CVE-2022-50094

In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions tracespmiwritebegin and tracespmireadend both call memcpy with a length of "len + 1". This leads to one extra byte being read beyond the end of the specified...

CVE-2022-50198

In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix refcount leak in omap3xxxprmlateinit offindmatchingnode returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

CVE-2022-50213

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not allow SETID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set ma...

CVE-2022-49943

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix obscure lockdep violation for udcmutex A recent commit expanding the scope of the udclock mutex in the gadget core managed to cause an obscure and slightly bizarre lockdep violation. In abbreviated form:...

CVE-2022-50080

In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in registershmhelper With special lengths supplied by user space, registershmhelper has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This causes...

CVE-2022-50196

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ocmem: Fix refcount leak in ofgetocmem ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak. ofnodeput will...

CVE-2022-49975

In the Linux kernel, the following vulnerability has been resolved: bpf: Don't redirect packets with invalid pktlen Syzbot found an issue 1: fqcodeldrop try to drop a flow whitout any skbs, that is, the flow-head is null. The root cause, as the 2 says, is because that bpfprogtestrunskb run a bpf...

CVE-2022-50007

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix refcount leak in xfrmpolicycheck The issue happens on an error path in xfrmpolicycheck. When the fetching process of the object pols1 fails, the function simply returns 0, forgetting to decrement the reference count of...

CVE-2022-50078

In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs While playing with event probes eprobes, I tried to see what would happen if I attempted to retrieve the instruction pointer %rip knowing that event probes do not...

CVE-2022-50197

In the Linux kernel, the following vulnerability has been resolved: cpufreq: zynq: Fix refcount leak in zynqgetrevision offindcompatiblenode returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...

CVE-2022-50173

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case. Otherwise, we could have hit contention yet still returned 0. Fixes an issue that the new CONFIGDRMDEBUGMODESETLOCK stu...

CVE-2022-49983

In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set the DMA mask for the udmabuf device v2 If the DMA mask is not set explicitly, the following warning occurs when the userspace tries to access the dma-buf via the CPU as reported by syzbot here: WARNING: CPU: 1 PID:...

CVE-2022-50231

In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/poly1305 - fix a read out-of-bound A kasan error was reported during fuzzing: BUG: KASAN: slab-out-of-bounds in neonpoly1305blocks.constprop.0+0x1b4/0x250 poly1305neon Read of size 4 at addr ffff0010e293f010 by task...

CVE-2022-50218

In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028remove The driver use the non-managed form of the register function in isl29028remove. To keep the release order as mirroring the ordering in probe, the driver should use non-manag...

CVE-2022-50211

In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10removedisk when running the lvm test lvconvert-raid-reshape.sh. We fix this warning by verifying that the value "number" is valid. BUG: KASAN: slab-out-of-bounds in...

CVE-2022-50190

In the Linux kernel, the following vulnerability has been resolved: spi: Fix simplification of devmspiregistercontroller This reverts commit 59ebbe40fb51 "spi: simplify devmspiregistercontroller". If devmaddaction fails in devmaddactionorreset, devmspiunregister will be called, it decreases the...

CVE-2022-50185

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix potential buffer overflow in nisetmcspecialregisters The last case label can write two buffers 'mcregaddressj' and 'mcdataj' with 'j' offset equal to SMCNISLANDSMCREGISTERARRAYSIZE since there are no checks for th...

CVE-2022-50181

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cacheent' could be set NULL inside virtiogpucmdgetcapset and it will lead to a NULL dereference by a lately use of it i.e., ptr = cacheent-capscache. Fix it with a NULL...

CVE-2022-50179

In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9khifusbrxcb Syzbot reported use-after-free Read in ath9khifusbrxcb 0. The problem was in incorrect htchandle-drvpriv initialization. Probable call trace which can trigger use-after-free:...

CVE-2022-50164

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double listadd at iwlmvmmacwaketxqueue After successfull station association, if station queues are disabled for some reason, the related lists are not emptied. So if some new element is added to the list ...