CVE-2021-47659

CVE-2021-47659 affects the Linux kernel DRM plane path. The vulnerability arises because the range check for format_count is performed late in __drm_universal_plane_init(); if format_count > 64 yields a WARN_ON, it can leak the plane->format_types array and skip drm_mode_object_unregister()...

CVE-2022-49288 ALSA: pcm: Fix races among concurrent prealloc proc writes

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the...

CVE-2022-49287

CVE-2022-49287 concerns a Linux kernel refcount issue in tpm_chip handling that can trigger a use-after-free when interacting with TPM devices. The description details a sequence where a TPM command is written to /dev/tpmrm after unloading tpm_tis_spi, causing a refcount warning: refcount_t: addi...

CVE-2022-49244 ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192mt6359devprobe The devicenode pointer is returned by ofparsephandle with refcount incremented. We should use ofnodeput on it when done. This function only calls ofnodeput...

CVE-2022-49201 ibmvnic: fix race between xmit and reset

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnicxmit accessing an scrq after it has been freed in the reset path. It can result in a crash like: Kernel attempt...

CVE-2022-49198 mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix crash due to tcptsortedanchor was initialized before release skb Got crash when doing pressure test of mptcp: =========================================================================== dstrelease: dst:ffffa06ce6e5c058...

CVE-2022-49192

In the Linux kernel, the following vulnerability has been resolved: drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool cpswethtoolbegin directly returns the result of pmruntimegetsync when successful. pmruntimegetsync returns -error code on failure and 0 on successful...

CVE-2022-49180 LSM: general protection fault in legacy_parse_param

In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular...

CVE-2022-49180

In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular...

CVE-2022-49167

The CVE-2022-49167 entry concerns a Linux kernel issue in btrfs where the compression path could cause a bio to be completed twice on error. The connected documents describe the root cause as the path that handles compressed reads potentially ending the bio both in the compression path and again ...

CVE-2022-49161 ASoC: mediatek: Fix error handling in mt8183_da7219_max98357_dev_probe

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8183da7219max98357devprobe The devicenode pointer is returned by ofparsephandle with refcount incremented. We should use ofnodeput on it when done. This function only calls ofnodeput in the...

CVE-2022-49158

CVE-2022-49158 affects the Linux kernel SCSI driver qla2xxx. The issue is a warning generated when adisc is flushed, where an error code type did not match the expected type. The fix adds translation between error code types to avoid the warning (no documented exploit). The connected advisories c...

CVE-2022-49156

The CVE-2022-49156 entry corresponds to a Linux kernel vulnerability in scsi: qla2xxx where a call into midlayer (fc_remote_port_delete) could sleep in interrupt context, causing a crash via scheduling while atomic. The fix schedules the call in non-interrupt context to avoid sleeping while atomi...

CVE-2022-49154

The CVE-2022-49154 entry is validated by connected advisories describing a Linux kernel KVM SVM issue: an out-of-bounds guest IRQ in svm_update_pi_irte() could crash when guest_irq comes via KVM_IRQFD. The root cause is an out-of-bounds access that could trigger a crash; the mitigation is a kerne...

CVE-2022-49134

Technical details about CVE-2022-49134 are not publicly provided in the supplied documents; no affected products/versions/fixes are specified here. Monitor for updates.

CVE-2022-49102 habanalabs: fix possible memory leak in MMU DR fini

In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix possible memory leak in MMU DR fini This patch fixes what seems to be copy paste error. We will have a memory leak if the host-resident shadow is NULL which will likely happen as the DR and HR are not dependent...

CVE-2022-49097

CVE-2022-49097 relates to the Linux kernel NFS writeback path. In low-memory conditions, the NFS writeback code could enter infinite loops in mempool_alloc, risking a writeback stall. The issue is resolved in the kernel by allowing the writeback path to fail gracefully instead of deadlocking. The...

CVE-2022-49092

CVE-2022-49092 concerns a Linux kernel net/ipv4 routing issue where deleting a route that points to a nexthop ID (without nhid) triggers a warning in fib_nh_match when a nexthop object is present. The root cause is a match operation on a fib_info with a nexthop object; the fix is to skip such mat...

CVE-2022-49075

CVE-2022-49075 : In the Linux kernel, a qgroup reserve overflow in btrfs can occur when fallocate spans more than 4 GiB. The root cause is that extent_changeset->bytes_changed is stored as an unsigned int, causing overflow and potentially breaking the qgroup limit. The advisory notes that regu...

CVE-2022-49059

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flushworkqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism timer and...