4441 matches found
AZL-58986 CVE-2022-49535 affecting package kernel for versions less than 5.15.182.1-1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfcissueelsflogi fails and returns non-zero status, the node reference count is decremented to trigger the release of the nodelist structure...
DEBIAN-CVE-2022-49535
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfcissueelsflogi fails and returns non-zero status, the node reference count is decremented to trigger the release of the nodelist structure...
AZL-68681 CVE-2022-49469 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix anondev leak in createsubvol When btrfsqgroupinherit, btrfsalloctreeblock, or btrfsinsertroot fail in createsubvol, we return without freeing anondev. Reorganize the error handling in createsubvol to fix this...
DEBIAN-CVE-2022-49390
In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev Create a new macsec device but not get reference to realdev. That can not ensure that realdev is freed after macsec. That will trigger the UAF bug for realdev as following:...
DEBIAN-CVE-2022-49285
In the Linux kernel, the following vulnerability has been resolved: iio: accel: mma8452: use the correct logic to get mma8452data The original logic to get mma8452data is wrong, the dev point to the device belong to iiodev. we can't use this dev to find the correct i2cclient. The original logic...
DEBIAN-CVE-2022-49258
In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cccipherexit kfreesensitivectxp-user.key will free the ctxp-user.key. But ctxp-user.key is still used in the next line, which will lead to a use after free. We can call kfreesensitive after...
UBUNTU-CVE-2022-49310
In the Linux kernel, the following vulnerability has been resolved: char: xillybus: fix a refcount leak in cleanupdev usbgetdev is called in xillyusbprobe. So it is better to call usbputdev before xdev is released...
UBUNTU-CVE-2022-49424
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer dereference when printing devname When larbdev is NULL in the case I hit, the node is incorrectly set iommus = , it will cause devicelinkadd fail and kernel crashes when we try to print...
UBUNTU-CVE-2022-49390
In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev Create a new macsec device but not get reference to realdev. That can not ensure that realdev is freed after macsec. That will trigger the UAF bug for realdev as following:...
UBUNTU-CVE-2022-49535
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfcissueelsflogi fails and returns non-zero status, the node reference count is decremented to trigger the release of the nodelist structure...
UBUNTU-CVE-2022-49270
In the Linux kernel, the following vulnerability has been resolved: dm: fix use-after-free in dmcleanupzoneddev dmcleanupzoneddev uses queue, so it must be called before blkcleanupdisk starts its killing: blkcleanupdisk-blkcleanupqueue-kobjectput-blkreleasequeue-...
UBUNTU-CVE-2022-49215
In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. The current xsk unbind code in xskunbinddev starts by setting xs-state to XSKUNBOUND, sets xs-dev to...
UBUNTU-CVE-2022-49046
In the Linux kernel, the following vulnerability has been resolved: i2c: dev: check return value when calling devsetname If devsetname fails, the devname is null, check the return value of devsetname to avoid the null-ptr-deref...
CVE-2022-49535 scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfcissueelsflogi fails and returns non-zero status, the node reference count is decremented to trigger the release of the nodelist structure...
CVE-2022-49477 ASoC: samsung: Fix refcount leak in aries_audio_probe
In the Linux kernel, the following vulnerability has been resolved: ASoC: samsung: Fix refcount leak in ariesaudioprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when done. If extconfindedevbynode fails, it doesn't call ofnodeput Calling...
CVE-2022-49060 net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereference in smcpnetfindib devname was called with dev.parent as argument but without to NULL-check it before. Solve this by checking the pointer before the call to devname...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a null pointer dereference due to unchecked devsetname return values...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a reference count leak in the cleanupdev function of the xillybus driver...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference when printing devname in the mediatek iommu module...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a devwake warning in mhipmdisabletransition...