CVSS: 5.6EPSS: %CPEs: 5EXPL: 0CVE-2022-49555 – Bluetooth: hci_qca: Use del_timer_sync() before freeing
https://notcve.org/view.php?id=CVE-2022-49555
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Use del_timer_sync() before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggered by code calling del_timer() instead of del_timer_sync() just before freeing. One possible culprit is the hci_qca driver, which does exactly that. Eric mentioned that wake_retrans_timer could be rearmed via the work queue, so also mo... • https://git.kernel.org/stable/c/0ff252c1976da5d80db1377eb39b551931e61826 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2022-49546 – x86/kexec: fix memory leak of elf header buffer
https://notcve.org/view.php?id=CVE-2022-49546
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xffffc900002a9000 (size 4096): comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s) hex dump (first 32 bytes): 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............ 04 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 ..>............. backtrace: [<0000000016a8ef9f>] __vmalloc_node_range+0x101/0x170 [<000000002b66b6c0>] __v... • https://git.kernel.org/stable/c/8765a423a87d74ef24ea02b43b2728fe4039f248 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2022-49545 – ALSA: usb-audio: Cancel pending work at closing a MIDI substream
https://notcve.org/view.php?id=CVE-2022-49545
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For fixing the race, make sure to cancel the pending work at closing. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB M... • https://git.kernel.org/stable/c/40bdb5ec957aca5c5c1924602bef6b0ab18e22d3 •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2022-49544 – ipw2x00: Fix potential NULL dereference in libipw_xmit()
https://notcve.org/view.php?id=CVE-2022-49544
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference • https://git.kernel.org/stable/c/1ff6b0727c8988f25eeb670b6c038c1120bb58dd •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2022-49542 – scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()
https://notcve.org/view.php?id=CVE-2022-49542
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() In an attempt to log message 0126 with LOG_TRACE_EVENT, the following hard lockup call trace hangs the system. Call Trace: _raw_spin_lock_irqsave+0x32/0x40 lpfc_dmp_dbg.part.32+0x28/0x220 [lpfc] lpfc_cmpl_els_fdisc+0x145/0x460 [lpfc] lpfc_sli_cancel_jobs+0x92/0xd0 [lpfc] lpfc_els_flush_cmd+0x43c/0x670 [lpfc] lpfc_els_flush_all_cmd+0x37/0x60 [lpfc] lpfc_sli4_async_event_pro... • https://git.kernel.org/stable/c/271725e4028559ae7974d762a8467dc9de412f2e •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2022-49541 – cifs: fix potential double free during failed mount
https://notcve.org/view.php?id=CVE-2022-49541
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799 • https://git.kernel.org/stable/c/ce0008a0e410cdd95f0d8cd81b2902ec10a660c4 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2022-49540 – rcu-tasks: Fix race in schedule and flush work
https://notcve.org/view.php?id=CVE-2022-49540
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix race in schedule and flush work While booting secondary CPUs, cpus_read_[lock/unlock] is not keeping online cpumask stable. The transient online mask results in below calltrace. [ 0.324121] CPU1: Booted secondary processor 0x0000000001 [0x410fd083] [ 0.346652] Detected PIPT I-cache on CPU2 [ 0.347212] CPU2: Booted secondary processor 0x0000000002 [0x410fd083] [ 0.377255] Detected PIPT I-cache on CPU3 [ 0.377823] CPU3: Booted ... • https://git.kernel.org/stable/c/1c6c3f2336642fb3074593911f5176565f47ec41 •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49539 – rtw89: ser: fix CAM leaks occurring in L2 reset
https://notcve.org/view.php?id=CVE-2022-49539
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtw89: ser: fix CAM leaks occurring in L2 reset The CAM, meaning address CAM and bssid CAM here, will get leaks during SER (system error recover) L2 reset process and ieee80211_restart_hw() which is called by L2 reset process eventually. The normal flow would be like -> add interface (acquire 1) -> enter ips (release 1) -> leave ips (acquire 1) -> connection (occupy 1) <(A) 1 leak after L2 reset if non-sec connection> The ieee80211_restart_... • https://git.kernel.org/stable/c/f6aff772c9978844529618d86aafb53e5d3ae161 •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2022-49538 – ALSA: jack: Access input_dev under mutex
https://notcve.org/view.php?id=CVE-2022-49538
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_report, which causes NULL pointer dereference. In order to prevent this serialize access to input_dev using mutex lock. In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_repo... • https://git.kernel.org/stable/c/74bab3bcf422593c582e47130aa8eb41ebb2dc09 •
CVSS: 7.1EPSS: %CPEs: 4EXPL: 0CVE-2022-49537 – scsi: lpfc: Fix call trace observed during I/O with CMF enabled
https://notcve.org/view.php?id=CVE-2022-49537
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smp_processor_id() in preemptible code: systemd-udevd/31711 kernel: caller is lpfc_update_cmf_cmd+0x214/0x420 [lpfc] kernel: CPU: 12 PID: 31711 Comm: systemd-udevd kernel: Call Trace: kernel: