CVE-2022-49592 net: stmmac: fix dma queue left shift overflow issue

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTLRXQDMAMAP1. If CONFIGUBSAN is enabled, kernel dumps below warning...

CVE-2022-49592

CVE-2022-49592 affects the Linux kernel driver net/stmmac: a left-shift overflow in MTL_RXQ_DMA_MAP1 occurs when the number of TX/RX queues exceeds four, due to a 32‑bit mask calculation. UBSAN reports show a shift-out-of-bounds during UBSAN checks, leading to a potential warning path in dwmac4_c...

CVE-2022-49583 iavf: Fix handling of dummy receive descriptors

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix handling of dummy receive descriptors Fix memory leak caused by not handling dummy receive descriptor properly. iavfgetrxbuffer now sets the rxbuffer return value for dummy receive descriptors. Without this patch, when...

CVE-2022-49554 zsmalloc: fix races between asynchronous zspage free and page migration

In the Linux kernel, the following vulnerability has been resolved: zsmalloc: fix races between asynchronous zspage free and page migration The asynchronous zspage free worker tries to lock a zspage's entire page list without defending against page migration. Since pages which haven't yet been...

CVE-2022-49541

The CVE-2022-49541 issue is a Linux kernel CIFS vulnerability: a potential double free during a failed mount. It is classed as HIGH severity (LOCAL access, LOW attack complexity) with impact to confidentiality, integrity, and availability as per the CVSS metrics. Connected advisories (SUSE/RHEL-r...

CVE-2022-49522

CVE-2022-49522 concerns a Linux kernel MMC driver issue (mmc: jz4740) where DMA maps could exceed the DMA engine’s capabilities. The root cause is not a research-level flaw but an inadequate limit on the maximum segment size for DMA data transfers. The fix enforces DMA engine limits on the jz4740...

CVE-2022-49507

CVE-2022-49507 affects the Linux kernel regulator driver for the da9121 (regulator/da9121-regulator.c). The issue arises when da9121_assign_chip_model() accesses regmap without it being initialized due to an invalid chip->subvariant_id (set to -EINVAL by a malformed device tree). This leads to...

CVE-2022-49471 rtw89: cfo: check mac_id to avoid out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: rtw89: cfo: check macid to avoid out-of-bounds Somehow, hardware reports incorrect macid and pollute memory. Check index before we access the array. UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23 index 188 is out of rang...

CVE-2022-49429

CVE-2022-49429 affects the Linux kernel’s RDMA/hfi1 subsystem. When the hfi1 module is loaded with SDMA disabled (HFI1_CAP_SDMA off), a call to hfi1_write_iter() can dereference a NULL pointer, causing a kernel panic through the I/O path (sdma_select_user_engine → hfi1_user_sdma_process_request →...

CVE-2022-49418 NFSv4: Fix free of uninitialized nfs4_label on referral lookup.

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix free of uninitialized nfs4label on referral lookup. Send along the already-allocated fattr along with nfs4fslocations, and drop the memcpy of fattr. We end up growing two more allocations, but this fixes up a crash as:...

CVE-2022-49418

The CVE affects the Linux kernel in NFSv4 handling, where an uninitialized nfs4_label could be freed during referral lookup, leading to a crash. The fix reuses the already-allocated fattr with nfs4_fs_locations and drops the memcpy of fattr, avoiding two extra allocations and preventing the crash...

CVE-2022-49390 macsec: fix UAF bug for real_dev

In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev Create a new macsec device but not get reference to realdev. That can not ensure that realdev is freed after macsec. That will trigger the UAF bug for realdev as following:...

CVE-2022-49376 scsi: sd: Fix potential NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix potential NULL pointer dereference If sdprobe sees an early error before sdkp-device is initialized, sdzbcreleasedisk is called. This causes a NULL pointer dereference when sdiszoned is called inside that function...

CVE-2022-49356

CVE-2022-49356 concerns a Linux kernel SUNRPC vulnerability where RDMA segment overflows could occur if svc_rdma_build_writes() walks past a Write chunk’s segment array. The fixed commit prevents walking off the end of the array and was validated with KASAN. The description notes the pre-fix test...

CVE-2022-49320 dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type

In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmpdma: In struct zynqmpdmachan fix descsize data type In zynqmpdmaalloc/freechanresources functions there is a potential overflow in the below expressions. dmaalloccoherentchan-dev, 2 chan-descsize ZYNQMPDMANUMDESC...

CVE-2022-49310 char: xillybus: fix a refcount leak in cleanup_dev()

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: fix a refcount leak in cleanupdev usbgetdev is called in xillyusbprobe. So it is better to call usbputdev before xdev is released...

CVE-2022-49271

CVE-2022-49271 affects the Linux kernel CIFS/SMB2 code. When smb2_ioctl_query_info() is called with flags=PASSTHRU_FSCTL and output_buffer_length=0, the kernel could copy a bad pointer (buffer) and end up dereferencing NULL, potentially leading to a NULL pointer dereference. The fix also ensures ...

CVE-2022-49255 f2fs: fix missing free nid in f2fs_handle_failed_inode

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fshandlefailedinode This patch fixes xfstests/generic/475 failure. 293.680694 F2FS-fs dm-1: May loss orphan inode, run fsck to fix. 293.685358 Buffer I/O error on dev dm-1, logical block 8388592,...

CVE-2022-49238 ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855

In the Linux kernel, the following vulnerability has been resolved: ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 Commit b4a0f54156ac "ath11k: move peer delete after vdev stop of station for QCA6390 and WCN6855" is to fix firmware crash by changing the WMI command...

CVE-2022-49192

Technical details about CVE-2022-49192 are not publicly available in the provided Connected documents. The CVE entry describes a fix in cpsw but lacks vendor/product/version specifics, exploit info, or remediation steps beyond the general change. Monitor for updates.