CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49215 – xsk: Fix race at socket teardown
https://notcve.org/view.php?id=CVE-2022-49215
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. The current xsk unbind code in xsk_unbind_dev() starts by setting xs->state to XSK_UNBOUND, sets xs->dev to NULL and then waits for any NAPI processing to terminate using synchronize_net(). After that, the release code starts to tear down the socket state and free allocated memory. BUG: kernel NULL pointer dereferen... • https://git.kernel.org/stable/c/42fddcc7c64b723a867c7b2f5f7505e244212f13 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49214 – powerpc/64s: Don't use DSISR for SLB faults
https://notcve.org/view.php?id=CVE-2022-49214
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Don't use DSISR for SLB faults Since commit 46ddcb3950a2 ("powerpc/mm: Show if a bad page fault on data is read or write.") we use page_fault_is_write(regs->dsisr) in __bad_page_fault() to determine if the fault is for a read or write, and change the message printed accordingly. But SLB faults, aka Data Segment Interrupts, don't set DSISR (Data Storage Interrupt Status Register) to a useful value. All ISA versions from v2.03 th... • https://git.kernel.org/stable/c/46ddcb3950a28c0df4815e8dbb8d4b91d5d9f22d •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49213 – ath10k: Fix error handling in ath10k_setup_msa_resources
https://notcve.org/view.php?id=CVE-2022-49213
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix error handling in ath10k_setup_msa_resources The device_node pointer is returned by of_parse_phandle() with refcount incremented. We should use of_node_put() on it when done. This function only calls of_node_put() in the regular path. And it will cause refcount leak in error path. • https://git.kernel.org/stable/c/727fec790ead3d75e2735f66209949c2163523ea •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49212 – mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
https://notcve.org/view.php?id=CVE-2022-49212
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init The reference counting issue happens in several error handling paths on a refcounted object "nc->dmac". In these paths, the function simply returns the error code, forgetting to balance the reference count of "nc->dmac", increased earlier by dma_request_channel(), which may cause refcount leaks. Fix it by decrementing the refcount of specific object in those error paths. • https://git.kernel.org/stable/c/f88fc122cc34c2545dec9562eaab121494e401ef •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49211 – mips: cdmm: Fix refcount leak in mips_cdmm_phys_base
https://notcve.org/view.php?id=CVE-2022-49211
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mips: cdmm: Fix refcount leak in mips_cdmm_phys_base The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it when done Add the missing of_node_put() to release the refcount. • https://git.kernel.org/stable/c/2121aa3e2312ccc1d6299154dc4f07a6ab8beee2 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49210 – MIPS: pgalloc: fix memory leak caused by pgd_free()
https://notcve.org/view.php?id=CVE-2022-49210
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: MIPS: pgalloc: fix memory leak caused by pgd_free() pgd page is freed by generic implementation pgd_free() since commit f9cb654cb550 ("asm-generic: pgalloc: provide generic pgd_free()"), however, there are scenarios that the system uses more than one page as the pgd table, in such cases the generic implementation pgd_free() won't be applicable anymore. For example, when PAGE_SIZE_4KB is enabled and MIPS_VA_BITS_48 is not enabled in a 64bit ... • https://git.kernel.org/stable/c/f9cb654cb550b7b87e8608b14fc3eca432429ffe •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49209 – bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
https://notcve.org/view.php?id=CVE-2022-49209
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full If tcp_bpf_sendmsg() is running while sk msg is full. When sk_msg_alloc() returns -ENOMEM error, tcp_bpf_sendmsg() goes to wait_for_memory. If partial memory has been alloced by sk_msg_alloc(), that is, msg_tx->sg.size is greater than osize after sk_msg_alloc(), memleak occurs. To fix we use sk_msg_trim() to release the allocated memory, then goto wait for memory. Other call ... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49208 – RDMA/irdma: Prevent some integer underflows
https://notcve.org/view.php?id=CVE-2022-49208
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Prevent some integer underflows My static checker complains that: drivers/infiniband/hw/irdma/ctrl.c:3605 irdma_sc_ceq_init() warn: can subtract underflow 'info->dev->hmc_fpm_misc.max_ceqs'? It appears that "info->dev->hmc_fpm_misc.max_ceqs" comes from the firmware in irdma_sc_parse_fpm_query_buf() so, yes, there is a chance that it could be zero. Even if we trust the firmware, it's easy enough to change the condition just as a ... • https://git.kernel.org/stable/c/3f49d684256963d3f27dfb9d9ff228e2255be78d •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49207 – bpf, sockmap: Fix memleak in sk_psock_queue_msg
https://notcve.org/view.php?id=CVE-2022-49207
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in sk_psock_queue_msg If tcp_bpf_sendmsg is running during a tear down operation we may enqueue data on the ingress msg queue while tear down is trying to free it. sk1 (redirect sk2) sk2 ------------------- --------------- tcp_bpf_sendmsg() tcp_bpf_send_verdict() tcp_bpf_sendmsg_redir() bpf_tcp_ingress() sock_map_close() lock_sock() lock_sock() ... blocking sk_psock_stop sk_psock_clear_state(psock, SK_PSOCK_TX_ENAB... • https://git.kernel.org/stable/c/9635720b7c88592214562cb72605bdab6708006c •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49206 – RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
https://notcve.org/view.php?id=CVE-2022-49206
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in error flow for subscribe event routine In case the second xa_insert() fails, the obj_event is not released. Fix the error unwind flow to free that memory to avoid a memory leak. • https://git.kernel.org/stable/c/7597385371425febdaa8c6a1da3625d4ffff16f5 •