SUSE CVE-2022-50840

In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snictgtcreate Smatch reports a warning as follows: drivers/scsi/snic/snicdisc.c:307 snictgtcreate warn: '&tgt-list' not removed from list If deviceadd fails in snictgtcreate, tgt will be freed, but...

SUSE CVE-2022-50841

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size e.g., 0xffffff7f while parsing MFT attributes. This could lead to out-of-boun...

SUSE CVE-2022-50842

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether transferred 2D BO is shmem Transferred 2D BO always must be a shmem BO. Add check for that to prevent NULL dereference if userspace passes a VRAM BO...

SUSE CVE-2022-50843

In the Linux kernel, the following vulnerability has been resolved: dm clone: Fix UAF in clonedtr Dmclone also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in clonedtr...

SUSE CVE-2022-50844

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix type of second parameter in odneditdpmtable callback With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sur...

SUSE CVE-2022-50845

In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4xattrinodecreate on an error path There is issue as follows when do setxattr with inject fault: localhost fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 12-Sep-2022 Pass 1: Checking inodes, blocks, and sizes...

SUSE CVE-2022-50846

In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehos...

SUSE CVE-2022-50847

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: it6505: Initialize AUX channel in it6505i2cprobe During device boot, the HPD interrupt could be triggered before the DRM subsystem registers it6505 as a DRM bridge. In such cases, the driver tries to access AUX channe...

SUSE CVE-2022-50848

In the Linux kernel, the following vulnerability has been resolved: drivers: dio: fix possible memory leak in dioinit If deviceregister returns error, the 'dev' and name needs be freed. Add a release function, and then call putdevice in the error path, so the name is freed in kobjectcleanup and t...

SUSE CVE-2022-50849

In the Linux kernel, the following vulnerability has been resolved: pstore: Avoid kcore oops by vmaping with VMIOREMAP An oops can be induced by running 'cat /proc/kcore /dev/null' on devices using pstore with the ram backend because kmapatomic assumes lowmem pages are accessible with va. Unable ...

SUSE CVE-2022-50850

In the Linux kernel, the following vulnerability has been resolved: scsi: ipr: Fix WARNING in iprinit iprinit will not call unregisterrebootnotifier when pciregisterdriver fails, which causes a WARNING. Call unregisterrebootnotifier when pciregisterdriver fails. notifier callback iprhalt ipr...

SUSE CVE-2022-50851

In the Linux kernel, the following vulnerability has been resolved: vhostvdpa: fix the crash in unmap a large memory While testing in vIOMMU, sometimes Guest will unmap very large memory, which will cause the crash. To fix this, add a new function vhostvdpageneralunmap. This function will only...

SUSE CVE-2022-50852

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix use after free in mt7921acpiread Don't dereference "sarroot" after it has been freed...

SUSE CVE-2022-50853

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a credential leak in nfs4discovertrunking...

SUSE CVE-2022-50854

In the Linux kernel, the following vulnerability has been resolved: nfc: virtualncidev: Fix memory leak in virtualncisend skb should be free in virtualncisend, otherwise kmemleak will report memleak. Steps for reproduction simulated in qemu: cd tools/testing/selftests/nci make ./ncidev BUG: memor...

SUSE CVE-2022-50855

In the Linux kernel, the following vulnerability has been resolved: bpf: prevent leak of lsm program after failed attach In 0, we added the ability to bpfprogattach LSM programs to cgroups, but in our validation to make sure the prog is meant to be attached to BPFLSMCGROUP, we return too early if...

SUSE CVE-2022-50856

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifssesaddchannel Before return, should free the xid, otherwise, the xid will be leaked...

SUSE CVE-2022-50857

In the Linux kernel, the following vulnerability has been resolved: rapidio: rio: fix possible name leak in rioregistermport If deviceregister returns error, the name allocated by devsetname need be freed. It should use putdevice to give up the reference in the error path, so that the name can be...

SUSE CVE-2022-50858

In the Linux kernel, the following vulnerability has been resolved: mmc: alcor: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...

SUSE CVE-2022-50859

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...

SUSE CVE-2022-50860

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in allocns After changes in commit a1bd627b46d1 "apparmor: share profile name on replacement", the hname member of struct aapolicy is not valid slab object, but a subset of that, it can not be freed by...

SUSE CVE-2022-50861

In the Linux kernel, the following vulnerability has been resolved: NFSD: Finish converting the NFSv2 GETACL result encoder The xdrstream conversion inadvertently left some code that set the pagelen of the send buffer. The XDR stream encoders should handle this automatically now. This oversight...

SUSE CVE-2022-50862

In the Linux kernel, the following vulnerability has been resolved: bpf: prevent decltag from being referenced in funcproto Syzkaller was able to hit the following issue: ------------ cut here ------------ WARNING: CPU: 0 PID: 3609 at kernel/bpf/btf.c:1946 btftypeidsize+0x2d5/0x9d0...

SUSE CVE-2022-50863

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: free unused skb to prevent memory leak This avoid potential memory leak under power saving mode...

SUSE CVE-2022-50864

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field slogblocksize of superblock data is corrupted and too large, initnilfs and loadnilfs still can trigger a shift-out-of-bounds warning followed by a...

SUSE CVE-2022-50865

In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcpaddbacklog The type of skrcvbuf and sksndbuf in struct sock is int, and in tcpaddbacklog, the variable limit is caculated by adding skrcvbuf, sksndbuf and 64 1024, it may exceed the ma...

