1339 matches found
CVE-2022-49575 tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpthinlineartimeouts. While reading sysctltcpthinlineartimeouts, it can be changed concurrently. Thus, we need to add READONCE to its reader...
CVE-2022-49569
CVE-2022-49569 affects the bcm2835 SPI driver in the Linux kernel. When an IRQ-based transfer times out, bcm2835_spi_handle_err() could dereference ctlr->dma_tx/ctlr->dma_rx if DMA pointers are not set, due to the removal of the dma_pending flag. A fix was implemented to check that ctlr->...
CVE-2022-49565
CVE-2022-49565 concerns the Linux kernel, specifically perf/x86/intel/lbr, where unchecked MSR writes (WRMSR to 0x689) can occur due to an absent TSX quirk application when accessing LBR data. The issue manifests on systems with LBR_FORMAT_EIP_FLAGS2 and, if TSX is disabled, requires a quirk to a...
CVE-2022-49566 crypto: qat - fix memory leak in RSA
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak in RSA When an RSA key represented in form 2 as defined in PKCS 1 V2.1 is used, some components of the private key persist even after the TFM is released. Replace the explicit calls to free the buffe...
CVE-2022-49539 rtw89: ser: fix CAM leaks occurring in L2 reset
In the Linux kernel, the following vulnerability has been resolved: rtw89: ser: fix CAM leaks occurring in L2 reset The CAM, meaning address CAM and bssid CAM here, will get leaks during SER system error recover L2 reset process and ieee80211restarthw which is called by L2 reset process eventuall...
CVE-2022-49535
CVE-2022-49535 affects the Linux kernel SCSI lpfc path. The flaw can cause a use-after-free via premature node release when FLOGI/PLOGI handling fails or when non-zero ELS PLOGI status is processed if a dev-loss-evt work is pending. The described root cause is a premature decrementing of the ndlp...
CVE-2022-49533
In the Linux kernel, the following vulnerability has been resolved: ath11k: Change max no of active probe SSID and BSSID to fw capability The maximum number of SSIDs in a for active probe requests is currently reported as 16 WLANSCANPARAMSMAXSSID when registering the driver. The scanreqparams...
CVE-2022-49514
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173max98090devprobe Call ofnodeputplatformnode to avoid refcount leak in the error path...
CVE-2022-49496
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko If the driver support subdev mode, the parameter "dev-pm.dev" will be NULL in mtkvcodecdecremove. Kernel will crash when try to rmmod mtk-vcodec-dec.ko...
CVE-2022-49494
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: cadence: fix possible null-ptr-deref in cadencenanddtprobe It will cause null-ptr-deref when using 'res', if platformgetresource returns NULL, so move using 'res' after devmioremapresource that will check it to avoi...
CVE-2022-49493 ASoC: rt5645: Fix errorenous cleanup order
In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix errorenous cleanup order There is a logic error when removing rt5645 device as the function rt5645i2cremove first cancel the &rt5645-jackdetectwork and delete the &rt5645-btnchecktimer latter. However, since the...
CVE-2022-49480 ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe
In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-hdmi: Fix refcount leak in imxhdmiprobe offinddevicebynode takes reference, we should use putdevice to release it. when devmkzalloc fails, it doesn't have a putdevice, it will cause refcount leak. Add missing putdevice ...
CVE-2022-49470 Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: fix use-after-free at btmtksdiorecvevent We should not access skb buffer data anymore after hcirecvframe was called. 39.634809 BUG: KASAN: use-after-free in btmtksdiorecvevent+0x1b0 39.634855 Read of size 1 ...
CVE-2022-49434
In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid pcidevlock AB/BA deadlock with sriovnumvfsstore The sysfs sriovnumvfsstore path acquires the device lock before the config space access lock: sriovnumvfsstore devicelock A 1 acquire device lock sriovconfigure...
CVE-2022-49435
CVE-2022-49435 concerns the Linux kernel, in the mfd: davinci_voicecodec path. It fixes a potential null-pointer dereference in the davinci_vc_probe() flow if platform_get_resource() returns NULL. The workaround changes the code to use the resource only after devm_ioremap_resource() performs a NU...
CVE-2022-49415
In the Linux kernel, the following vulnerability has been resolved: ipmi:ipmb: Fix refcount leak in ipmiipmbprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...
CVE-2022-49400 md: Don't set mddev private to NULL in raid0 pers->free
In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers-free In normal stop process, it does like this: domdstop | mdstop pers-free; mddev-private=NULL | mdfree free mddev mdstop sets mddev-private to NULL after pers-free. The raid...
CVE-2022-49381 jffs2: fix memory leak in jffs2_do_fill_super
In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2dofillsuper If jffs2iget or dmakeroot in jffs2dofillsuper returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object...
CVE-2022-49371 driver core: fix deadlock in __device_attach
In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in deviceattach In deviceattach function, The lock holding logic is as follows: ... deviceattach devicelockdev // get lock dev asyncscheduledevdeviceattachasynchelper, dev; // func asyncschedulenode...
CVE-2022-49366
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix reference count leak in smbcheckpermdacl The issue happens in a specific path in smbcheckpermdacl. When "id" and "uid" have the same value, the function simply jumps out of the loop without decrementing the reference...