CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49144 – io_uring: fix memory leak of uid in files registration
https://notcve.org/view.php?id=CVE-2022-49144
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak of uid in files registration When there are no files for __io_sqe_files_scm() to process in the range, it'll free everything and return. However, it forgets to put uid. • https://git.kernel.org/stable/c/08a451739a9b5783f67de51e84cb6d9559bb9dc4 •
CVSS: -EPSS: 0%CPEs: 11EXPL: 0CVE-2022-49142 – net: preserve skb_end_offset() in skb_unclone_keeptruesize()
https://notcve.org/view.php?id=CVE-2022-49142
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta < len) in skb_try_coalesce() [1] I was able to root cause the issue to kfence. When kfence is in action, the following assertion is no longer true: int size = xxxx; void *ptr1 = kmalloc(size, gfp); void *ptr2 = kmalloc(size, gfp); if (ptr1 && ptr2) ASSERT(ksize(ptr1) == ksize(ptr2)); We attempted to fix these issu... • https://git.kernel.org/stable/c/097b9146c0e26aabaa6ff3e5ea536a53f5254a79 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49139 – Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
https://notcve.org/view.php?id=CVE-2022-49139
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt This event is just specified for SCO and eSCO link types. On the reception of a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE connection, LE link type and a status that triggers the second case of the packet processing a NULL pointer dereference happens, as conn->link is NULL. • https://git.kernel.org/stable/c/1c1291a84e94f6501644634c97544bb8291e9a1a •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49138 – Bluetooth: hci_event: Ignore multiple conn complete events
https://notcve.org/view.php?id=CVE-2022-49138
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Ignore multiple conn complete events When one of the three connection complete events is received multiple times for the same handle, the device is registered multiple times which leads to memory corruptions. Therefore, consequent events for a single connection are ignored. The conn->state can hold different values, therefore HCI_CONN_HANDLE_UNSET is introduced to identify new connections. To make sure the events do no... • https://git.kernel.org/stable/c/aa1ca580e3ffe62a2c5ea1c095b609b2943c5269 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49137 – drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
https://notcve.org/view.php?id=CVE-2022-49137
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj This issue takes place in an error path in amdgpu_cs_fence_to_handle_ioctl(). When `info->in.what` falls into default case, the function simply returns -EINVAL, forgetting to decrement the reference count of a dma_fence obj, which is bumped earlier by amdgpu_cs_get_fence(). This may result in reference count leaks. Fix it by decreasing the refcount of specific object before retu... • https://git.kernel.org/stable/c/72d77ddb2224ebc00648f4f78f8a9a259dccbdf7 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49135 – drm/amd/display: Fix memory leak
https://notcve.org/view.php?id=CVE-2022-49135
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak [why] Resource release is needed on the error handling path to prevent memory leak. [how] Fix this by adding kfree on the error handling path. • https://git.kernel.org/stable/c/7e10369c72db7a0e2f77b2e306aadc07aef6b07a •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49134 – mlxsw: spectrum: Guard against invalid local ports
https://notcve.org/view.php?id=CVE-2022-49134
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Guard against invalid local ports When processing events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not for the CPU port (local port 0), which exists, but does not have all the fields as any local port. This can result in a NULL pointer dereference when trying access 'struct mlxsw_sp_port' fields which are not initialized for CPU port. Commit 63b08b1... • https://git.kernel.org/stable/c/4cad27ba2e5a5843a7fab5aa30de2b8e8c3db3a8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49132 – ath11k: pci: fix crash on suspend if board file is not found
https://notcve.org/view.php?id=CVE-2022-49132
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: pci: fix crash on suspend if board file is not found Mario reported that the kernel was crashing on suspend if ath11k was not able to find a board file: [ 473.693286] PM: Suspending system (s2idle) [ 473.693291] printk: Suspending console(s) (use no_console_suspend to debug) [ 474.407787] BUG: unable to handle page fault for address: 0000000000002070 [ 474.407791] #PF: supervisor read access in kernel mode [ 474.407794] #PF: error_c... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49131 – ath11k: fix kernel panic during unload/load ath11k modules
https://notcve.org/view.php?id=CVE-2022-49131
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: fix kernel panic during unload/load ath11k modules Call netif_napi_del() from ath11k_ahb_free_ext_irq() to fix the following kernel panic when unload/load ath11k modules for few iterations. [ 971.201365] Unable to handle kernel paging request at virtual address 6d97a208 [ 971.204227] pgd = 594c2919 [ 971.211478] [6d97a208] *pgd=00000000 [ 971.214120] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 971.412024] CPU: 2 PID: 4435 Comm: i... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49130 – ath11k: mhi: use mhi_sync_power_up()
https://notcve.org/view.php?id=CVE-2022-49130
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: mhi: use mhi_sync_power_up() If amss.bin was missing ath11k would crash during 'rmmod ath11k_pci'. The reason for that was that we were using mhi_async_power_up() which does not check any errors. But mhi_sync_power_up() on the other hand does check for errors so let's use that to fix the crash. I was not able to find a reason why an async version was used. ath11k_mhi_start() (which enables state ATH11K_MHI_POWER_ON) is called from a... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d • CWE-476: NULL Pointer Dereference •