SUSE CVE-2022-50866

In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter kasprintf would return NULL pointer when kmalloc fail to allocate. Need to check the return pointer before calling strcmp...

SUSE CVE-2022-50867

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs statekcalloc usage adrenoshowobject is a trap! It will re-allocate the pointer it is passed on first call, when the data is ascii85 encoded, using kvmalloc/ kvfree. Which means the data passed to it...

SUSE CVE-2022-50868

In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count for...

SUSE CVE-2022-50869

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds in rpage When PAGESIZE is 64K, if readlogpage is called by logreadrst for the first time, the size of buffer would be equal to DefaultLogPageSize4K.But for buffer operations like memcpy, if the...

SUSE CVE-2022-50870

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtasosterm rtasosterm is called during panic. Its behavior depends on a couple of conditions in the /rtas node of the device tree, the traversal of which entails locking and local IRQ...

SUSE CVE-2022-50871

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix qmimsghandler data structure initialization qmimsghandler is required to be null terminated by QMI module. There might be a case where a handler for a msg id is not present in the handlers array which can lead t...

SUSE CVE-2022-50872

In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix memory leak in realtimecounterinit The "sysclk" resource is malloced by clkget, it is not released when the function return...

SUSE CVE-2022-50873

In the Linux kernel, the following vulnerability has been resolved: vdpa/vpvdpa: fix kfree a wrong pointer in vpvdparemove In vpvdparemove, the code kfree&vpvdpamgtdev-mgtdev.idtable uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this:...

SUSE CVE-2022-50874

In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Fix refcount leak in erdmammap rdmausermmapentryget take reference, we should release it when not need anymore, add the missing rdmausermmapentryput in the error path to fix it...

SUSE CVE-2022-50875

In the Linux kernel, the following vulnerability has been resolved: of: overlay: fix null pointer dereferencing in finddupcsetnodeentry and finddupcsetprop When kmalloc fail to allocate memory in kasprintf, fn1 or fn2 will be NULL, and strcmp will cause null pointer dereference...

SUSE CVE-2022-50876

In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix musbgadget.c rxstate overflow bug The usb function device call musbgadgetqueue adds the passed request to musbep::reqlist,If the request-length musbep-packetsz and isbuffermappedreq return false,the rxstate will co...

SUSE CVE-2022-50877

In the Linux kernel, the following vulnerability has been resolved: net: broadcom: bcm4908enet: update TX stats after actual transmission Queueing packets doesn't guarantee their transmission. Update TX stats after hardware confirms consuming submitted data. This also fixes a possible race and NU...

SUSE CVE-2022-50878

In the Linux kernel, the following vulnerability has been resolved: gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611connectorinit A NULL check for bridge-encoder shows that it may be NULL, but it already been dereferenced on all paths leading to the check. 812 if !bridge-encoder...

SUSE CVE-2022-50879

In the Linux kernel, the following vulnerability has been resolved: objtool: Fix SEGFAULT findinsn will return NULL in case of failure. Check insn in order to avoid a kernel Oops for NULL pointer dereference...

SUSE CVE-2022-50880

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: add peer map clean up for peer delete in ath10kstastate When peer delete failed in a disconnect operation, use-after-free detected by KFENCE in below log. It is because for each vdevid and address, it has only one...

SUSE CVE-2022-50881

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9khifusbdisconnect This patch fixes a use-after-free in ath9k that occurs in ath9khifusbdisconnect when ath9kdestroywmi is trying to access 'drvpriv' that has already been freed by...

SUSE CVE-2022-50882

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix memory leak in uvcgpioparse Previously the unit buffer was allocated before checking the IRQ for privacy GPIO. In case of error, the unit buffer was leaked. Allocate the unit buffer after the IRQ to avoid it...

SUSE CVE-2022-50883

In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent decltag from being referenced in funcproto arg Syzkaller managed to hit another decltag issue: btffuncprotocheck kernel/bpf/btf.c:4506 inline btfcheckalltypes kernel/bpf/btf.c:4734 inline btfparsetypesec+0x1175/0x198...

SUSE CVE-2022-50884

In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drmcopyfield to attempt copying a NULL pointer There are some struct drmdriver fields that are required by drivers since drmcopyfield attempts to copy them to user-space via DRMIOCTLVERSION. But it can be possible th...

SUSE CVE-2022-50885

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxeqpdocleanup+0x2f3/0x360 rdmarxe Read of size 8 at addr 000000000000001...

SUSE CVE-2022-50886

In the Linux kernel, the following vulnerability has been resolved: mmc: toshsd: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be leaked and it will lead a kernel crash because of deleting not added...

SUSE CVE-2022-50887

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix unbalanced of node refcount in regulatordevlookup I got the the following report: OF: ERROR: memory leak, expected refcount 1 instead of 2, ofnodeget/ofnodeput unbalanced - destroy cset entry: attach overlay...

SUSE CVE-2022-50888

In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5wcssinitmmio q6v5wcssinitmmio will call platformgetresourcebyname that may fail and return NULL. devmioremap will use res-start as input, which may causes null-ptr-deref...

SUSE CVE-2022-50889

In the Linux kernel, the following vulnerability has been resolved: dm integrity: Fix UAF in dmintegritydtr Dmintegrity also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in dmintegritydtr...