914 matches found
SUSE CVE-2022-49472
In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driverdata Currently, if the .probe element is present in the phydriver structure and the .driverdata is not, a NULL pointer dereference happens. Allow passing .probe without .driverdata b...
SUSE CVE-2022-49471
In the Linux kernel, the following vulnerability has been resolved: rtw89: cfo: check macid to avoid out-of-bounds Somehow, hardware reports incorrect macid and pollute memory. Check index before we access the array. UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23 index 188 is out of rang...
SUSE CVE-2022-49501
In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregisternetdev before unbind again Commit 2c9d6c2b871d "usbnet: run unbind before unregisternetdev" sought to fix a use-after-free on disconnect of USB Ethernet adapters. It turns out that a different fix is necessa...
SUSE CVE-2022-49692
In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY Latest kernel will explode on the PHY interrupt config, since it depends now on allocated priv. So, run probe to allocate priv to fix it. ar9331switch ethernet.1:10 lan...
CVE-2022-49692
In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY Latest kernel will explode on the PHY interrupt config, since it depends now on allocated priv. So, run probe to allocate priv to fix it. ar9331switch ethernet.1:10 lan...
DEBIAN-CVE-2022-49692
In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY Latest kernel will explode on the PHY interrupt config, since it depends now on allocated priv. So, run probe to allocate priv to fix it. ar9331switch ethernet.1:10 lan...
DEBIAN-CVE-2022-49471
In the Linux kernel, the following vulnerability has been resolved: rtw89: cfo: check macid to avoid out-of-bounds Somehow, hardware reports incorrect macid and pollute memory. Check index before we access the array. UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23 index 188 is out of rang...
DEBIAN-CVE-2022-49472
In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driverdata Currently, if the .probe element is present in the phydriver structure and the .driverdata is not, a NULL pointer dereference happens. Allow passing .probe without .driverdata b...
DEBIAN-CVE-2022-49396
In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to release the lane reset controller in case of a late probe error e.g. probe deferral. Note that due to the reset controller being defined in devicetree in "lane...
UBUNTU-CVE-2022-49350
In the Linux kernel, the following vulnerability has been resolved: net: mdio: unexport init-annotated mdiobusinit EXPORTSYMBOL and init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated init. The access to a free...
UBUNTU-CVE-2022-49472
In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Allow probing without .driverdata Currently, if the .probe element is present in the phydriver structure and the .driverdata is not, a NULL pointer dereference happens. Allow passing .probe without .driverdata b...
UBUNTU-CVE-2022-49692
In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY Latest kernel will explode on the PHY interrupt config, since it depends now on allocated priv. So, run probe to allocate priv to fix it. ar9331switch ethernet.1:10 lan...
DEBIAN-CVE-2022-49061
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: stmmac: fix altrtsepcs function when using a fixed-link When using a fixed-link, the altrtsepcs driver crashes due to null-pointer dereference as no phydevice is provided to tsepcsfixmacspeed function. Fix this by...
UBUNTU-CVE-2022-49061
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: stmmac: fix altrtsepcs function when using a fixed-link When using a fixed-link, the altrtsepcs driver crashes due to null-pointer dereference as no phydevice is provided to tsepcsfixmacspeed function. Fix this by...
CVE-2022-49692
The CVE-2022-49692 issue is a Linux kernel fix for the at803x PHY NULL pointer dereference on AR9331 PHY. The vulnerability manifested as kernel paging fault during PHY interrupt handling, traced to AR9331 switch/MDIO initialization and phylink/dsa probe paths. The remedy is in the latest kernel ...
CVE-2022-49692 net: phy: at803x: fix NULL pointer dereference on AR9331 PHY
In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY Latest kernel will explode on the PHY interrupt config, since it depends now on allocated priv. So, run probe to allocate priv to fix it. ar9331switch ethernet.1:10 lan...
CVE-2022-49692
In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY Latest kernel will explode on the PHY interrupt config, since it depends now on allocated priv. So, run probe to allocate priv to fix it. ar9331switch ethernet.1:10 lan...
CVE-2022-49501 usbnet: Run unregister_netdev() before unbind() again
In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregisternetdev before unbind again Commit 2c9d6c2b871d "usbnet: run unbind before unregisternetdev" sought to fix a use-after-free on disconnect of USB Ethernet adapters. It turns out that a different fix is necessa...
CVE-2022-49501
CVE-2022-49501 concerns the Linux kernel USB Ethernet (usbnet) path. The root cause is a use-after-free risk during disconnect caused by non-mirroring binding/unbinding order: usbnet_probe() binds then register_netdev(), whereas disconnect() previously unregisters before unbind(), leading to PHY ...
CVE-2022-49472
CVE-2022-49472 affects the Linux kernel PHY Micrel driver: if a .probe is present and .driver_data is missing, a NULL pointer dereference can occur. The fix adds NULL checks for priv->type to allow probing without .driver_data. Connected advisories (Astra/Unity Linux) reference Linux kernel ve...