CVE-2022-48934 – nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
https://notcve.org/view.php?id=CVE-2022-48934
In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX) inclusive. So NFP_MAX_MAC_INDEX (0xff) is a valid id. In order for the error handling path to work correctly, the 'invalid' value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range, inclusive. So set it to -1. • https://git.kernel.org/stable/c/20cce88650981ec504d328dbbdd004d991eb8535 https://git.kernel.org/stable/c/5ad5886f85b6bd893e3ed19013765fb0c243c069 https://git.kernel.org/stable/c/af4bc921d39dffdb83076e0a7eed1321242b7d87 https://git.kernel.org/stable/c/9d8097caa73200710d52b9f4d9f430548f46a900 https://git.kernel.org/stable/c/4086d2433576baf85f0e538511df97c8101e0a10 https://git.kernel.org/stable/c/3a14d0888eb4b0045884126acc69abfb7b87814d •
CVE-2022-48933 – netfilter: nf_tables: fix memory leak during stateful obj update
https://notcve.org/view.php?id=CVE-2022-48933
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The ->init function was called for this object, so plain kfree() leaks resources. We must call ->destroy function of the object. nft_obj_destroy does this, but it also decrements the module refcount, but the update path doesn't increment it. To avoid special-casing the update object release, do module_get for the update case too and release it via nft_obj_destroy(). • https://git.kernel.org/stable/c/d62d0ba97b5803183e70cfded7f7b9da76893bf5 https://git.kernel.org/stable/c/53026346a94c43f35c32b18804041bc483271d87 https://git.kernel.org/stable/c/7e9880e81d3fd6a43c202f205717485290432826 https://git.kernel.org/stable/c/e96e204ee6fa46702f6c94c3c69a09e69e0eac52 https://git.kernel.org/stable/c/34bb90e407e3288f610558beaae54ecaa32b11c4 https://git.kernel.org/stable/c/dad3bdeef45f81a6e90204bcc85360bb76eccec7 •
CVE-2022-48931 – configfs: fix a race in configfs_{,un}register_subsystem()
https://notcve.org/view.php?id=CVE-2022-48931
In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes add or delete list concurrently. Some unfortunate interleavings of them can cause kernel panic. One of cases is: A --> B --> C --> D A <-- B <-- C <-- D delete list_head *B | delete list_head *C --------------------------------|----------------------------------- configfs_unregister_subsystem | configfs_unregister_subsystem unlink_group | unlink_group unlink_obj | unlink_obj list_del_init | list_del_init __list_del_entry | __list_del_entry __list_del | __list_del // next == C | next->prev = prev | | next->prev = prev prev->next = next | | // prev == B | prev->next = next Fix this by adding mutex when calling link_group() or unlink_group(), but parent configfs_subsystem is NULL when config_item is root. So I create a mutex configfs_subsystem_mutex. • https://git.kernel.org/stable/c/7063fbf2261194f72ee75afca67b3b38b554b5fa https://git.kernel.org/stable/c/40805099af11f68c5ca7dbcfacf455da8f99f622 https://git.kernel.org/stable/c/d1654de19d42f513b6cfe955cc77e7f427e05a77 https://git.kernel.org/stable/c/a37024f7757c25550accdebf49e497ad6ae239fe https://git.kernel.org/stable/c/b7e2b91fcb5c78c414e33dc8d50642e307ca0c5a https://git.kernel.org/stable/c/a7ab53d3c27dfe83bb594456b9f38a37796ec39b https://git.kernel.org/stable/c/e7a66dd2687758718eddd79b542a95cf3aa488cc https://git.kernel.org/stable/c/3aadfd46858b1f64d4d6a0654b863e21a •
CVE-2022-48930 – RDMA/ib_srp: Fix a deadlock
https://notcve.org/view.php?id=CVE-2022-48930
In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync() • https://git.kernel.org/stable/c/ef6c49d87c3418c442a22e55e3ce2f91b163d69e https://git.kernel.org/stable/c/8cc342508f9e7fdccd2e9758ae9d52aff72dab7f https://git.kernel.org/stable/c/4752fafb461821f8c8581090c923ababba68c5bd https://git.kernel.org/stable/c/d7997d19dfa7001ca41e971cd9efd091bb195b51 https://git.kernel.org/stable/c/901206f71e6ad2b2e7accefc5199a438d173c25f https://git.kernel.org/stable/c/99eb8d694174c777558dc902d575d1997d5ca650 https://git.kernel.org/stable/c/c8b56e51aa91b8e7df3a98388dce3fdabd15c1d4 https://git.kernel.org/stable/c/98d056603ce55ceb90631b3927151c190 •
CVE-2022-48928 – iio: adc: men_z188_adc: Fix a resource leak in an error handling path
https://notcve.org/view.php?id=CVE-2022-48928
In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is left unbalanced. Update the error handling path and add the missing iounmap() call, as already done in the remove function. • https://git.kernel.org/stable/c/74aeac4da66fbfa246edbfc849002eac9b5af9ca https://git.kernel.org/stable/c/0f88722313645a903f4d420ba61ddc690ec2481d https://git.kernel.org/stable/c/c5723b422f564af15f2e3bc0592fd6376a0a6c45 https://git.kernel.org/stable/c/53d43a9c8dd224e66559fe86af1e473802c7130e https://git.kernel.org/stable/c/ce1076b33e299dc8d270e4450a420a18bfb3e190 https://git.kernel.org/stable/c/1aa12ecfdcbafebc218910ec47acf6262e600cf5 https://git.kernel.org/stable/c/fe73477802981bd0d0d70f2b22f109bcca801bdb https://git.kernel.org/stable/c/d6ed5426a7fad36cf928c244483ba24e7 •