CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49130 – ath11k: mhi: use mhi_sync_power_up()
https://notcve.org/view.php?id=CVE-2022-49130
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: mhi: use mhi_sync_power_up() If amss.bin was missing ath11k would crash during 'rmmod ath11k_pci'. The reason for that was that we were using mhi_async_power_up() which does not check any errors. But mhi_sync_power_up() on the other hand does check for errors so let's use that to fix the crash. I was not able to find a reason why an async version was used. ath11k_mhi_start() (which enables state ATH11K_MHI_POWER_ON) is called from a... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49129 – mt76: mt7921: fix crash when startup fails.
https://notcve.org/view.php?id=CVE-2022-49129
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix crash when startup fails. If the nic fails to start, it is possible that the reset_work has already been scheduled. Ensure the work item is canceled so we do not have use-after-free crash in case cleanup is called before the work item is executed. This fixes crash on my x86_64 apu2 when mt7921k radio fails to work. Radio still fails, but OS does not crash. • https://git.kernel.org/stable/c/7bc04215a66b60e198aecaee8418f6d79fa19faa •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49128 – drm/bridge: Add missing pm_runtime_put_sync
https://notcve.org/view.php?id=CVE-2022-49128
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/bridge: Add missing pm_runtime_put_sync pm_runtime_get_sync() will increase the rumtime PM counter even when it returns an error. Thus a pairing decrement is needed to prevent refcount leak. Fix this by replacing this API with pm_runtime_resume_and_get(), which will not change the runtime PM counter on error. Besides, a matching decrement is needed on the error handling path to keep the counter balanced. • https://git.kernel.org/stable/c/44cfc6233447cb2cf47aeb99457de35826a363f6 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49127 – ref_tracker: implement use-after-free detection
https://notcve.org/view.php?id=CVE-2022-49127
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ref_tracker: implement use-after-free detection Whenever ref_tracker_dir_init() is called, mark the struct ref_tracker_dir as dead. Test the dead status from ref_tracker_alloc() and ref_tracker_free() This should detect buggy dev_put()/dev_hold() happening too late in netdevice dismantle process. • https://git.kernel.org/stable/c/4e66934eaadc83b27ada8d42b60894018f3bfabf •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49126 – scsi: mpi3mr: Fix memory leaks
https://notcve.org/view.php?id=CVE-2022-49126
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix memory leaks Fix memory leaks related to operational reply queue's memory segments which are not getting freed while unloading the driver. • https://git.kernel.org/stable/c/c4f7ac64616ee513f9ac4ae6c4d8c3cccb6974df •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49125 – drm/sprd: fix potential NULL dereference
https://notcve.org/view.php?id=CVE-2022-49125
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/sprd: fix potential NULL dereference 'drm' could be null in sprd_drm_shutdown, and drm_warn maybe dereference it, remove this warning log. v1 -> v2: - Split checking platform_get_resource() return value to a separate patch - Use dev_warn() instead of removing the warning log • https://git.kernel.org/stable/c/43531edd53f07cbe977a0b33dea6dd6c29b21fea •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49124 – x86/mce: Work around an erratum on fast string copy instructions
https://notcve.org/view.php?id=CVE-2022-49124
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1) An uncorrected error. 2) That error must be in first cache line of a page. 3) Kernel must execute page_copy from the page immediately before that page. The fast string copy instructions ("REP; MOVS*") could consume an uncorrectable memory error i... • https://git.kernel.org/stable/c/ba37c73be3d5632f6fb9fa20b250ce45560ca85d •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49123 – ath11k: Fix frames flush failure caused by deadlock
https://notcve.org/view.php?id=CVE-2022-49123
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: [25393.301506] ath11k_pci 0000:01:00.0: failed to flush mgmt transmit queue 0 kernel: [25398.421509] ath11k_pci 0000:01:00.0: failed to flush mgmt transmit queue 0 kernel: [25398.421831] ath11k_pci 0000:01:00.0: dropping mgmt frame for vdev 0, is_started 0 this means ath11k fails to flush mgmt. frames because wmi_mgmt_tx_work has no chance to run in 5 ... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49122 – dm ioctl: prevent potential spectre v1 gadget
https://notcve.org/view.php?id=CVE-2022-49122
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec. • https://git.kernel.org/stable/c/76c94651005f58885facf9c973007f5ea01ab01f •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49121 – scsi: pm8001: Fix tag leaks on error
https://notcve.org/view.php?id=CVE-2022-49121
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix tag leaks on error In pm8001_chip_set_dev_state_req(), pm8001_chip_fw_flash_update_req(), pm80xx_chip_phy_ctl_req() and pm8001_chip_reg_dev_req() add missing calls to pm8001_tag_free() to free the allocated tag when pm8001_mpi_build_cmd() fails. Similarly, in pm8001_exec_internal_task_abort(), if the chip ->task_abort method fails, the tag allocated for the abort request task must be freed. Add the missing call to pm8001_t... • https://git.kernel.org/stable/c/a0bb65eadbf942024226241d9d99fed17168940b •