CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48934 – nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
https://notcve.org/view.php?id=CVE-2022-48934
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX) inclusive. So NFP_MAX_MAC_INDEX (0xff) is a valid id. In order for the error handling path to work correctly, the 'invalid' value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range, inclusive. So set it to -1. In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fi... • https://git.kernel.org/stable/c/20cce88650981ec504d328dbbdd004d991eb8535 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48933 – netfilter: nf_tables: fix memory leak during stateful obj update
https://notcve.org/view.php?id=CVE-2022-48933
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The ->init function was called for this object, so plain kfree() leaks resources. We must call ->destroy function of the object. nft_obj_destroy does this, but it also decrements the module refcount, but the update path doesn't increment it. To avoid spe... • https://git.kernel.org/stable/c/d62d0ba97b5803183e70cfded7f7b9da76893bf5 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48931 – configfs: fix a race in configfs_{,un}register_subsystem()
https://notcve.org/view.php?id=CVE-2022-48931
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes add or delete list concurrently. Some unfortunate interleavings of them can cause kernel panic. One of cases is: A --> B --> C --> D A <-- B <-- C <-- D delete list_head *B | delete list_head *C --------------------------------|--------... • https://git.kernel.org/stable/c/7063fbf2261194f72ee75afca67b3b38b554b5fa •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48930 – RDMA/ib_srp: Fix a deadlock
https://notcve.org/view.php?id=CVE-2022-48930
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync() In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_wo... • https://git.kernel.org/stable/c/ef6c49d87c3418c442a22e55e3ce2f91b163d69e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48928 – iio: adc: men_z188_adc: Fix a resource leak in an error handling path
https://notcve.org/view.php?id=CVE-2022-48928
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is left unbalanced. Update the error handling path and add the missing iounmap() call, as already done in the remove function. In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is ... • https://git.kernel.org/stable/c/74aeac4da66fbfa246edbfc849002eac9b5af9ca •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48926 – usb: gadget: rndis: add spinlock for rndis response list
https://notcve.org/view.php?id=CVE-2022-48926
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list. It could cause list corruption if there're two different list_add at the same time like below. It's better to add in rndis_add_response / rndis_free_response / rndis_get_next_response to prevent any race condition on response list. [ 361.894299] [1: irq/191-dwc3:16979] list_add corruption. next->prev should be prev (ffffff80651764d0), but was f... • https://git.kernel.org/stable/c/f6281af9d62e128aa6efad29cf7265062af114f2 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48943 – KVM: x86/mmu: make apf token non-zero to fix bug
https://notcve.org/view.php?id=CVE-2022-48943
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvm_arch_can_dequeue_async_page_present() to determine whether to deliver a READY event to the Guest. This function test token value of struct kvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a READY event is finished by Guest. If value is zero meaning that a READY event is done, so the KVM can deliver... • https://git.kernel.org/stable/c/72fdfc75d4217b32363cc80def3de2cb3fef3f02 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48924 – thermal: int340x: fix memory leak in int3400_notify()
https://notcve.org/view.php?id=CVE-2022-48924
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400_notify() It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 (size 32): comm "kworker/0:2", pid 112, jiffies 4294893323 (age 83.604s) hex dump (first 32 bytes): 4e 41 4d 45 3d 49 4e 54 33 34 30 30 20 54 68 65 NAME=INT3400 The 72 6d 61 6c 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 rmal.kkkkkkkkkk. backtrace: [
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48923 – btrfs: prevent copying too big compressed lzo segment
https://notcve.org/view.php?id=CVE-2022-48923
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: prevent copying too big compressed lzo segment Compressed length can be corrupted to be a lot larger than memory we have allocated for buffer. This will cause memcpy in copy_compressed_segment to write outside of allocated memory. This mostly results in stuck read syscall but sometimes when using btrfs send can get #GP kernel: general protection fault, probably for non-canonical address 0x841551d5c1000: 0000 [#1] PREEMPT SMP NOPTI ke... • https://git.kernel.org/stable/c/8df508b7a44cd8110c726057cd28e8f8116885eb •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48920 – btrfs: get rid of warning on transaction commit when using flushoncommit
https://notcve.org/view.php?id=CVE-2022-48920
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from __writeback_inodes_sb_nr(): $ cat fs/fs-writeback.c: (...) static void __writeback_inodes_sb_nr(struct super_block *sb, ... { (...) WARN_ON(!rwsem_is_locked(&sb->s_umount)); (...) } (...) The trace produced in dmesg looks like the following: [947.473890] WARNING:... • https://git.kernel.org/stable/c/850a77c999b81dd2724efd2684068d6f90db8c16 •