CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49046 – i2c: dev: check return value when calling dev_set_name()
https://notcve.org/view.php?id=CVE-2022-49046
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: dev: check return value when calling dev_set_name() If dev_set_name() fails, the dev_name() is null, check the return value of dev_set_name() to avoid the null-ptr-deref. • https://git.kernel.org/stable/c/1413ef638abae4ab5621901cf4d8ef08a4a48ba6 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49045 – ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
https://notcve.org/view.php?id=CVE-2022-49045
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Test for "silence" field in struct "pcm_format_data" Syzbot reports "KASAN: null-ptr-deref Write in snd_pcm_format_set_silence".[1] It is due to missing validation of the "silence" field of struct "pcm_format_data" in "pcm_formats" array. Add a test for valid "pat" and, if it is not so, return -EINVAL. [1] https://lore.kernel.org/lkml/000000000000d188ef05dc2c7279@google.com/ • https://git.kernel.org/stable/c/77af45df08768401602472f3e3879dce14f55497 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49044 – dm integrity: fix memory corruption when tag_size is less than digest size
https://notcve.org/view.php?id=CVE-2022-49044
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tag_size is less than digest size It is possible to set up dm-integrity in such a way that the "tag_size" parameter is less than the actual digest size. In this situation, a part of the digest beyond tag_size is ignored. In this case, dm-integrity would write beyond the end of the ic->recalc_tags array and corrupt memory. The corruption happened in integrity_recalc->integrity_sector_checksum->crypto_... • https://git.kernel.org/stable/c/6a95d91c0b315c965198f6ab7dec7c94129e17e0 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2021-47656 – jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
https://notcve.org/view.php?id=CVE-2021-47656
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: fix use-after-free in jffs2_clear_xattr_subsystem When we mount a jffs2 image, assume that the first few blocks of the image are normal and contain at least one xattr-related inode, but the next block is abnormal. As a result, an error is returned in jffs2_scan_eraseblock(). jffs2_clear_xattr_subsystem() is then called in jffs2_build_filesystem() and then again in jffs2_do_fill_super(). Finally we can observe the following report: ==... • https://git.kernel.org/stable/c/aa98d7cf59b5b0764d3502662053489585faf2fe •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2021-47654 – samples/landlock: Fix path_list memory leak
https://notcve.org/view.php?id=CVE-2021-47654
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fix path_list memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memory pointed to by 'path_list' ret = 0; ^ path_list is allocated in parse_path() but never freed. • https://git.kernel.org/stable/c/20fbf100f84b9aeb9c91421abe1927bc152bc32b •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2021-47653 – media: davinci: vpif: fix use-after-free on driver unbind
https://notcve.org/view.php?id=CVE-2021-47653
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: davinci: vpif: fix use-after-free on driver unbind The driver allocates and registers two platform device structures during probe, but the devices were never deregistered on driver unbind. This results in a use-after-free on driver unbind as the device structures were allocated using devres and would be freed by driver core when remove() returns. Fix this by adding the missing deregistration calls to the remove() callback and failing... • https://git.kernel.org/stable/c/479f7a1181058689435baddc16a6a42e1a8ff0e8 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2021-47652 – video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
https://notcve.org/view.php?id=CVE-2021-47652
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() I got a null-ptr-deref report: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:fb_destroy_modelist+0x38/0x100 ... Call Trace: ufx_usb_probe.cold+0x2b5/0xac1 [smscufx] usb_probe_interface+0x1aa/0x3c0 [usbcore] really_probe+0x167/0x460 ... ret_from_fork+0x1f/0x30 If fb_alloc_cmap() fails in ufx_usb_probe(), fb_destroy_modelist() will be called to destro... • https://git.kernel.org/stable/c/3c8a63e22a0802fd56380f6ab305b419f18eb6f5 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2021-47651 – soc: qcom: rpmpd: Check for null return of devm_kcalloc
https://notcve.org/view.php?id=CVE-2021-47651
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: rpmpd: Check for null return of devm_kcalloc Because of the possible failure of the allocation, data->domains might be NULL pointer and will cause the dereference of the NULL pointer later. Therefore, it might be better to check it and directly return -ENOMEM without releasing data manually if fails, because the comment of the devm_kmalloc() says "Memory allocated with this function is automatically freed on driver detach.". • https://git.kernel.org/stable/c/bbe3a66c3f5a65fb3d702351bac2a6033944d389 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2021-47650 – ASoC: soc-compress: prevent the potentially use of null pointer
https://notcve.org/view.php?id=CVE-2021-47650
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: prevent the potentially use of null pointer There is one call trace that snd_soc_register_card() ->snd_soc_bind_card()->soc_init_pcm_runtime() ->snd_soc_dai_compress_new()->snd_soc_new_compress(). In the trace the 'codec_dai' transfers from card->dai_link, and we can see from the snd_soc_add_pcm_runtime() in snd_soc_bind_card() that, if value of card->dai_link->num_codecs is 0, then 'codec_dai' could be null pointer caus... • https://git.kernel.org/stable/c/467fece8fbc6774a3a3bd0981e1a342fb5022706 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2021-47649 – udmabuf: validate ubuf->pagecount
https://notcve.org/view.php?id=CVE-2021-47649
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf->pagecount Syzbot has reported GPF in sg_alloc_append_table_from_pages(). The problem was in ubuf->pages == ZERO_PTR. ubuf->pagecount is calculated from arguments passed from user-space. If user creates udmabuf with list.size == 0 then ubuf->pagecount will be also equal to zero; it causes kmalloc_array() to return ZERO_PTR. Fix it by validating ubuf->pagecount before passing it to kmalloc_array(). • https://git.kernel.org/stable/c/fbb0de795078190a9834b3409e4b009cfb18a6d4 •