CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49520 – arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
https://notcve.org/view.php?id=CVE-2022-49520
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall If a compat process tries to execute an unknown system call above the __ARM_NR_COMPAT_END number, the kernel sends a SIGILL signal to the offending process. Information about the error is printed to dmesg in compat_arm_syscall() -> arm64_notify_die() -> arm64_force_sig_fault() -> arm64_show_signal(). arm64_show_signal() interprets a non-zero value for current->thread.fa... • https://git.kernel.org/stable/c/efd183d988b416fcdf6f7c298a17ced4859ca77d •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49519 – ath10k: skip ath10k_halt during suspend for driver state RESTARTING
https://notcve.org/view.php?id=CVE-2022-49519
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath10k: skip ath10k_halt during suspend for driver state RESTARTING Double free crash is observed when FW recovery(caused by wmi timeout/crash) is followed by immediate suspend event. The FW recovery is triggered by ath10k_core_restart() which calls driver clean up via ath10k_halt(). When the suspend event occurs between the FW recovery, the restart worker thread is put into frozen state until suspend completes. The suspend event triggers a... • https://git.kernel.org/stable/c/8aa3750986ffcf73e0692db3b40dd3a8e8c0c575 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49518 – ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload
https://notcve.org/view.php?id=CVE-2022-49518
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload It is possible to craft a topology where sof_get_control_data() would do out of bounds access because it expects that it is only called when the payload is bytes type. Confusingly it also handles other types of controls, but the payload parsing implementation is only valid for bytes. Fix the code to count the non bytes controls and instead of storing a pointer to sof_a... • https://git.kernel.org/stable/c/896b03bb7c7010042786cfae2115083d4c241dd3 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49516 – ice: always check VF VSI pointer values
https://notcve.org/view.php?id=CVE-2022-49516
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: always check VF VSI pointer values The ice_get_vf_vsi function can return NULL in some cases, such as if handling messages during a reset where the VSI is being removed and recreated. Several places throughout the driver do not bother to check whether this VSI pointer is valid. Static analysis tools maybe report issues because they detect paths where a potentially NULL pointer could be dereferenced. Fix this by checking the return valu... • https://git.kernel.org/stable/c/e7be3877589d539c52e5d1d23a625f889b541b9d •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49504 – scsi: lpfc: Inhibit aborts if external loopback plug is inserted
https://notcve.org/view.php?id=CVE-2022-49504
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Inhibit aborts if external loopback plug is inserted After running a short external loopback test, when the external loopback is removed and a normal cable inserted that is directly connected to a target device, the system oops in the llpfc_set_rrq_active() routine. When the loopback was inserted an FLOGI was transmit. As we're looped back, we receive the FLOGI request. The FLOGI is ABTS'd as we recognize the same wppn thus unde... • https://git.kernel.org/stable/c/a1516930cb605caee3bc7b4f3b7994b88c0b8505 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49502 – media: rga: fix possible memory leak in rga_probe
https://notcve.org/view.php?id=CVE-2022-49502
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: rga: fix possible memory leak in rga_probe rga->m2m_dev needs to be freed when rga_probe fails. • https://git.kernel.org/stable/c/8ddc89437ccefa18279918c19a61fd81527f40b9 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49501 – usbnet: Run unregister_netdev() before unbind() again
https://notcve.org/view.php?id=CVE-2022-49501
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregister_netdev() before unbind() again Commit 2c9d6c2b871d ("usbnet: run unbind() before unregister_netdev()") sought to fix a use-after-free on disconnect of USB Ethernet adapters. It turns out that a different fix is necessary to address the issue: https://lore.kernel.org/netdev/18b3541e5372bc9b9fc733d422f4e698c089077c.1650177997.git.lukas@wunner.de/ So the commit was not necessary. The commit made binding and unbinding of ... • https://git.kernel.org/stable/c/6d5deb242874d924beccf7eb3cef04c1c3b0da79 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49497 – net: remove two BUG() from skb_checksum_help()
https://notcve.org/view.php?id=CVE-2022-49497
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: remove two BUG() from skb_checksum_help() I have a syzbot report that managed to get a crash in skb_checksum_help() If syzbot can trigger these BUG(), it makes sense to replace them with more friendly WARN_ON_ONCE() since skb_checksum_help() can instead return an error code. Note that syzbot will still crash there, until real bug is fixed. • https://git.kernel.org/stable/c/312c43e98ed190bd8fd7a71a0addf9539d5b8ab1 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49496 – media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko
https://notcve.org/view.php?id=CVE-2022-49496
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko If the driver support subdev mode, the parameter "dev->pm.dev" will be NULL in mtk_vcodec_dec_remove. Kernel will crash when try to rmmod mtk-vcodec-dec.ko. [ 4380.702726] pc : do_raw_spin_trylock+0x4/0x80 [ 4380.707075] lr : _raw_spin_lock_irq+0x90/0x14c [ 4380.711509] sp : ffff80000819bc10 [ 4380.714811] x29: ffff80000819bc10 x28: ffff3600c03e4000 x27: 000000000000... • https://git.kernel.org/stable/c/1fa37b00dc55a061a3eb82e378849862b4aeca9d •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49493 – ASoC: rt5645: Fix errorenous cleanup order
https://notcve.org/view.php?id=CVE-2022-49493
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix errorenous cleanup order There is a logic error when removing rt5645 device as the function rt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and delete the &rt5645->btn_check_timer latter. However, since the timer handler rt5645_btn_check_callback() will re-queue the jack_detect_work, this cleanup order is buggy. That is, once the del_timer_sync in rt5645_i2c_remove is concurrently run with the rt5645_btn_che... • https://git.kernel.org/stable/c/7d801e807536a9a9c2146c5f4a5836f154517ed3 •