CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48972 – mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
https://notcve.org/view.php?id=CVE-2022-48972
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114 Call Trace:
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48971 – Bluetooth: Fix not cleanup led when bt_init fails
https://notcve.org/view.php?id=CVE-2022-48971
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix not cleanup led when bt_init fails bt_init() calls bt_leds_init() to register led, but if it fails later, bt_leds_cleanup() is not called to unregister it. This can cause panic if the argument "bluetooth-power" in text is freed and then another led_trigger_register() tries to access it: BUG: unable to handle page fault for address: ffffffffc06d3bc0 RIP: 0010:strcmp+0xc/0x30 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48970 – af_unix: Get user_ns from in_skb in unix_diag_get_exact().
https://notcve.org/view.php?id=CVE-2022-48970
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Get user_ns from in_skb in unix_diag_get_exact(). Wei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed the root cause: in unix_diag_get_exact(), the newly allocated skb does not have sk. [2] We must get the user_ns from the NETLINK_CB(in_skb).sk and pass it to sk_diag_fill(). [0]: BUG: kernel NULL pointer dereference, address: 0000000000000270 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) ... • https://git.kernel.org/stable/c/cae9910e73446cac68a54e3a7b02aaa12b689026 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48969 – xen-netfront: Fix NULL sring after live migration
https://notcve.org/view.php?id=CVE-2022-48969
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Fix NULL sring after live migration A NAPI is setup for each network sring to poll data to kernel The sring with source host is destroyed before live migration and new sring with target host is setup after live migration. The NAPI for the old sring is not deleted until setup new sring with target host after migration. With busy_poll/busy_read enabled, the NAPI can be polled before got deleted when resume VM. BUG: unable to han... • https://git.kernel.org/stable/c/4ec2411980d0fd2995e8dea8a06fe57aa47523cb •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48968 – octeontx2-pf: Fix potential memory leak in otx2_init_tc()
https://notcve.org/view.php?id=CVE-2022-48968
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential memory leak in otx2_init_tc() In otx2_init_tc(), if rhashtable_init() failed, it does not free tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_ent_bitmap(). In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential memory leak in otx2_init_tc() In otx2_init_tc(), if rhashtable_init() failed, it does not free tc->tc_entries_bitmap which is allocated in otx2_tc_alloc_... • https://git.kernel.org/stable/c/2e2a8126ffac66b9b177ce78ad430281c0c8cc74 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48967 – NFC: nci: Bounds check struct nfc_target arrays
https://notcve.org/view.php?id=CVE-2022-48967
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18) This appears to be a legitimate lack of bounds checking in nci_add_new_protocol(). Add the missing checks. In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_ta... • https://git.kernel.org/stable/c/019c4fbaa790e2b3f11dab0c8b7d9896d77db3e5 •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48966 – net: mvneta: Prevent out of bounds read in mvneta_config_rss()
https://notcve.org/view.php?id=CVE-2022-48966
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkeding to ensure that it is not beyond the end of the cpu bitmap. In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes fr... • https://git.kernel.org/stable/c/cad5d847a093077b499a8b0bbfe6804b9226c03e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48965 – gpio/rockchip: fix refcount leak in rockchip_gpiolib_register()
https://notcve.org/view.php?id=CVE-2022-48965
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: gpio/rockchip: fix refcount leak in rockchip_gpiolib_register() The node returned by of_get_parent() with refcount incremented, of_node_put() needs be called when finish using it. So add it in the end of of_pinctrl_get(). In the Linux kernel, the following vulnerability has been resolved: gpio/rockchip: fix refcount leak in rockchip_gpiolib_register() The node returned by of_get_parent() with refcount incremented, of_node_put() needs be cal... • https://git.kernel.org/stable/c/936ee2675eee1faca0dcdfa79165c7990422e0fc •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48964 – ravb: Fix potential use-after-free in ravb_rx_gbeth()
https://notcve.org/view.php?id=CVE-2022-48964
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ravb: Fix potential use-after-free in ravb_rx_gbeth() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. In the Linux kernel, the following vulnerability has been resolved: ravb: Fix potential use-after-free in ravb_rx_gbeth() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. • https://git.kernel.org/stable/c/1c59eb678cbd8d322d06d3a5514d36e8e1a4e84c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48963 – net: wwan: iosm: fix memory leak in ipc_mux_init()
https://notcve.org/view.php?id=CVE-2022-48963
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_mux_init() When failed to alloc ipc_mux->ul_adb.pp_qlt in ipc_mux_init(), ipc_mux is not released. In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_mux_init() When failed to alloc ipc_mux->ul_adb.pp_qlt in ipc_mux_init(), ipc_mux is not released. • https://git.kernel.org/stable/c/1f52d7b622854b8bd7a1be3de095ca2e1f77098e •