CVE-2022-49400 md: Don't set mddev private to NULL in raid0 pers->free

In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers-free In normal stop process, it does like this: domdstop | mdstop pers-free; mddev-private=NULL | mdfree free mddev mdstop sets mddev-private to NULL after pers-free. The raid...

CVE-2022-49381 jffs2: fix memory leak in jffs2_do_fill_super

In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2dofillsuper If jffs2iget or dmakeroot in jffs2dofillsuper returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object...

CVE-2022-49374 tipc: check attribute length for bearer name

In the Linux kernel, the following vulnerability has been resolved: tipc: check attribute length for bearer name syzbot reported uninit-value: ===================================================== BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:644 inline BUG: KMSAN: uninit-value in...

CVE-2022-49371 driver core: fix deadlock in __device_attach

In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in deviceattach In deviceattach function, The lock holding logic is as follows: ... deviceattach devicelockdev // get lock dev asyncscheduledevdeviceattachasynchelper, dev; // func asyncschedulenode...

CVE-2022-49366

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix reference count leak in smbcheckpermdacl The issue happens in a specific path in smbcheckpermdacl. When "id" and "uid" have the same value, the function simply jumps out of the loop without decrementing the reference...

CVE-2022-49364

CVE-2022-49364 : In the Linux kernel, a f2fs inode eviction bug was fixed. The root cause is that the inode node and the dnode share the same nid, causing dnode truncation to invalidate the NAT entry during f2fs_evict_inode() and leaving the inode marked dirty. The fix clears the dirty flag on th...

CVE-2022-49316

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr. The...

CVE-2021-47659

CVE-2021-47659 affects the Linux kernel DRM plane path. The vulnerability arises because the range check for format_count is performed late in __drm_universal_plane_init(); if format_count > 64 yields a WARN_ON, it can leak the plane->format_types array and skip drm_mode_object_unregister()...

CVE-2022-49287

CVE-2022-49287 concerns a Linux kernel refcount issue in tpm_chip handling that can trigger a use-after-free when interacting with TPM devices. The description details a sequence where a TPM command is written to /dev/tpmrm after unloading tpm_tis_spi, causing a refcount warning: refcount_t: addi...

CVE-2022-49288 ALSA: pcm: Fix races among concurrent prealloc proc writes

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the...

CVE-2022-49244 ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192mt6359devprobe The devicenode pointer is returned by ofparsephandle with refcount incremented. We should use ofnodeput on it when done. This function only calls ofnodeput...

CVE-2022-49202

CVE-2022-49202 concerns a missing NULL check in Linux kernel Bluetooth hci_uart path (h5_enqueue), where a Syzbot general protection fault occurred in __pm_runtime_resume() due to blindly passing a possibly NULL serdev pointer (hu->serdev). The issue could lead to GPF if hu->serdev is NULL....

CVE-2022-49201 ibmvnic: fix race between xmit and reset

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnicxmit accessing an scrq after it has been freed in the reset path. It can result in a crash like: Kernel attempt...

CVE-2022-49198 mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix crash due to tcptsortedanchor was initialized before release skb Got crash when doing pressure test of mptcp: =========================================================================== dstrelease: dst:ffffa06ce6e5c058...

CVE-2022-49192

In the Linux kernel, the following vulnerability has been resolved: drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool cpswethtoolbegin directly returns the result of pmruntimegetsync when successful. pmruntimegetsync returns -error code on failure and 0 on successful...

CVE-2022-49180 LSM: general protection fault in legacy_parse_param

In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular...

CVE-2022-49180

In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular...

CVE-2022-49170

CVE-2022-49170 concerns the F2FS implementation in the Linux kernel. The root cause was a missing sanity check on curseg->alloc_type, which could widen an array-bounds access of sbi->block_count[] (UBSAN: array-index-out-of-bounds) when mounting/operating a corrupted image. The issue manife...

CVE-2022-49167

The CVE-2022-49167 entry concerns a Linux kernel issue in btrfs where the compression path could cause a bio to be completed twice on error. The connected documents describe the root cause as the path that handles compressed reads potentially ending the bio both in the compression path and again ...

CVE-2022-49161 ASoC: mediatek: Fix error handling in mt8183_da7219_max98357_dev_probe

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8183da7219max98357devprobe The devicenode pointer is returned by ofparsephandle with refcount incremented. We should use ofnodeput on it when done. This function only calls ofnodeput in the...