CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49447 – ARM: hisi: Add missing of_node_put after of_find_compatible_node
https://notcve.org/view.php?id=CVE-2022-49447
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: hisi: Add missing of_node_put after of_find_compatible_node of_find_compatible_node will increment the refcount of the returned device_node. Calling of_node_put() to avoid the refcount leak • https://git.kernel.org/stable/c/46cb7868811d025c3d29c10d18b3422db1cf20d5 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49440 – powerpc/rtas: Keep MSR[RI] set when calling RTAS
https://notcve.org/view.php?id=CVE-2022-49440
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Keep MSR[RI] set when calling RTAS RTAS runs in real mode (MSR[DR] and MSR[IR] unset) and in 32-bit big endian mode (MSR[SF,LE] unset). The change in MSR is done in enter_rtas() in a relatively complex way, since the MSR value could be hardcoded. Furthermore, a panic has been reported when hitting the watchdog interrupt while running in RTAS, this leads to the following stack trace: watchdog: CPU 24 Hard LOCKUP watchdog: CPU 2... • https://git.kernel.org/stable/c/5ca40fcf0da0ce2b5bc44e7d8b036535955f2e3d •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49438 – Input: sparcspkr - fix refcount leak in bbc_beep_probe
https://notcve.org/view.php?id=CVE-2022-49438
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: sparcspkr - fix refcount leak in bbc_beep_probe of_find_node_by_path() calls of_find_node_opts_by_path(), which returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. • https://git.kernel.org/stable/c/9c1a5077fdca99356c891af37931e537dea874f5 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49434 – PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
https://notcve.org/view.php?id=CVE-2022-49434
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() The sysfs sriov_numvfs_store() path acquires the device lock before the config space access lock: sriov_numvfs_store device_lock # A (1) acquire device lock sriov_configure vfio_pci_sriov_configure # (for example) vfio_pci_core_sriov_configure pci_disable_sriov sriov_disable pci_cfg_access_lock pci_wait_cfg # B (4) wait for dev->block_cfg_access == 0 Previously, pci_dev_lock... • https://git.kernel.org/stable/c/da9792920ab525b8a932aa9aeee34529ad7b83f7 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49432 – powerpc/xics: fix refcount leak in icp_opal_init()
https://notcve.org/view.php?id=CVE-2022-49432
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/xics: fix refcount leak in icp_opal_init() The of_find_compatible_node() function returns a node pointer with refcount incremented, use of_node_put() on it when done. • https://git.kernel.org/stable/c/977dbc81d0f866ef63b93c127b7404f07734b3cc •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49431 – powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
https://notcve.org/view.php?id=CVE-2022-49431
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Add missing of_node_put in iommu_init_early_dart The device_node pointer is returned by of_find_compatible_node with refcount incremented. We should use of_node_put() to avoid the refcount leak. • https://git.kernel.org/stable/c/cb4f2dc513e99c5d0485661f114e4dda73612d10 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49430 – Input: gpio-keys - cancel delayed work only in case of GPIO
https://notcve.org/view.php?id=CVE-2022-49430
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys - cancel delayed work only in case of GPIO gpio_keys module can either accept gpios or interrupts. The module initializes delayed work in case of gpios only and is only used if debounce timer is not used, so make sure cancel_delayed_work_sync() is called only when its gpio-backed and debounce_use_hrtimer is false. This fixes the issue seen below when the gpio_keys module is unloaded and an interrupt pin is used instead of G... • https://git.kernel.org/stable/c/96c460687813915dedca9dd7d04ae0e90607fd79 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49429 – RDMA/hfi1: Prevent panic when SDMA is disabled
https://notcve.org/view.php?id=CVE-2022-49429
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent panic when SDMA is disabled If the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to hfi1_write_iter() will dereference a NULL pointer and panic. A typical stack frame is: sdma_select_user_engine [hfi1] hfi1_user_sdma_process_request [hfi1] hfi1_write_iter [hfi1] do_iter_readv_writev do_iter_write vfs_writev do_writev do_syscall_64 The fix is to test for SDMA in hfi1_write_iter() and fail the I/O with EINVAL. • https://git.kernel.org/stable/c/33794e8e9bcb4affc0ebff9cdec85acc8b8a1762 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49420 – net: annotate races around sk->sk_bound_dev_if
https://notcve.org/view.php?id=CVE-2022-49420
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk->sk_bound_dev_if UDP sendmsg() is lockless, and reads sk->sk_bound_dev_if while this field can be changed by another thread. Adds minimal annotations to avoid KCSAN splats for UDP. Following patches will add more annotations to potential lockless readers. BUG: KCSAN: data-race in __ip6_datagram_connect / udpv6_sendmsg write to 0xffff888136d47a94 of 4 bytes by task 7681 on cpu 0: __ip6_datagram_connect+0x6e2/0x9... • https://git.kernel.org/stable/c/20b2f61797873a2b18b5ff1a304ad2674fa1e0a5 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49407 – dlm: fix plock invalid read
https://notcve.org/view.php?id=CVE-2022-49407
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dlm: fix plock invalid read This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plock_op" and a followed send_op() will append it to a global send_list data structure. In some cases a followed dev_read() moves it to recv_list and dev_write() will cast it to "struct plock_xop" and access fields which are only available in those structures. At this point an invalid read happens by accessing those fields. To fix ... • https://git.kernel.org/stable/c/586759f03e2e9031ac5589912a51a909ed53c30a •