CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49535 – scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
https://notcve.org/view.php?id=CVE-2022-49535
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfc_issue_els_flogi() fails and returns non-zero status, the node reference count is decremented to trigger the release of the nodelist structure. However, if there is a prior registration or dev-loss-evt work pending, the node may be released prematurely. When dev-loss-evt completes, the released node is referenced causing a use-after-free null pointer dere... • https://git.kernel.org/stable/c/10663ebec0ad5c78493a0dd34c9ee4d73d7ca0df •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49534 – scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
https://notcve.org/view.php?id=CVE-2022-49534
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s login_mbox). Check if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(), and then free it back to phba->mbox_mem_pool along with mbox->ctx_buf for service parameters. For lpfc_els_rsp_reject() failure, free both the ctx_... • https://git.kernel.org/stable/c/c00df0f34a6d5e14da379f96ea67e501ce67b002 •
CVSS: 6.5EPSS: %CPEs: 9EXPL: 0CVE-2022-49532 – drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
https://notcve.org/view.php?id=CVE-2022-49532
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: [ 168.567394] FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 [ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1 [ 168.567406] Hardware name... • https://git.kernel.org/stable/c/e0828456578cc8ba0a69147f7ae3428392eec287 •
CVSS: 5.6EPSS: %CPEs: 2EXPL: 0CVE-2022-49531 – loop: implement ->free_disk
https://notcve.org/view.php?id=CVE-2022-49531
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: implement ->free_disk Ensure that the lo_device which is stored in the gendisk private data is valid until the gendisk is freed. Currently the loop driver uses a lot of effort to make sure a device is not freed when it is still in use, but to to fix a potential deadlock this will be relaxed a bit soon. In the Linux kernel, the following vulnerability has been resolved: loop: implement ->free_disk Ensure that the lo_device which is sto... • https://git.kernel.org/stable/c/aadd1443aae7fe8956e3b11157827067f034406a •
CVSS: 7.8EPSS: %CPEs: 9EXPL: 0CVE-2022-49530 – drm/amd/pm: fix double free in si_parse_power_table()
https://notcve.org/view.php?id=CVE-2022-49530
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix double free in si_parse_power_table() In function si_parse_power_table(), array adev->pm.dpm.ps and its member is allocated. If the allocation of each member fails, the array itself is freed and returned with an error code. However, the array is later freed again in si_dpm_fini() function which is called when the function returns an error. This leads to potential double free of the array adev->pm.dpm.ps, as well as leak of i... • https://git.kernel.org/stable/c/2615464854505188f909d0c07c37a6623693b5c7 •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49529 – drm/amdgpu/pm: fix the null pointer while the smu is disabled
https://notcve.org/view.php?id=CVE-2022-49529
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: fix the null pointer while the smu is disabled It needs to check if the pp_funcs is initialized while release the context, otherwise it will trigger null pointer panic while the software smu is not enabled. [ 1109.404555] BUG: kernel NULL pointer dereference, address: 0000000000000078 [ 1109.404609] #PF: supervisor read access in kernel mode [ 1109.404638] #PF: error_code(0x0000) - not-present page [ 1109.404657] PGD 0 P4D 0 ... • https://git.kernel.org/stable/c/49ec3441aa5e5940f3e82dd2f0205b9c856e399d •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49528 – media: i2c: dw9714: Disable the regulator when the driver fails to probe
https://notcve.org/view.php?id=CVE-2022-49528
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: i2c: dw9714: Disable the regulator when the driver fails to probe When the driver fails to probe, we will get the following splat: [ 59.305988] ------------[ cut here ]------------ [ 59.306417] WARNING: CPU: 2 PID: 395 at drivers/regulator/core.c:2257 _regulator_put+0x3ec/0x4e0 [ 59.310345] RIP: 0010:_regulator_put+0x3ec/0x4e0 [ 59.318362] Call Trace: [ 59.318582]
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49527 – media: venus: hfi: avoid null dereference in deinit
https://notcve.org/view.php?id=CVE-2022-49527
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venus_probe fails at pm_runtime_put_sync the error handling first calls hfi_destroy and afterwards hfi_core_deinit. As hfi_destroy sets core->ops to NULL, hfi_core_deinit cannot call the core_deinit function anymore. Avoid this null pointer derefence by skipping the call when necessary. In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null der... • https://git.kernel.org/stable/c/2533acb652359c9e097dfa33587896af782e8a91 •
CVSS: 6.6EPSS: %CPEs: 7EXPL: 0CVE-2022-49526 – md/bitmap: don't set sb values if can't pass sanity check
https://notcve.org/view.php?id=CVE-2022-49526
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: md/bitmap: don't set sb values if can't pass sanity check If bitmap area contains invalid data, kernel will crash then mdadm triggers "Segmentation fault". This is cluster-md speical bug. In non-clustered env, mdadm will handle broken metadata case. In clustered array, only kernel space handles bitmap slot info. But even this bug only happened in clustered env, current sanity check is wrong, the code should be changed. How to trigger: (faul... • https://git.kernel.org/stable/c/422e8f7ba1e08c8e0e88d375bcb550bc2bbfe96d •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2022-49525 – media: cx25821: Fix the warning when removing the module
https://notcve.org/view.php?id=CVE-2022-49525
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix the warning when removing the module When removing the module, we will get the following warning: [ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least 'cx25821[1]' [ 14.747449] WARNING: CPU: 4 PID: 368 at fs/proc/generic.c:717 remove_proc_entry+0x389/0x3f0 [ 14.751611] RIP: 0010:remove_proc_entry+0x389/0x3f0 [ 14.759589] Call Trace: [ 14.759792]