CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49095 – scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
https://notcve.org/view.php?id=CVE-2022-49095
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() The error handling path of the probe releases a resource that is not freed in the remove function. In some cases, a ioremap() must be undone. Add the missing iounmap() call in the remove function. • https://git.kernel.org/stable/c/45804fbb00eea27bdf4d62751681228a9e2844e9 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49094 – net/tls: fix slab-out-of-bounds bug in decrypt_internal
https://notcve.org/view.php?id=CVE-2022-49094
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decrypt_internal The memory size of tls_ctx->rx.iv for AES128-CCM is 12 setting in tls_set_sw_offload(). The return value of crypto_aead_ivsize() for "ccm(aes)" is 16. So memcpy() require 16 bytes from 12 bytes memory space will trigger slab-out-of-bounds bug as following: ================================================================== BUG: KASAN: slab-out-of-bounds in decrypt_internal+0x385/0xc40 [... • https://git.kernel.org/stable/c/f295b3ae9f5927e084bd5decdff82390e3471801 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49093 – skbuff: fix coalescing for page_pool fragment recycling
https://notcve.org/view.php?id=CVE-2022-49093
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: skbuff: fix coalescing for page_pool fragment recycling Fix a use-after-free when using page_pool with page fragments. We encountered this problem during normal RX in the hns3 driver: (1) Initially we have three descriptors in the RX queue. The first one allocates PAGE1 through page_pool, and the other two allocate one half of PAGE2 each. Page references look like this: RX_BD1 _______ PAGE1 RX_BD2 _______ PAGE2 RX_BD3 _________/ (2) Handle ... • https://git.kernel.org/stable/c/53e0961da1c7bbdabd1abebb20de403ec237ec09 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49092 – net: ipv4: fix route with nexthop object delete warning
https://notcve.org/view.php?id=CVE-2022-49092
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix route with nexthop object delete warning FRR folks have hit a kernel warning[1] while deleting routes[2] which is caused by trying to delete a route pointing to a nexthop id without specifying nhid but matching on an interface. That is, a route is found but we hit a warning while matching it. The warning is from fib_info_nh() in include/net/nexthop.h because we run it on a fib_info with nexthop object. The call chain is: inet... • https://git.kernel.org/stable/c/4c7e8084fd467ddb2b0e6c6011f9c1064afb7e56 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49091 – drm/imx: Fix memory leak in imx_pd_connector_get_modes
https://notcve.org/view.php?id=CVE-2022-49091
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/imx: Fix memory leak in imx_pd_connector_get_modes Avoid leaking the display mode variable if of_get_drm_display_mode fails. Addresses-Coverity-ID: 1443943 ("Resource leak") • https://git.kernel.org/stable/c/76ecd9c9fb24b014a6f33fbb1287ede3be12158b •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49090 – arch/arm64: Fix topology initialization for core scheduling
https://notcve.org/view.php?id=CVE-2022-49090
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on store_cpu_topology() to call update_siblings_masks() to transfer the toplogy to the various cpu masks. This needs to be done before the call to notify_cpu_starting() which tells the scheduler about each cpu found, otherwise the core scheduling data structures are setup in a way that does not match the actual topology. With smt_mask not setup correctly we bail ... • https://git.kernel.org/stable/c/9edeaea1bc452372718837ed2ba775811baf1ba1 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49089 – IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
https://notcve.org/view.php?id=CVE-2022-49089
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition The documentation of the function rvt_error_qp says both r_lock and s_lock need to be held when calling that function. It also asserts using lockdep that both of those locks are held. However, the commit I referenced in Fixes accidentally makes the call to rvt_error_qp in rvt_ruc_loopback no longer covered by r_lock. This results in the lockdep assertion failing and als... • https://git.kernel.org/stable/c/d757c60eca9b22f4d108929a24401e0fdecda0b1 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49088 – dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
https://notcve.org/view.php?id=CVE-2022-49088
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe This node pointer is returned by of_find_compatible_node() with refcount incremented. Calling of_node_put() to aovid the refcount leak. • https://git.kernel.org/stable/c/d346c9e86d8685d7cdceddf5b2e9c4376334620c •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49087 – rxrpc: fix a race in rxrpc_exit_net()
https://notcve.org/view.php?id=CVE-2022-49087
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix a race in rxrpc_exit_net() Current code can lead to the following race: CPU0 CPU1 rxrpc_exit_net() rxrpc_peer_keepalive_worker() if (rxnet->live) rxnet->live = false; del_timer_sync(&rxnet->peer_keepalive_timer); timer_reduce(&rxnet->peer_keepalive_timer, jiffies + delay); cancel_work_sync(&rxnet->peer_keepalive_work); rxrpc_exit_net() exits while peer_keepalive_timer is still armed, leading to use-after-free. syzbot report was: ... • https://git.kernel.org/stable/c/ace45bec6d77bc061c3c3d8ad99e298ea9800c2b •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49086 – net: openvswitch: fix leak of nested actions
https://notcve.org/view.php?id=CVE-2022-49086
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate memory and store pointers in the internal copy of the actions. So this memory has to be freed while destroying the actions. Currently there are only two such actions: ct() and set(). However, there are many actions that can hold nested lists of actions and ovs_nla_free_flow_actions() just jumps over them leaking the ... • https://git.kernel.org/stable/c/34ae932a40369be6bd6ea97d66b6686361b4370d •