CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49307 – tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
https://notcve.org/view.php?id=CVE-2022-49307
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() When the driver fails at alloc_hdlcdev(), and then we remove the driver module, we will get the following splat: [ 25.065966] general protection fault, probably for non-canonical address 0xdffffc0000000182: 0000 [#1] PREEMPT SMP KASAN PTI [ 25.066914] KASAN: null-ptr-deref in range [0x0000000000000c10-0x0000000000000c17] [ 25.069262] RIP: 0010:detach_hdlc_protocol+0x2a/0x3e0 [ 2... • https://git.kernel.org/stable/c/50c341f9a2adc4c32a8ad5a39eb99d9c4a419e0d •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49306 – usb: dwc3: host: Stop setting the ACPI companion
https://notcve.org/view.php?id=CVE-2022-49306
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: host: Stop setting the ACPI companion It is no longer needed. The sysdev pointer is now used when assigning the ACPI companions to the xHCI ports and USB devices. Assigning the ACPI companion here resulted in the fwnode->secondary pointer to be replaced also for the parent dwc3 device since the primary fwnode (the ACPI companion) was shared. That was unintentional and it created potential side effects like resource leaks. • https://git.kernel.org/stable/c/d7f35934f7ab67bfd9adabc84207e59da9c19108 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49305 – drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
https://notcve.org/view.php?id=CVE-2022-49305
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() There is a deadlock in ieee80211_beacons_stop(), which is shown below: (Thread 1) | (Thread 2) | ieee80211_send_beacon() ieee80211_beacons_stop() | mod_timer() spin_lock_irqsave() //(1) | (wait a time) ... | ieee80211_send_beacon_cb() del_timer_sync() | spin_lock_irqsave() //(2) (wait timer to stop) | ... We hold ieee->beacon_lock in position (1) of thread 1 and use del_ti... • https://git.kernel.org/stable/c/b465bb2ebf666116c1ac745cb80c65154dc0d27e •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49304 – drivers: tty: serial: Fix deadlock in sa1100_set_termios()
https://notcve.org/view.php?id=CVE-2022-49304
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: tty: serial: Fix deadlock in sa1100_set_termios() There is a deadlock in sa1100_set_termios(), which is shown below: (Thread 1) | (Thread 2) | sa1100_enable_ms() sa1100_set_termios() | mod_timer() spin_lock_irqsave() //(1) | (wait a time) ... | sa1100_timeout() del_timer_sync() | spin_lock_irqsave() //(2) (wait timer to stop) | ... We hold sport->port.lock in position (1) of thread 1 and use del_timer_sync() to wait timer to stop, ... • https://git.kernel.org/stable/c/0976808d0d171ec837d4bd3e9f4ad4a00ab703b8 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49303 – drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle
https://notcve.org/view.php?id=CVE-2022-49303
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle There is a deadlock in rtw_joinbss_event_prehandle(), which is shown below: (Thread 1) | (Thread 2) | _set_timer() rtw_joinbss_event_prehandle()| mod_timer() spin_lock_bh() //(1) | (wait a time) ... | rtw_join_timeout_handler() | _rtw_join_timeout_handler() del_timer_sync() | spin_lock_bh() //(2) (wait timer to stop) | ... We hold pmlmepriv->lock in position (1) of thr... • https://git.kernel.org/stable/c/25cf414b0610fea29d8e045f315648d9007c9a46 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49302 – USB: host: isp116x: check return value after calling platform_get_resource()
https://notcve.org/view.php?id=CVE-2022-49302
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: host: isp116x: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. • https://git.kernel.org/stable/c/804de302ada3544699c5f48c5314b249af76faa3 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49301 – staging: rtl8712: fix uninit-value in usb_read8() and friends
https://notcve.org/view.php?id=CVE-2022-49301
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usb_read8() and friends When r8712_usbctrl_vendorreq() returns negative, 'data' in usb_read{8,16,32} will not be initialized. BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline] BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725 string_nocheck lib/vsprintf.c:643 [inline] string+0x4ec/0x6f0 lib/vsprintf.c:725 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806 va_format lib/vspr... • https://git.kernel.org/stable/c/58762f1c63c75cbe1dc393eed3c9cf8e38310ca1 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49300 – nbd: fix race between nbd_alloc_config() and module removal
https://notcve.org/view.php?id=CVE-2022-49300
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbd_alloc_config() and module removal When nbd module is being removing, nbd_alloc_config() may be called concurrently by nbd_genl_connect(), although try_module_get() will return false, but nbd_alloc_config() doesn't handle it. The race may lead to the leak of nbd_config and its related resources (e.g, recv_workq) and oops in nbd_read_stat() due to the unload of nbd module as shown below: BUG: kernel NULL pointer dere... • https://git.kernel.org/stable/c/165cf2e0019fa6cedc75b456490c41494c34abb4 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49299 – usb: dwc2: gadget: don't reset gadget's driver->bus
https://notcve.org/view.php?id=CVE-2022-49299
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: don't reset gadget's driver->bus UDC driver should not touch gadget's driver internals, especially it should not reset driver->bus. This wasn't harmful so far, but since commit fc274c1e9973 ("USB: gadget: Add a new bus for gadgets") gadget subsystem got it's own bus and messing with ->bus triggers the following NULL pointer dereference: dwc2 12480000.hsotg: bound driver g_ether 8<--- cut here --- Unable to handle kernel N... • https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47660 – fs/ntfs3: Fix some memory leaks in an error handling path of 'log_replay()'
https://notcve.org/view.php?id=CVE-2021-47660
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix some memory leaks in an error handling path of 'log_replay()' All error handling paths lead to 'out' where many resources are freed. Do it as well here instead of a direct return, otherwise 'log', 'ra' and 'log->one_page_buf' (at least) will leak. • https://git.kernel.org/stable/c/b46acd6a6a627d876898e1c84d3f84902264b445 •