CVE-2022-49592

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTLRXQDMAMAP1. If CONFIGUBSAN is enabled, kernel dumps below warning...

CVE-2022-49582 net: dsa: fix NULL pointer dereference in dsa_port_reset_vlan_filtering

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix NULL pointer dereference in dsaportresetvlanfiltering The "ds" iterator variable used in dsaportresetvlanfiltering - dsaswitchforeachport overwrites the "dp" received as argument, which is later used to call...

CVE-2022-49575 tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpthinlineartimeouts. While reading sysctltcpthinlineartimeouts, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49565

CVE-2022-49565 concerns the Linux kernel, specifically perf/x86/intel/lbr, where unchecked MSR writes (WRMSR to 0x689) can occur due to an absent TSX quirk application when accessing LBR data. The issue manifests on systems with LBR_FORMAT_EIP_FLAGS2 and, if TSX is disabled, requires a quirk to a...

CVE-2022-49566 crypto: qat - fix memory leak in RSA

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak in RSA When an RSA key represented in form 2 as defined in PKCS 1 V2.1 is used, some components of the private key persist even after the TFM is released. Replace the explicit calls to free the buffe...

CVE-2022-49539 rtw89: ser: fix CAM leaks occurring in L2 reset

In the Linux kernel, the following vulnerability has been resolved: rtw89: ser: fix CAM leaks occurring in L2 reset The CAM, meaning address CAM and bssid CAM here, will get leaks during SER system error recover L2 reset process and ieee80211restarthw which is called by L2 reset process eventuall...

CVE-2022-49535

CVE-2022-49535 affects the Linux kernel SCSI lpfc path. The flaw can cause a use-after-free via premature node release when FLOGI/PLOGI handling fails or when non-zero ELS PLOGI status is processed if a dev-loss-evt work is pending. The described root cause is a premature decrementing of the ndlp...

CVE-2022-49533

In the Linux kernel, the following vulnerability has been resolved: ath11k: Change max no of active probe SSID and BSSID to fw capability The maximum number of SSIDs in a for active probe requests is currently reported as 16 WLANSCANPARAMSMAXSSID when registering the driver. The scanreqparams...

CVE-2022-49514

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173max98090devprobe Call ofnodeputplatformnode to avoid refcount leak in the error path...

CVE-2022-49496

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko If the driver support subdev mode, the parameter "dev-pm.dev" will be NULL in mtkvcodecdecremove. Kernel will crash when try to rmmod mtk-vcodec-dec.ko...

CVE-2022-49493 ASoC: rt5645: Fix errorenous cleanup order

In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix errorenous cleanup order There is a logic error when removing rt5645 device as the function rt5645i2cremove first cancel the &rt5645-jackdetectwork and delete the &rt5645-btnchecktimer latter. However, since the...

CVE-2022-49480 ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe

In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-hdmi: Fix refcount leak in imxhdmiprobe offinddevicebynode takes reference, we should use putdevice to release it. when devmkzalloc fails, it doesn't have a putdevice, it will cause refcount leak. Add missing putdevice ...

CVE-2022-49434

In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid pcidevlock AB/BA deadlock with sriovnumvfsstore The sysfs sriovnumvfsstore path acquires the device lock before the config space access lock: sriovnumvfsstore devicelock A 1 acquire device lock sriovconfigure...

CVE-2022-49415

In the Linux kernel, the following vulnerability has been resolved: ipmi:ipmb: Fix refcount leak in ipmiipmbprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...

CVE-2022-49400 md: Don't set mddev private to NULL in raid0 pers->free

In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers-free In normal stop process, it does like this: domdstop | mdstop pers-free; mddev-private=NULL | mdfree free mddev mdstop sets mddev-private to NULL after pers-free. The raid...

CVE-2022-49381 jffs2: fix memory leak in jffs2_do_fill_super

In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2dofillsuper If jffs2iget or dmakeroot in jffs2dofillsuper returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object...

CVE-2022-49371 driver core: fix deadlock in __device_attach

In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in deviceattach In deviceattach function, The lock holding logic is as follows: ... deviceattach devicelockdev // get lock dev asyncscheduledevdeviceattachasynchelper, dev; // func asyncschedulenode...

CVE-2022-49366

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix reference count leak in smbcheckpermdacl The issue happens in a specific path in smbcheckpermdacl. When "id" and "uid" have the same value, the function simply jumps out of the loop without decrementing the reference...

CVE-2022-49364

CVE-2022-49364 : In the Linux kernel, a f2fs inode eviction bug was fixed. The root cause is that the inode node and the dnode share the same nid, causing dnode truncation to invalidate the NAT entry during f2fs_evict_inode() and leaving the inode marked dirty. The fix clears the dirty flag on th...

CVE-2022-49316

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr. The...