30436 matches found
CVE-2022-49505
In the Linux kernel, the following vulnerability has been resolved: NFC: NULL out the dev-rfkill to prevent UAF Commit 3e3b5dfcd16a "NFC: reorder the logic in nfcun,registerdevice" assumes the deviceisregistered in function nfcdevup will help to check when the rfkill is unregistered. However, thi...
CVE-2022-49485 drm/v3d: Fix null pointer dereference of pointer perfmon
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix null pointer dereference of pointer perfmon In the unlikely event that pointer perfmon is null the WARNON return path occurs after the pointer has already been deferenced. Fix this by only dereferencing perfmon after...
CVE-2022-49447 ARM: hisi: Add missing of_node_put after of_find_compatible_node
In the Linux kernel, the following vulnerability has been resolved: ARM: hisi: Add missing ofnodeput after offindcompatiblenode offindcompatiblenode will increment the refcount of the returned devicenode. Calling ofnodeput to avoid the refcount leak...
CVE-2022-49423
Summary: CVE-2022-49423 relates to the Linux kernel where RTLA tracing could dereference a NULL record in several tracing tools. Root cause (as documented): NULL pointer dereference of the variable record in multiple files (osnoise_hist.c, osnoise_top.c, timerlat_hist.c, timerlat_top.c) before ca...
CVE-2022-49419
The CVE-2022-49419 issue affects the Linux kernel vesafb (video: fbdev) where use-after-free can occur if the fb_info is freed in the .remove path before or after .fb_destroy. The underlying cause is an ordering bug: the code previously freed fb_info in .remove, which could reference freed memory...
CVE-2022-49390 macsec: fix UAF bug for real_dev
In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev Create a new macsec device but not get reference to realdev. That can not ensure that realdev is freed after macsec. That will trigger the UAF bug for realdev as following:...
CVE-2022-49373
CVE-2022-49373 affects the Linux kernel watchdog ts4800_wdt refcount handling. According to connected docs, the issue arises because of_parse_phandle() returns a node pointer with its refcount incremented and missing of_node_put() on error paths, leading to a refcount leak in ts4800_wdt_probe. Th...
CVE-2022-49354 ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
In the Linux kernel, the following vulnerability has been resolved: ata: pataocteoncf: Fix refcount leak in octeoncfprobe offinddevicebynode takes reference, we should use putdevice to release it when not need anymore. Add missing putdevice to avoid refcount leak...
CVE-2022-49351 net: altera: Fix refcount leak in altera_tse_mdio_create
In the Linux kernel, the following vulnerability has been resolved: net: altera: Fix refcount leak in alteratsemdiocreate Every iteration of foreachchildofnode decrements the reference count of the previous node. When break from a foreachchildofnode loop, we need to explicitly call ofnodeput on t...
CVE-2022-49348
In Linux kernels affected by CVE-2022-49348, the EXT4_FC_REPLAY bit in sbi->s_mount_state was causing a risk: a corrupted on-disk superblock could set EXT4_FC_REPLAY in s_mount_state, bypassing sanity checks and triggering a BUG() in ext4_es_cache_extent(). The available connected documents co...
CVE-2022-49324
In the Linux kernel, the following vulnerability has been resolved: mips: cpc: Fix refcount leak in mipscpcdefaultphysbase Add the missing ofnodeput to release the refcount incremented by offindcompatiblenode...
CVE-2022-49255 f2fs: fix missing free nid in f2fs_handle_failed_inode
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fshandlefailedinode This patch fixes xfstests/generic/475 failure. 293.680694 F2FS-fs dm-1: May loss orphan inode, run fsck to fix. 293.685358 Buffer I/O error on dev dm-1, logical block 8388592,...
CVE-2022-49237
In the Linux kernel, the following vulnerability has been resolved: ath11k: add missing ofnodeput to avoid leak The node pointer is returned by offindnodebytype or ofparsephandle with refcount incremented. Calling ofnodeput to aovid the refcount leak...
CVE-2022-49214 powerpc/64s: Don't use DSISR for SLB faults
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Don't use DSISR for SLB faults Since commit 46ddcb3950a2 "powerpc/mm: Show if a bad page fault on data is read or write." we use pagefaultiswriteregs-dsisr in badpagefault to determine if the fault is for a read or...
CVE-2022-49117 mips: ralink: fix a refcount leak in ill_acc_of_setup()
In the Linux kernel, the following vulnerability has been resolved: mips: ralink: fix a refcount leak in illaccofsetup ofnodeputnp needs to be called when pdev == NULL...
CVE-2022-49094 net/tls: fix slab-out-of-bounds bug in decrypt_internal
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decryptinternal The memory size of tlsctx-rx.iv for AES128-CCM is 12 setting in tlssetswoffload. The return value of cryptoaeadivsize for "ccmaes" is 16. So memcpy require 16 bytes from 12...
CVE-2022-49079 btrfs: zoned: traverse devices under chunk_mutex in btrfs_can_activate_zone
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: traverse devices under chunkmutex in btrfscanactivatezone btrfscanactivatezone can be called with the devicelistmutex already held, which will lead to a deadlock: insertdevextents // Takes devicelistmutex -...
CVE-2022-49060
CVE-2022-49060 is a Linux kernel vulnerability affecting the net/smc path, where a NULL pointer dereference could occur in smc_pnet_find_ib due to calling dev_name() with dev.parent without a NULL check. The fix implements a NULL-pointer check before the call to dev_name(), mitigating potential c...
CVE-2022-49058
CVE-2022-49058 involves a buffer overflow in the Linux kernel CIFS implementation when handling symlinks. The root cause, per the provided description, is that Smatch flags the variable link_len as untrusted (coming from sscanf), which can lead to an out-of-bounds copy into dctx->buf. The fixe...
CVE-2022-49056
...