1341 matches found
CVE-2022-49371 driver core: fix deadlock in __device_attach
In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in deviceattach In deviceattach function, The lock holding logic is as follows: ... deviceattach devicelockdev // get lock dev asyncscheduledevdeviceattachasynchelper, dev; // func asyncschedulenode...
CVE-2022-49366
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix reference count leak in smbcheckpermdacl The issue happens in a specific path in smbcheckpermdacl. When "id" and "uid" have the same value, the function simply jumps out of the loop without decrementing the reference...
CVE-2022-49364
CVE-2022-49364 : In the Linux kernel, a f2fs inode eviction bug was fixed. The root cause is that the inode node and the dnode share the same nid, causing dnode truncation to invalidate the NAT entry during f2fs_evict_inode() and leaving the inode marked dirty. The fix clears the dirty flag on th...
CVE-2022-49316
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr. The...
CVE-2021-47659
CVE-2021-47659 affects the Linux kernel DRM plane path. The vulnerability arises because the range check for format_count is performed late in __drm_universal_plane_init(); if format_count > 64 yields a WARN_ON, it can leak the plane->format_types array and skip drm_mode_object_unregister()...
CVE-2022-49288 ALSA: pcm: Fix races among concurrent prealloc proc writes
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the...
CVE-2022-49287
CVE-2022-49287 concerns a Linux kernel refcount issue in tpm_chip handling that can trigger a use-after-free when interacting with TPM devices. The description details a sequence where a TPM command is written to /dev/tpmrm after unloading tpm_tis_spi, causing a refcount warning: refcount_t: addi...
CVE-2022-49244 ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192mt6359devprobe The devicenode pointer is returned by ofparsephandle with refcount incremented. We should use ofnodeput on it when done. This function only calls ofnodeput...
CVE-2022-49201 ibmvnic: fix race between xmit and reset
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnicxmit accessing an scrq after it has been freed in the reset path. It can result in a crash like: Kernel attempt...
CVE-2022-49198 mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix crash due to tcptsortedanchor was initialized before release skb Got crash when doing pressure test of mptcp: =========================================================================== dstrelease: dst:ffffa06ce6e5c058...
CVE-2022-49192
In the Linux kernel, the following vulnerability has been resolved: drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool cpswethtoolbegin directly returns the result of pmruntimegetsync when successful. pmruntimegetsync returns -error code on failure and 0 on successful...
CVE-2022-49180 LSM: general protection fault in legacy_parse_param
In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular...
CVE-2022-49180
In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular...
CVE-2022-49170
CVE-2022-49170 concerns the F2FS implementation in the Linux kernel. The root cause was a missing sanity check on curseg->alloc_type, which could widen an array-bounds access of sbi->block_count[] (UBSAN: array-index-out-of-bounds) when mounting/operating a corrupted image. The issue manife...
CVE-2022-49167
The CVE-2022-49167 entry concerns a Linux kernel issue in btrfs where the compression path could cause a bio to be completed twice on error. The connected documents describe the root cause as the path that handles compressed reads potentially ending the bio both in the compression path and again ...
CVE-2022-49161 ASoC: mediatek: Fix error handling in mt8183_da7219_max98357_dev_probe
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8183da7219max98357devprobe The devicenode pointer is returned by ofparsephandle with refcount incremented. We should use ofnodeput on it when done. This function only calls ofnodeput in the...
CVE-2022-49158
CVE-2022-49158 affects the Linux kernel SCSI driver qla2xxx. The issue is a warning generated when adisc is flushed, where an error code type did not match the expected type. The fix adds translation between error code types to avoid the warning (no documented exploit). The connected advisories c...
CVE-2022-49156
The CVE-2022-49156 entry corresponds to a Linux kernel vulnerability in scsi: qla2xxx where a call into midlayer (fc_remote_port_delete) could sleep in interrupt context, causing a crash via scheduling while atomic. The fix schedules the call in non-interrupt context to avoid sleeping while atomi...
CVE-2022-49154
The CVE-2022-49154 entry is validated by connected advisories describing a Linux kernel KVM SVM issue: an out-of-bounds guest IRQ in svm_update_pi_irte() could crash when guest_irq comes via KVM_IRQFD. The root cause is an out-of-bounds access that could trigger a crash; the mitigation is a kerne...
CVE-2022-49143
...