CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49045 – ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
https://notcve.org/view.php?id=CVE-2022-49045
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Test for "silence" field in struct "pcm_format_data" Syzbot reports "KASAN: null-ptr-deref Write in snd_pcm_format_set_silence".[1] It is due to missing validation of the "silence" field of struct "pcm_format_data" in "pcm_formats" array. Add a test for valid "pat" and, if it is not so, return -EINVAL. [1] https://lore.kernel.org/lkml/000000000000d188ef05dc2c7279@google.com/ • https://git.kernel.org/stable/c/77af45df08768401602472f3e3879dce14f55497 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49044 – dm integrity: fix memory corruption when tag_size is less than digest size
https://notcve.org/view.php?id=CVE-2022-49044
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tag_size is less than digest size It is possible to set up dm-integrity in such a way that the "tag_size" parameter is less than the actual digest size. In this situation, a part of the digest beyond tag_size is ignored. In this case, dm-integrity would write beyond the end of the ic->recalc_tags array and corrupt memory. The corruption happened in integrity_recalc->integrity_sector_checksum->crypto_... • https://git.kernel.org/stable/c/6a95d91c0b315c965198f6ab7dec7c94129e17e0 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2021-47657 – drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()
https://notcve.org/view.php?id=CVE-2021-47657
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() If virtio_gpu_object_shmem_init() fails (e.g. due to fault injection, as it happened in the bug report by syzbot), virtio_gpu_array_put_free() could be called with objs equal to NULL. Ensure that objs is not NULL in virtio_gpu_array_put_free(), or otherwise return from the function. • https://git.kernel.org/stable/c/377f8331d0565e6f71ba081c894029a92d0c7e77 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2021-47656 – jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
https://notcve.org/view.php?id=CVE-2021-47656
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: fix use-after-free in jffs2_clear_xattr_subsystem When we mount a jffs2 image, assume that the first few blocks of the image are normal and contain at least one xattr-related inode, but the next block is abnormal. As a result, an error is returned in jffs2_scan_eraseblock(). jffs2_clear_xattr_subsystem() is then called in jffs2_build_filesystem() and then again in jffs2_do_fill_super(). Finally we can observe the following report: ==... • https://git.kernel.org/stable/c/aa98d7cf59b5b0764d3502662053489585faf2fe •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2021-47655 – media: venus: vdec: fixed possible memory leak issue
https://notcve.org/view.php?id=CVE-2021-47655
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: venus: vdec: fixed possible memory leak issue The venus_helper_alloc_dpb_bufs() implementation allows an early return on an error path when checking the id from ida_alloc_min() which would not release the earlier buffer allocation. Move the direct kfree() from the error checking of dma_alloc_attrs() to the common fail path to ensure that allocations are released on all error paths in this function. Addresses-Coverity: 1494120 ("Resou... • https://git.kernel.org/stable/c/40d87aafee29fb01ce1e1868502fb2059a6a7f34 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2021-47654 – samples/landlock: Fix path_list memory leak
https://notcve.org/view.php?id=CVE-2021-47654
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fix path_list memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memory pointed to by 'path_list' ret = 0; ^ path_list is allocated in parse_path() but never freed. • https://git.kernel.org/stable/c/20fbf100f84b9aeb9c91421abe1927bc152bc32b •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2021-47653 – media: davinci: vpif: fix use-after-free on driver unbind
https://notcve.org/view.php?id=CVE-2021-47653
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: davinci: vpif: fix use-after-free on driver unbind The driver allocates and registers two platform device structures during probe, but the devices were never deregistered on driver unbind. This results in a use-after-free on driver unbind as the device structures were allocated using devres and would be freed by driver core when remove() returns. Fix this by adding the missing deregistration calls to the remove() callback and failing... • https://git.kernel.org/stable/c/479f7a1181058689435baddc16a6a42e1a8ff0e8 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2021-47652 – video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
https://notcve.org/view.php?id=CVE-2021-47652
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() I got a null-ptr-deref report: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:fb_destroy_modelist+0x38/0x100 ... Call Trace: ufx_usb_probe.cold+0x2b5/0xac1 [smscufx] usb_probe_interface+0x1aa/0x3c0 [usbcore] really_probe+0x167/0x460 ... ret_from_fork+0x1f/0x30 If fb_alloc_cmap() fails in ufx_usb_probe(), fb_destroy_modelist() will be called to destro... • https://git.kernel.org/stable/c/3c8a63e22a0802fd56380f6ab305b419f18eb6f5 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2021-47651 – soc: qcom: rpmpd: Check for null return of devm_kcalloc
https://notcve.org/view.php?id=CVE-2021-47651
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: rpmpd: Check for null return of devm_kcalloc Because of the possible failure of the allocation, data->domains might be NULL pointer and will cause the dereference of the NULL pointer later. Therefore, it might be better to check it and directly return -ENOMEM without releasing data manually if fails, because the comment of the devm_kmalloc() says "Memory allocated with this function is automatically freed on driver detach.". • https://git.kernel.org/stable/c/bbe3a66c3f5a65fb3d702351bac2a6033944d389 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2021-47650 – ASoC: soc-compress: prevent the potentially use of null pointer
https://notcve.org/view.php?id=CVE-2021-47650
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: prevent the potentially use of null pointer There is one call trace that snd_soc_register_card() ->snd_soc_bind_card()->soc_init_pcm_runtime() ->snd_soc_dai_compress_new()->snd_soc_new_compress(). In the trace the 'codec_dai' transfers from card->dai_link, and we can see from the snd_soc_add_pcm_runtime() in snd_soc_bind_card() that, if value of card->dai_link->num_codecs is 0, then 'codec_dai' could be null pointer caus... • https://git.kernel.org/stable/c/467fece8fbc6774a3a3bd0981e1a342fb5022706 •