CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49823 – ata: libata-transport: fix error handling in ata_tdev_add()
https://notcve.org/view.php?id=CVE-2022-49823
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tdev_add() In ata_tdev_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #3... • https://git.kernel.org/stable/c/d9027470b88631d0956ac37cdadfdeb9cdcf2c99 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49821 – mISDN: fix possible memory leak in mISDN_dsp_element_register()
https://notcve.org/view.php?id=CVE-2022-49821
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_device() to give up the reference, so that the name can be freed in kobject_cleanup() when the refcount is 0. The 'entry' is going to be freed in mISDN_dsp_dev_release(), so the kfree() is removed. list_del() is called in mISDN_dsp_dev_r... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49818 – mISDN: fix misuse of put_device() in mISDN_register_device()
https://notcve.org/view.php?id=CVE-2022-49818
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize(). • https://git.kernel.org/stable/c/d1d1aede313eb2b9a84afd60ff6cfb7c33631e0e •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49814 – kcm: close race conditions on sk_receive_queue
https://notcve.org/view.php?id=CVE-2022-49814
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: kcm: close race conditions on sk_receive_queue sk->sk_receive_queue is protected by skb queue lock, but for KCM sockets its RX path takes mux->rx_lock to protect more than just skb queue. However, kcm_recvmsg() still only grabs the skb queue lock, so race conditions still exist. We can teach kcm_recvmsg() to grab mux->rx_lock too but this would introduce a potential performance regression as struct kcm_mux can be shared by multiple KCM sock... • https://git.kernel.org/stable/c/ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49813 – net: ena: Fix error handling in ena_init()
https://notcve.org/view.php?id=CVE-2022-49813
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver() failed to prevent the resource leak. In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() wh... • https://git.kernel.org/stable/c/1738cd3ed342294360d6a74d4e58800004bff854 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49811 – drbd: use after free in drbd_create_device()
https://notcve.org/view.php?id=CVE-2022-49811
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe() iterator to prevent a use after free. In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe() iterator to prevent a use after free. • https://git.kernel.org/stable/c/b6f85ef9538b2111a8ba0bbfae9aaebabfc94961 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49809 – net/x25: Fix skb leak in x25_lapb_receive_frame()
https://notcve.org/view.php?id=CVE-2022-49809
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25_lapb_receive_frame() x25_lapb_receive_frame() using skb_copy() to get a private copy of skb, the new skb should be freed in the undersized/fragmented skb error handling path. Otherwise there is a memory leak. In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25_lapb_receive_frame() x25_lapb_receive_frame() using skb_copy() to get a private copy of skb, the new skb shou... • https://git.kernel.org/stable/c/cb101ed2c3c7c0224d16953fe77bfb9d6c2cb9df •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49802 – ftrace: Fix null pointer dereference in ftrace_add_mod()
https://notcve.org/view.php?id=CVE-2022-49802
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix null pointer dereference in ftrace_add_mod() The @ftrace_mod is allocated by kzalloc(), so both the members {prev,next} of @ftrace_mode->list are NULL, it's not a valid state to call list_del(). If kstrdup() for @ftrace_mod->{func|module} fails, it goes to @out_free tag and calls free_ftrace_mod() to destroy @ftrace_mod, then list_del() will write prev->next and next->prev, where null pointer dereference happens. BUG: kernel NUL... • https://git.kernel.org/stable/c/673feb9d76ab3eddde7acfd94b206e321cfc90b9 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49799 – tracing: Fix wild-memory-access in register_synth_event()
https://notcve.org/view.php?id=CVE-2022-49799
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix wild-memory-access in register_synth_event() In register_synth_event(), if set_synth_event_print_fmt() failed, then both trace_remove_event_call() and unregister_trace_event() will be called, which means the trace_event_call will call __unregister_trace_event() twice. As the result, the second unregister will causes the wild-memory-access. register_synth_event set_synth_event_print_fmt failed trace_remove_event_call event_remov... • https://git.kernel.org/stable/c/4b147936fa509650beaf638b331573c23ba4d609 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49794 – iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
https://notcve.org/view.php?id=CVE-2022-49794
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() If iio_trigger_register() returns error, it should call iio_trigger_free() to give up the reference that hold in iio_trigger_alloc(), so that it can call iio_trig_release() to free memory when the refcount hit to 0. In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() If iio_t... • https://git.kernel.org/stable/c/0e589d5fb3172b0dde7fdad3a4829ce5352dd30d •