32 bit systems On a 32 bit system, the "len * sizeof(*p)" operation can have an integer overflow. • https://git.kernel.org/stable/c/3a2789e8ccb4a3e2a631f6817a2d3bb98b8c4fd8 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49278 – remoteproc: Fix count check in rproc_coredump_write()
https://notcve.org/view.php?id=CVE-2022-49278
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: Fix count check in rproc_coredump_write() Check count for 0, to avoid a potential underflow. Make the check the same as the one in rproc_recovery_write(). • https://git.kernel.org/stable/c/3afdc59e4390487f04f2435b7e8a6289984e0a1e •