CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49137 – drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
https://notcve.org/view.php?id=CVE-2022-49137
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj This issue takes place in an error path in amdgpu_cs_fence_to_handle_ioctl(). When `info->in.what` falls into default case, the function simply returns -EINVAL, forgetting to decrement the reference count of a dma_fence obj, which is bumped earlier by amdgpu_cs_get_fence(). This may result in reference count leaks. Fix it by decreasing the refcount of specific object before retu... • https://git.kernel.org/stable/c/72d77ddb2224ebc00648f4f78f8a9a259dccbdf7 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49136 – Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set
https://notcve.org/view.php?id=CVE-2022-49136
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has been set as that means hci_unregister_dev has been called so it will likely cause a uaf after the timeout as the hdev will be freed. • https://git.kernel.org/stable/c/1c69ef84a808676cceb69210addf5df45b741323 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49135 – drm/amd/display: Fix memory leak
https://notcve.org/view.php?id=CVE-2022-49135
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak [why] Resource release is needed on the error handling path to prevent memory leak. [how] Fix this by adding kfree on the error handling path. • https://git.kernel.org/stable/c/7e10369c72db7a0e2f77b2e306aadc07aef6b07a •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49134 – mlxsw: spectrum: Guard against invalid local ports
https://notcve.org/view.php?id=CVE-2022-49134
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Guard against invalid local ports When processing events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not for the CPU port (local port 0), which exists, but does not have all the fields as any local port. This can result in a NULL pointer dereference when trying access 'struct mlxsw_sp_port' fields which are not initialized for CPU port. Commit 63b08b1... • https://git.kernel.org/stable/c/4cad27ba2e5a5843a7fab5aa30de2b8e8c3db3a8 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49133 – drm/amdkfd: svm range restore work deadlock when process exit
https://notcve.org/view.php?id=CVE-2022-49133
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: svm range restore work deadlock when process exit kfd_process_notifier_release flush svm_range_restore_work which calls svm_range_list_lock_and_flush_work to flush deferred_list work, but if deferred_list work mmput release the last user, it will call exit_mmap -> notifier_release, it is deadlock with below backtrace. Move flush svm_range_restore_work to kfd_process_wq_release to avoid deadlock. Then svm_range_restore_work take ... • https://git.kernel.org/stable/c/a6be83086e91891081e0589e4b4645bf4643e897 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49132 – ath11k: pci: fix crash on suspend if board file is not found
https://notcve.org/view.php?id=CVE-2022-49132
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: pci: fix crash on suspend if board file is not found Mario reported that the kernel was crashing on suspend if ath11k was not able to find a board file: [ 473.693286] PM: Suspending system (s2idle) [ 473.693291] printk: Suspending console(s) (use no_console_suspend to debug) [ 474.407787] BUG: unable to handle page fault for address: 0000000000002070 [ 474.407791] #PF: supervisor read access in kernel mode [ 474.407794] #PF: error_c... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49131 – ath11k: fix kernel panic during unload/load ath11k modules
https://notcve.org/view.php?id=CVE-2022-49131
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: fix kernel panic during unload/load ath11k modules Call netif_napi_del() from ath11k_ahb_free_ext_irq() to fix the following kernel panic when unload/load ath11k modules for few iterations. [ 971.201365] Unable to handle kernel paging request at virtual address 6d97a208 [ 971.204227] pgd = 594c2919 [ 971.211478] [6d97a208] *pgd=00000000 [ 971.214120] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 971.412024] CPU: 2 PID: 4435 Comm: i... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49130 – ath11k: mhi: use mhi_sync_power_up()
https://notcve.org/view.php?id=CVE-2022-49130
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: mhi: use mhi_sync_power_up() If amss.bin was missing ath11k would crash during 'rmmod ath11k_pci'. The reason for that was that we were using mhi_async_power_up() which does not check any errors. But mhi_sync_power_up() on the other hand does check for errors so let's use that to fix the crash. I was not able to find a reason why an async version was used. ath11k_mhi_start() (which enables state ATH11K_MHI_POWER_ON) is called from a... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49129 – mt76: mt7921: fix crash when startup fails.
https://notcve.org/view.php?id=CVE-2022-49129
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix crash when startup fails. If the nic fails to start, it is possible that the reset_work has already been scheduled. Ensure the work item is canceled so we do not have use-after-free crash in case cleanup is called before the work item is executed. This fixes crash on my x86_64 apu2 when mt7921k radio fails to work. Radio still fails, but OS does not crash. • https://git.kernel.org/stable/c/7bc04215a66b60e198aecaee8418f6d79fa19faa •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49128 – drm/bridge: Add missing pm_runtime_put_sync
https://notcve.org/view.php?id=CVE-2022-49128
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/bridge: Add missing pm_runtime_put_sync pm_runtime_get_sync() will increase the rumtime PM counter even when it returns an error. Thus a pairing decrement is needed to prevent refcount leak. Fix this by replacing this API with pm_runtime_resume_and_get(), which will not change the runtime PM counter on error. Besides, a matching decrement is needed on the error handling path to keep the counter balanced. • https://git.kernel.org/stable/c/44cfc6233447cb2cf47aeb99457de35826a363f6 •