CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49263 – brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
https://notcve.org/view.php?id=CVE-2022-49263
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path This avoids leaking memory if brcmf_chip_get_raminfo fails. Note that the CLM blob is released in the device remove path. • https://git.kernel.org/stable/c/82f93cf46d6007ffa003b2d4a2834563b6b84d21 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49262 – crypto: octeontx2 - remove CONFIG_DM_CRYPT check
https://notcve.org/view.php?id=CVE-2022-49262
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: octeontx2 - remove CONFIG_DM_CRYPT check No issues were found while using the driver with dm-crypt enabled. So CONFIG_DM_CRYPT check in the driver can be removed. This also fixes the NULL pointer dereference in driver release if CONFIG_DM_CRYPT is enabled. ... Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 ... Call trace: crypto_unregister_alg+0x68/0xfc crypto_unregister_skciphers+0x44/0x60 otx2... • https://git.kernel.org/stable/c/6f03f0e8b6c8a82d8e740ff3a87ed407ad423243 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49261 – drm/i915/gem: add missing boundary check in vm_access
https://notcve.org/view.php?id=CVE-2022-49261
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: add missing boundary check in vm_access A missing bounds check in vm_access() can lead to an out-of-bounds read or write in the adjacent memory area, since the len attribute is not validated before the memcpy later in the function, potentially hitting: [ 183.637831] BUG: unable to handle page fault for address: ffffc90000c86000 [ 183.637934] #PF: supervisor read access in kernel mode [ 183.637997] #PF: error_code(0x0000) - not... • https://git.kernel.org/stable/c/9f909e215fea0652023b9ed09d3d7bfe10386423 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49259 – block: don't delete queue kobject before its children
https://notcve.org/view.php?id=CVE-2022-49259
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't delete queue kobject before its children kobjects aren't supposed to be deleted before their child kobjects are deleted. Apparently this is usually benign; however, a WARN will be triggered if one of the child kobjects has a named attribute group: sysfs group 'modes' not found for kobject 'crypto' WARNING: CPU: 0 PID: 1 at fs/sysfs/group.c:278 sysfs_remove_group+0x72/0x80 ... Call Trace: sysfs_remove_groups+0x29/0x40 fs/sysfs/g... • https://git.kernel.org/stable/c/2c2086afc2b8b974fac32cb028e73dc27bfae442 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49258 – crypto: ccree - Fix use after free in cc_cipher_exit()
https://notcve.org/view.php?id=CVE-2022-49258
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cc_cipher_exit() kfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. But ctx_p->user.key is still used in the next line, which will lead to a use after free. We can call kfree_sensitive() after dev_dbg() to avoid the uaf. In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cc_cipher_exit() kfree_sensitive(ctx_p->user.key) will free the ct... • https://git.kernel.org/stable/c/63ee04c8b491ee148489347e7da9fbfd982ca2bb • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49257 – watch_queue: Fix NULL dereference in error cleanup
https://notcve.org/view.php?id=CVE-2022-49257
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: watch_queue: Fix NULL dereference in error cleanup In watch_queue_set_size(), the error cleanup code doesn't take account of the fact that __free_page() can't handle a NULL pointer when trying to free up buffer pages that did get allocated. Fix this by only calling __free_page() on the pages actually allocated. Without the fix, this can lead to something like the following: BUG: KASAN: null-ptr-deref in __free_pages+0x1f/0x1b0 mm/page_alloc... • https://git.kernel.org/stable/c/c73be61cede5882f9605a852414db559c0ebedfd •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49256 – watch_queue: Actually free the watch
https://notcve.org/view.php?id=CVE-2022-49256
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: watch_queue: Actually free the watch free_watch() does everything barring actually freeing the watch object. Fix this by adding the missing kfree. kmemleak produces a report something like the following. Note that as an address can be seen in the first word, the watch would appear to have gone through call_rcu(). BUG: memory leak unreferenced object 0xffff88810ce4a200 (size 96): comm "syz-executor352", pid 3605, jiffies 4294947473 (age 13.7... • https://git.kernel.org/stable/c/c73be61cede5882f9605a852414db559c0ebedfd •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49255 – f2fs: fix missing free nid in f2fs_handle_failed_inode
https://notcve.org/view.php?id=CVE-2022-49255
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fs_handle_failed_inode This patch fixes xfstests/generic/475 failure. [ 293.680694] F2FS-fs (dm-1): May loss orphan inode, run fsck to fix. [ 293.685358] Buffer I/O error on dev dm-1, logical block 8388592, async page read [ 293.691527] Buffer I/O error on dev dm-1, logical block 8388592, async page read [ 293.691764] sh (7615): drop_caches: 3 [ 293.691819] sh (7616): drop_caches: 3 [ 293.694017] Buffer I/O e... • https://git.kernel.org/stable/c/7735730d39d75e70476c1b01435b9b1f41637f0e •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49254 – media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats()
https://notcve.org/view.php?id=CVE-2022-49254
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() In cal_ctx_v4l2_init_formats(), devm_kzalloc() is assigned to ctx->active_fmt and there is a dereference of it after that, which could lead to NULL pointer dereference on failure of devm_kzalloc(). Fix this bug by adding a NULL check of ctx->active_fmt. This bug was found by a static analyzer. Builds with 'make allyesconfig' show no new warnings, and our stati... • https://git.kernel.org/stable/c/7168155002cf7aadbfaa14a28f037c880a214764 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49253 – media: usb: go7007: s2250-board: fix leak in probe()
https://notcve.org/view.php?id=CVE-2022-49253
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: usb: go7007: s2250-board: fix leak in probe() Call i2c_unregister_device(audio) on this error path. • https://git.kernel.org/stable/c/d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2 •