CVE-2022-49560

In the Linux kernel, the following vulnerability has been resolved: exfat: check if cluster num is valid Syzbot reported slab-out-of-bounds read in exfatclearbitmap. This was triggered by reproducer calling truncute with size 0, which causes the following trace: BUG: KASAN: slab-out-of-bounds in...

CVE-2022-49561

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb-nfct and set skb-nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the...

CVE-2022-49425

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix dereference of stale list iterator after loop body The list iterator variable will be a bogus pointer if no break was hit. Dereferencing it cur-page in this case could load an out-of-bounds/undefined value making it...

CVE-2022-49407

In the Linux kernel, the following vulnerability has been resolved: dlm: fix plock invalid read This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plockop" and a followed sendop will append it to a global sendlist data structure. In some cases a followed devread...

CVE-2022-49153

In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 size 232: comm "kworker/u17:0", pid 23193, jiffies 4295238848 age 3464.870s hex dump first 32 bytes: 00...

CVE-2021-47650

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: prevent the potentially use of null pointer There is one call trace that sndsocregistercard -sndsocbindcard-socinitpcmruntime -sndsocdaicompressnew-sndsocnewcompress. In the trace the 'codecdai' transfers from...

CVE-2022-49717

In CVE-2022-49717, the Linux kernel issue concerns irqchip/apple-aic: a refcount leak in build_fiq_affinity. The problem was that of_find_node_by_phandle() returns a node pointer with an incremented refcount, and the fix is to call of_node_put() when the node is no longer needed to avoid the leak...

CVE-2022-49711

The CVE-2022-49711 issue affects the Linux kernel in the bus: fsl-mc-bus path. Root cause: in fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to fsl_destroy_mc_io() after mc->root_mc_bus_dev has already been freed in fsl_mc_device_remove(), causing a KASAN use-after-free. Mitig...

CVE-2022-49693

CVE-2022-49693 : In the Linux kernel, there is a refcount leak in the drm/msm/mdp4 path during mdp4_modeset_init_intf caused by not releasing the remote device node pointer obtained from of_graph_get_remote_node(). The pointer’s refcount is incremented but not decremented with of_node_put() when ...

CVE-2022-49677

In CVE-2022-49677, the Linux kernel ARM CNS3xxx codefix resolves a refcount leak in cns3xxx_init. The issue arises because of_find_compatible_node() returns a node pointer with its refcount incremented, and the patch adds a call to of_node_put() when finished to avoid leaking references. This vul...

CVE-2022-49658 bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix insufficient bounds propagation from adjustscalarminmaxvals Kuee reported a corner case where the tnum becomes constant after the call to regboundoffset, but the register's bounds are not, that is, its min bounds are sti...

CVE-2022-49649 xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue

In the Linux kernel, the following vulnerability has been resolved: xen/netback: avoid entering xenvifrxnextskb with an empty rx queue xenvifrxnextskb is expecting the rx queue not being empty, but in case the loop in xenvifrxaction is doing multiple iterations, the availability of another skb in...

CVE-2022-49634

CVE-2022-49634 : In the Linux kernel, there are data-races in sysctl access to proc_dou8vec_minmax() due to concurrent readers/writers. The fix changes proc_dou8vec_minmax() to use internal READ_ONCE() and WRITE_ONCE() to mitigate races on the sysctl side. The patch notes indicate the function it...

CVE-2022-49635

CVE-2022-49635 affects the Linux kernel. The issue is in drm/i915/selftests, where a subtraction overflow can occur when hole_end is small, and addr + 2 * min_alignment can overflow in mock tests. A patch was applied (cherry picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2) to fix both...

CVE-2022-49627 ima: Fix potential memory leak in ima_init_crypto()

In the Linux kernel, the following vulnerability has been resolved: ima: Fix potential memory leak in imainitcrypto On failure to allocate the SHA1 tfm, IMA fails to initialize and exits without freeing the imaalgoarray. Add the missing kfree for imaalgoarray to avoid the potential memory leak...

CVE-2022-49626

In CVE-2022-49626, the Linux kernel sfc (Solarflare) driver had a use-after-free: vf->pci_dev could be freed during pci_disable_sriov and later read in efx_ef10_sriov_free_vf_vswitching. The root cause is reading a freed vf->pci_dev in the SR-IOV disable path. A patch fixes this by setting ...

CVE-2022-49602

The CVE-2022-49602 entry refers to a data race in the Linux kernel’s sysctl_fwmark_reflect reader. The race occurs while reading sysctl_fwmark_reflect, which could be changed concurrently; the fix is to apply READ_ONCE() to the reader to ensure a consistent read. Connected advisories (EulerOS/Ope...

CVE-2022-49574

CVE-2022-49574 is a Linux kernel security issue involving a data race in reading the sysctl_tcp_recovery variable within the TCP stack. The root cause is concurrent modification of sysctl_tcp_recovery while it is being read, which could lead to inconsistent reads or memory corruption. The descrip...

CVE-2022-49561 netfilter: conntrack: re-fetch conntrack after insertion

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb-nfct and set skb-nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the...

CVE-2022-49556 KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl interfaces, the length parameter that is passed maybe less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmwar...