CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49258 – crypto: ccree - Fix use after free in cc_cipher_exit()
https://notcve.org/view.php?id=CVE-2022-49258
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cc_cipher_exit() kfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. But ctx_p->user.key is still used in the next line, which will lead to a use after free. We can call kfree_sensitive() after dev_dbg() to avoid the uaf. In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cc_cipher_exit() kfree_sensitive(ctx_p->user.key) will free the ct... • https://git.kernel.org/stable/c/63ee04c8b491ee148489347e7da9fbfd982ca2bb • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49257 – watch_queue: Fix NULL dereference in error cleanup
https://notcve.org/view.php?id=CVE-2022-49257
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: watch_queue: Fix NULL dereference in error cleanup In watch_queue_set_size(), the error cleanup code doesn't take account of the fact that __free_page() can't handle a NULL pointer when trying to free up buffer pages that did get allocated. Fix this by only calling __free_page() on the pages actually allocated. Without the fix, this can lead to something like the following: BUG: KASAN: null-ptr-deref in __free_pages+0x1f/0x1b0 mm/page_alloc... • https://git.kernel.org/stable/c/c73be61cede5882f9605a852414db559c0ebedfd •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49256 – watch_queue: Actually free the watch
https://notcve.org/view.php?id=CVE-2022-49256
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: watch_queue: Actually free the watch free_watch() does everything barring actually freeing the watch object. Fix this by adding the missing kfree. kmemleak produces a report something like the following. Note that as an address can be seen in the first word, the watch would appear to have gone through call_rcu(). BUG: memory leak unreferenced object 0xffff88810ce4a200 (size 96): comm "syz-executor352", pid 3605, jiffies 4294947473 (age 13.7... • https://git.kernel.org/stable/c/c73be61cede5882f9605a852414db559c0ebedfd •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49255 – f2fs: fix missing free nid in f2fs_handle_failed_inode
https://notcve.org/view.php?id=CVE-2022-49255
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fs_handle_failed_inode This patch fixes xfstests/generic/475 failure. [ 293.680694] F2FS-fs (dm-1): May loss orphan inode, run fsck to fix. [ 293.685358] Buffer I/O error on dev dm-1, logical block 8388592, async page read [ 293.691527] Buffer I/O error on dev dm-1, logical block 8388592, async page read [ 293.691764] sh (7615): drop_caches: 3 [ 293.691819] sh (7616): drop_caches: 3 [ 293.694017] Buffer I/O e... • https://git.kernel.org/stable/c/7735730d39d75e70476c1b01435b9b1f41637f0e •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49254 – media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats()
https://notcve.org/view.php?id=CVE-2022-49254
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() In cal_ctx_v4l2_init_formats(), devm_kzalloc() is assigned to ctx->active_fmt and there is a dereference of it after that, which could lead to NULL pointer dereference on failure of devm_kzalloc(). Fix this bug by adding a NULL check of ctx->active_fmt. This bug was found by a static analyzer. Builds with 'make allyesconfig' show no new warnings, and our stati... • https://git.kernel.org/stable/c/7168155002cf7aadbfaa14a28f037c880a214764 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49253 – media: usb: go7007: s2250-board: fix leak in probe()
https://notcve.org/view.php?id=CVE-2022-49253
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: usb: go7007: s2250-board: fix leak in probe() Call i2c_unregister_device(audio) on this error path. • https://git.kernel.org/stable/c/d3b2ccd9e307eae80b4b4eeb0ede46cb02212df2 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49252 – ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type
https://notcve.org/view.php?id=CVE-2022-49252
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeof(long) is 8 compared to enum size which is 4 bytes. • https://git.kernel.org/stable/c/4f692926f562ff48abfcca6b16f36ff8d57473b6 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49251 – ASoC: codecs: va-macro: fix accessing array out of bounds for enum type
https://notcve.org/view.php?id=CVE-2022-49251
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: va-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeof(long) is 8 compared to enum size which is 4 bytes. • https://git.kernel.org/stable/c/908e6b1df26efc9d2df70c9a7bf4f5eae5c5702f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49250 – ASoC: codecs: rx-macro: fix accessing compander for aux
https://notcve.org/view.php?id=CVE-2022-49250
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fix accessing compander for aux AUX interpolator does not have compander, so check before accessing compander data for this. Without this checkan array of out bounds access will be made in comp_enabled[] array. • https://git.kernel.org/stable/c/4f692926f562ff48abfcca6b16f36ff8d57473b6 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49249 – ASoC: codecs: wc938x: fix accessing array out of bounds for enum type
https://notcve.org/view.php?id=CVE-2022-49249
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wc938x: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeof(long) is 8 compared to enum size which is 4 bytes. Fix this by using enumerated items instead of integers. • https://git.kernel.org/stable/c/e8ba1e05bdc016700c85fad559a812c2e795442f •