CVSS: 5.6EPSS: %CPEs: 4EXPL: 0CVE-2022-49663 – tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
https://notcve.org/view.php?id=CVE-2022-49663
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() Recently added debug in commit f9aefd6b2aa3 ("net: warn if mac header was not set") caught a bug in skb_tunnel_check_pmtu(), as shown in this syzbot report [1]. In ndo_start_xmit() paths, there is really no need to use skb->mac_header, because skb->data is supposed to point at it. [1] WARNING: CPU: 1 PID: 8604 at include/linux/skbuff.h:2784 skb_mac_header_len include/linux/... • https://git.kernel.org/stable/c/4cb47a8644cc9eb8ec81190a50e79e6530d0297f •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49661 – can: gs_usb: gs_usb_open/close(): fix memory leak
https://notcve.org/view.php?id=CVE-2022-49661
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_open/close(): fix memory leak The gs_usb driver appears to suffer from a malady common to many USB CAN adapter drivers in that it performs usb_alloc_coherent() to allocate a number of USB request blocks (URBs) for RX, and then later relies on usb_kill_anchored_urbs() to free them, but this doesn't actually free them. As a result, this may be leaking DMA memory that's been used by the driver. This commit is an adaptation ... • https://git.kernel.org/stable/c/d08e973a77d128b25e01a08c34d89593fdf222da •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2022-49658 – bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
https://notcve.org/view.php?id=CVE-2022-49658
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals Kuee reported a corner case where the tnum becomes constant after the call to __reg_bound_offset(), but the register's bounds are not, that is, its min bounds are still not equal to the register's max bounds. This in turn allows to leak pointers through turning a pointer register as is into an unknown scalar via adjust_ptr_min_max_vals(). Before: func#0 @0 0: R1=ctx(of... • https://git.kernel.org/stable/c/b03c9f9fdc37dab81ea04d5dacdc5995d4c224c2 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49657 – usbnet: fix memory leak in error case
https://notcve.org/view.php?id=CVE-2022-49657
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer • https://git.kernel.org/stable/c/877bd862f32b815d54ab5fc10a4fd903d7bf3012 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49656 – ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
https://notcve.org/view.php?id=CVE-2022-49656
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: meson: Fix refcount leak in meson_smp_prepare_cpus of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ARM: meson: Fix refcount leak in meson_smp_prepare_cpus of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_... • https://git.kernel.org/stable/c/d850f3e5d2966e5c9eb55f66181cee960737e04c •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2022-49654 – net: dsa: qca8k: reset cpu port on MTU change
https://notcve.org/view.php?id=CVE-2022-49654
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: qca8k: reset cpu port on MTU change It was discovered that the Documentation lacks of a fundamental detail on how to correctly change the MAX_FRAME_SIZE of the switch. In fact if the MAX_FRAME_SIZE is changed while the cpu port is on, the switch panics and cease to send any packet. This cause the mgmt ethernet system to not receive any packet (the slow fallback still works) and makes the device not reachable. To recover from this ... • https://git.kernel.org/stable/c/f58d2598cf70d41f73e761b62a114d2e8f94a676 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49652 – dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
https://notcve.org/view.php?id=CVE-2022-49652
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not needed anymore. Add missing of_node_put() in to fix this. In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate of_parse_phandle() returns a node pointer with refcount incremented, we should... • https://git.kernel.org/stable/c/ec9bfa1e1a796ef7acc2e55917c9b8be5a79e70e •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2022-49651 – srcu: Tighten cleanup_srcu_struct() GP checks
https://notcve.org/view.php?id=CVE-2022-49651
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanup_srcu_struct() GP checks Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does not check for a grace period that has not yet started but which might start at any time. Such a situation could result in a use-after-free bug, so this commit adds a check for a grace period that is needed but not yet started to cleanup_srcu_struct(). In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/e997dda6502eefbc1032d6b0da7b353c53344b07 •
CVSS: 6.4EPSS: %CPEs: 3EXPL: 0CVE-2022-49650 – dmaengine: qcom: bam_dma: fix runtime PM underflow
https://notcve.org/view.php?id=CVE-2022-49650
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bam_dma: fix runtime PM underflow Commit dbad41e7bb5f ("dmaengine: qcom: bam_dma: check if the runtime pm enabled") caused unbalanced pm_runtime_get/put() calls when the bam is controlled remotely. This commit reverts it and just enables pm_runtime in all cases, the clk_* functions already just nop when the clock is NULL. Also clean up a bit by removing unnecessary bamclk null checks. In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/dbad41e7bb5f4b9949ff5ea1d76c20711f326308 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49649 – xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
https://notcve.org/view.php?id=CVE-2022-49649
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue xenvif_rx_next_skb() is expecting the rx queue not being empty, but in case the loop in xenvif_rx_action() is doing multiple iterations, the availability of another skb in the rx queue is not being checked. This can lead to crashes: [40072.537261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 [40072.537407] IP: xenvif_rx_skb+0x23/0x590 [xen_n... • https://git.kernel.org/stable/c/98f6d57ced73b723551568262019f1d6c8771f20 •