CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49794 – iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
https://notcve.org/view.php?id=CVE-2022-49794
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() If iio_trigger_register() returns error, it should call iio_trigger_free() to give up the reference that hold in iio_trigger_alloc(), so that it can call iio_trig_release() to free memory when the refcount hit to 0. In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() If iio_t... • https://git.kernel.org/stable/c/0e589d5fb3172b0dde7fdad3a4829ce5352dd30d •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49793 – iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
https://notcve.org/view.php?id=CVE-2022-49793
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() dev_set_name() allocates memory for name, it need be freed when device_add() fails, call put_device() to give up the reference that hold in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hit to 0. Fault injection test can trigger this: unreferenced object 0xffff8e8340a7b4c0 (size 32): comm "modprobe", pid 243, jiffies 4294678145 (age ... • https://git.kernel.org/stable/c/1f785681a87068f123d3e23da13b2c55ab4f93ac •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2022-49789 – scsi: zfcp: Fix double free of FSF request when qdio send fails
https://notcve.org/view.php?id=CVE-2022-49789
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache the FSF request ID when sending a new FSF request. This is used in case the sending fails and we need to remove the request from our internal hash table again (so we don't keep an invalid reference and use it when we free the request again). In 'zfcp_fsf_req_send()' we used to cache the ID as 'int' (sign... • https://git.kernel.org/stable/c/e60a6d69f1f84c2ef1cc63aefaadfe7ae9f12934 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49788 – misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
https://notcve.org/view.php?id=CVE-2022-49788
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121 instrument_copy_to_user ./include/linux/instrumented.h:121 _copy_to_user+0x5f/0xb0 lib/usercopy.c:33 copy_to_user ./include/linux/uaccess.h:16... • https://git.kernel.org/stable/c/06164d2b72aa752ce4633184b3e0d97601017135 •
CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2022-49787 – mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
https://notcve.org/view.php?id=CVE-2022-49787
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() pci_get_device() will increase the reference count for the returned pci_dev. We need to use pci_dev_put() to decrease the reference count before amd_probe() returns. There is no problem for the 'smbus_dev == NULL' branch because pci_dev_put() can also handle the NULL input parameter case. In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pc... • https://git.kernel.org/stable/c/659c9bc114a810b3a3c1e50585cc57f1312a6d60 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2022-49780 – scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
https://notcve.org/view.php?id=CVE-2022-49780
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() If device_register() fails in tcm_loop_setup_hba_bus(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). The 'tl_hba' will be freed in tcm_loop_release_adapter(), so it do... • https://git.kernel.org/stable/c/3703b2c5d041a68095cdd22380c23ce27d449ad7 •
CVSS: 7.0EPSS: %CPEs: 8EXPL: 0CVE-2022-49775 – tcp: cdg: allow tcp_cdg_release() to be called multiple times
https://notcve.org/view.php?id=CVE-2022-49775
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: cdg: allow tcp_cdg_release() to be called multiple times Apparently, mptcp is able to call tcp_disconnect() on an already disconnected flow. This is generally fine, unless current congestion control is CDG, because it might trigger a double-free [1] Instead of fixing MPTCP, and future bugs, we can make tcp_disconnect() more resilient. [1] BUG: KASAN: double-free in slab_free mm/slub.c:3539 [inline] BUG: KASAN: double-free in kfree+0xe2... • https://git.kernel.org/stable/c/2b0a8c9eee81882fc0001ccf6d9af62cdc682f9e •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2022-49773 – drm/amd/display: Fix optc2_configure warning on dcn314
https://notcve.org/view.php?id=CVE-2022-49773
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix optc2_configure warning on dcn314 [Why] dcn314 uses optc2_configure_crc() that wraps optc1_configure_crc() + set additional registers not applicable to dcn314. It's not critical but when used leads to warning like: WARNING: drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.c Call Trace:
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49772 – ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
https://notcve.org/view.php?id=CVE-2022-49772
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() snd_usbmidi_output_open() has a check of the NULL port with snd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened, but in reality, the NULL port may be seen when the device gives an invalid endpoint setup at the descriptor, hence the driver skips the allocation. That is, the check itself is valid and snd_BUG_ON() should be dropped from there. Otherwise it's conf... • https://git.kernel.org/stable/c/872c9314769e89d8bda74ff3ac584756a45ee752 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49771 – dm ioctl: fix misbehavior if list_versions races with module loading
https://notcve.org/view.php?id=CVE-2022-49771
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if list_versions races with module loading __list_versions will first estimate the required space using the "dm_target_iterate(list_version_get_needed, &needed)" call and then will fill the space using the "dm_target_iterate(list_version_get_info, &iter_info)" call. Each of these calls locks the targets using the "down_read(&_lock)" and "up_read(&_lock)" calls, however between the first and second "dm_target_iterat... • https://git.kernel.org/stable/c/0c8d4112df329bf3dfbf27693f918c3b08676538 •