CVE-2022-49412

CVE-2022-49412 describes a Linux kernel vulnerability in bfq where merging two bfqq queues could occur with different parent cgroups, potentially leading to a use-after-free if the parent changes between decision to merge and bfq_setup_merge() call. The root cause is reparenting of bfqqs (e.g., d...

CVE-2022-49406 block: Fix potential deadlock in blk_ia_range_sysfs_show()

In the Linux kernel, the following vulnerability has been resolved: block: Fix potential deadlock in blkiarangesysfsshow When being read, a sysfs attribute is already protected against removal with the kobject node active reference counter. As a result, in blkiarangesysfsshow, there is no need to...

CVE-2022-49406

The CVE-2022-49406 entry is active in Linux kernel and concerns a deadlock in blk_ia_range_sysfs_show() caused by unnecessary use of the queue sysfs lock during reads. The fix, as described in the sources, is to remove the mutex_lock()/mutex_unlock() calls from blk_ia_range_sysfs_show(), since th...

CVE-2022-49406 block: Fix potential deadlock in blk_ia_range_sysfs_show()

In the Linux kernel, the following vulnerability has been resolved: block: Fix potential deadlock in blkiarangesysfsshow When being read, a sysfs attribute is already protected against removal with the kobject node active reference counter. As a result, in blkiarangesysfsshow, there is no need to...

CVE-2022-49394 blk-iolatency: Fix inflight count imbalances and IO hangs on offline

In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per cgroup. As this tracking can be expensive, it is disabled when no cgroup has iolatency configured for th...

CVE-2022-49394

The CVE-2022-49394 entry describes a Linux kernel vulnerability in blk-iolatency where inflight IO counters could become imbalanced and IOs hang when a cgroup with iolatency is offline or disabled. The root cause is that enabled counters could be manipulated in iolatency_set_limit() and iolatency...

CVE-2022-49377

CVE-2022-49377 is a Linux kernel vulnerability in the block multi-queue (blk-mq) path. The root cause was a use-after-free involving ->tagset during blk_mq_run_hw_queues, when there were no queued requests and the tagset could be freed after blk_cleanup_queue. The fix disables touching tagset ...

CVE-2022-49377

In the Linux kernel, the following vulnerability has been resolved: blk-mq: don't touch -tagset in blkmqgetsqhctx blkmqrunhwqueues could be run when there isn't queued request and after queue is cleaned up, at that time tagset is freed, because tagset lifetime is covered by driver, and often free...

CVE-2022-49371 driver core: fix deadlock in __device_attach

In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in deviceattach In deviceattach function, The lock holding logic is as follows: ... deviceattach devicelockdev // get lock dev asyncscheduledevdeviceattachasynchelper, dev; // func asyncschedulenode...

CVE-2022-49344 af_unix: Fix a data-race in unix_dgram_peer_wake_me().

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix a data-race in unixdgrampeerwakeme. unixdgrampoll calls unixdgrampeerwakeme without other's lock held and check if its receive queue is full. Here we need to use unixrecvqfulllockless instead of unixrecvqfull, otherwi...

CVE-2022-49312 staging: rtl8712: fix a potential memory leak in r871xu_drv_init()

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix a potential memory leak in r871xudrvinit In r871xudrvinit, if r8712initdrvsw fails, then the memory allocated by r8712allocioqueue in r8712usbdvobjinit is not properly released as there is no action will be...

CVE-2022-49257 watch_queue: Fix NULL dereference in error cleanup

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Fix NULL dereference in error cleanup In watchqueuesetsize, the error cleanup code doesn't take account of the fact that freepage can't handle a NULL pointer when trying to free up buffer pages that did get allocated...

CVE-2022-49256

CVE-2022-49256 : In the Linux kernel, the watch_queue memory leak occurs because free_watch() forgets to free the watch object. The fix adds the missing kfree to actually free the watch and prevent the leak (kmemleak reports show an unreferenced object and backtraces through keyctl_watch_key and ...

CVE-2022-49256

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Actually free the watch freewatch does everything barring actually freeing the watch object. Fix this by adding the missing kfree. kmemleak produces a report something like the following. Note that as an address can b...

CVE-2022-49209 bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcpbpfsendmsg while sk msg is full If tcpbpfsendmsg is running while sk msg is full. When skmsgalloc returns -ENOMEM error, tcpbpfsendmsg goes to waitformemory. If partial memory has been alloced by...

CVE-2022-49207 bpf, sockmap: Fix memleak in sk_psock_queue_msg

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in skpsockqueuemsg If tcpbpfsendmsg is running during a tear down operation we may enqueue data on the ingress msg queue while tear down is trying to free it. sk1 redirect sk2 sk2 -------------------...

CVE-2022-49148 watch_queue: Free the page array when watch_queue is dismantled

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Free the page array when watchqueue is dismantled Commit 7ea1a0124b6d "watchqueue: Free the alloc bitmap when the watchqueue is torn down" took care of the bitmap, but not the page array. BUG: memory leak unreferenced...

CVE-2022-49148 watch_queue: Free the page array when watch_queue is dismantled

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Free the page array when watchqueue is dismantled Commit 7ea1a0124b6d "watchqueue: Free the alloc bitmap when the watchqueue is torn down" took care of the bitmap, but not the page array. BUG: memory leak unreferenced...

CVE-2022-49148

The CVE-2022-49148 entry concerns a Linux kernel vulnerability where, during dismantling of watch_queue, the page array was not freed, leaving a memory leak. The issue was addressed by a patch sequence that first frees the alloc bitmap when tearing down watch_queue (commit 7ea1a0124b6d) and then ...

CVE-2022-49126 scsi: mpi3mr: Fix memory leaks

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix memory leaks Fix memory leaks related to operational reply queue's memory segments which are not getting freed while unloading the driver...