CVE-2022-49507

CVE-2022-49507 affects the Linux kernel regulator driver for the da9121 (regulator/da9121-regulator.c). The issue arises when da9121_assign_chip_model() accesses regmap without it being initialized due to an invalid chip->subvariant_id (set to -EINVAL by a malformed device tree). This leads to...

CVE-2022-49471 rtw89: cfo: check mac_id to avoid out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: rtw89: cfo: check macid to avoid out-of-bounds Somehow, hardware reports incorrect macid and pollute memory. Check index before we access the array. UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23 index 188 is out of rang...

CVE-2022-49429

CVE-2022-49429 affects the Linux kernel’s RDMA/hfi1 subsystem. When the hfi1 module is loaded with SDMA disabled (HFI1_CAP_SDMA off), a call to hfi1_write_iter() can dereference a NULL pointer, causing a kernel panic through the I/O path (sdma_select_user_engine → hfi1_user_sdma_process_request →...

CVE-2022-49418 NFSv4: Fix free of uninitialized nfs4_label on referral lookup.

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix free of uninitialized nfs4label on referral lookup. Send along the already-allocated fattr along with nfs4fslocations, and drop the memcpy of fattr. We end up growing two more allocations, but this fixes up a crash as:...

CVE-2022-49418

The CVE affects the Linux kernel in NFSv4 handling, where an uninitialized nfs4_label could be freed during referral lookup, leading to a crash. The fix reuses the already-allocated fattr with nfs4_fs_locations and drops the memcpy of fattr, avoiding two extra allocations and preventing the crash...

CVE-2022-49390 macsec: fix UAF bug for real_dev

In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev Create a new macsec device but not get reference to realdev. That can not ensure that realdev is freed after macsec. That will trigger the UAF bug for realdev as following:...

CVE-2022-49376 scsi: sd: Fix potential NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix potential NULL pointer dereference If sdprobe sees an early error before sdkp-device is initialized, sdzbcreleasedisk is called. This causes a NULL pointer dereference when sdiszoned is called inside that function...

CVE-2022-49356

CVE-2022-49356 concerns a Linux kernel SUNRPC vulnerability where RDMA segment overflows could occur if svc_rdma_build_writes() walks past a Write chunk’s segment array. The fixed commit prevents walking off the end of the array and was validated with KASAN. The description notes the pre-fix test...

CVE-2022-49320 dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type

In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmpdma: In struct zynqmpdmachan fix descsize data type In zynqmpdmaalloc/freechanresources functions there is a potential overflow in the below expressions. dmaalloccoherentchan-dev, 2 chan-descsize ZYNQMPDMANUMDESC...

CVE-2022-49310 char: xillybus: fix a refcount leak in cleanup_dev()

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: fix a refcount leak in cleanupdev usbgetdev is called in xillyusbprobe. So it is better to call usbputdev before xdev is released...

CVE-2022-49271

CVE-2022-49271 affects the Linux kernel CIFS/SMB2 code. When smb2_ioctl_query_info() is called with flags=PASSTHRU_FSCTL and output_buffer_length=0, the kernel could copy a bad pointer (buffer) and end up dereferencing NULL, potentially leading to a NULL pointer dereference. The fix also ensures ...

CVE-2022-49255 f2fs: fix missing free nid in f2fs_handle_failed_inode

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fshandlefailedinode This patch fixes xfstests/generic/475 failure. 293.680694 F2FS-fs dm-1: May loss orphan inode, run fsck to fix. 293.685358 Buffer I/O error on dev dm-1, logical block 8388592,...

CVE-2022-49238 ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855

In the Linux kernel, the following vulnerability has been resolved: ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 Commit b4a0f54156ac "ath11k: move peer delete after vdev stop of station for QCA6390 and WCN6855" is to fix firmware crash by changing the WMI command...

CVE-2022-49192

Technical details about CVE-2022-49192 are not publicly available in the provided Connected documents. The CVE entry describes a fix in cpsw but lacks vendor/product/version specifics, exploit info, or remediation steps beyond the general change. Monitor for updates.

CVE-2022-49177 hwrng: cavium - fix NULL but dereferenced coccicheck error

In the Linux kernel, the following vulnerability has been resolved: hwrng: cavium - fix NULL but dereferenced coccicheck error Fix following coccicheck warning: ./drivers/char/hwrandom/cavium-rng-vf.c:182:17-20: ERROR: pdev is NULL but dereferenced...

CVE-2022-49169

CVE-2022-49169 concerns the Linux kernel’s f2fs module and a race/lock issue that could cause a hang. The connected advisories document that the fix is to replace a mutex-based path with a spin_lock, specifically to avoid hang scenarios in f2fs when handling certain task reads and statistics oper...

CVE-2022-49164 powerpc/tm: Fix more userspace r13 corruption

In the Linux kernel, the following vulnerability has been resolved: powerpc/tm: Fix more userspace r13 corruption Commit cf13435b730a "powerpc/tm: Fix userspace r13 corruption" fixes a problem in treclaim where a SLB miss can occur on the threadstruct-ckptregs while SCRATCH0 is live with the save...

CVE-2022-49131

CVE-2022-49131 concerns a Linux kernel kernel-panic in the ath11k driver while unloading/loading modules on some ARM platforms. The root cause is a dereference path leading to an OOPS in napi_by_id during netif_napi_add, which could occur over repeated unload/load cycles. The fixed fix is to call...

CVE-2022-49113

CVE-2022-49113 — In the Linux kernel, a refcount leak in powerpc/secvar, specifically in format_show(), is fixed. The leak can occur when format_show returns failure in multiple paths. The mitigation is the unified management of of_node_put to correct the leak. The available connected sources con...

CVE-2022-49094 net/tls: fix slab-out-of-bounds bug in decrypt_internal

In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decryptinternal The memory size of tlsctx-rx.iv for AES128-CCM is 12 setting in tlssetswoffload. The return value of cryptoaeadivsize for "ccmaes" is 16. So memcpy require 16 bytes from 12...