SUSE CVE-2022-50716

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: Fix use-after-free on ar5523cmd timed out syzkaller reported use-after-free with the stack trace like below 1: 38.960489 C3 ================================================================== 38.963216 C3 BUG: KASAN:...

SUSE CVE-2022-50717

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmettcphandleh2cdatapdu, add a bounds check to avoid out-of-bounds access...

SUSE CVE-2022-50718

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix pci device refcount leak As comment of pcigetdomainbusandslot says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling pcidevput. So...

SUSE CVE-2022-50719

In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fix stack overflow in line6miditransmit Correctly calculate available space including the size of the chunk buffer. This fixes a buffer overflow when multiple MIDI sysex messages are sent to a PODxt device...

SUSE CVE-2022-50720

In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC or xAPIC, and Extended APIC or x2APIC. X2APIC mode is mostly compatible with legacy APIC, but it disables the memory-mapped APIC interface in favor...

SUSE CVE-2022-50721

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prepslavesg The calling convention for preslavesg is to return NULL on error and provide an error log to the system. Qcom-adm instead provide error pointer when an error occur...

SUSE CVE-2022-50722

In the Linux kernel, the following vulnerability has been resolved: media: ipu3-imgu: Fix NULL pointer dereference in active selection access What the IMGU driver did was that it first acquired the pointers to active and try V4L2 subdev state, and only then figured out which one to use. The probl...

SUSE CVE-2022-50723

In the Linux kernel, the following vulnerability has been resolved: bnxten: fix memory leak in bnxtnvmtest Free the kzalloc'ed buffer before returning in the success path...

SUSE CVE-2022-50724

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix resource leak in regulatorregister I got some resource leak reports while doing fault injection test: OF: ERROR: memory leak, expected refcount 1 instead of 100, ofnodeget/ofnodeput unbalanced - destroy cset...

SUSE CVE-2022-50725

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix use-after-free in vidtvbridgedvbinit KASAN reports a use-after-free: BUG: KASAN: use-after-free in dvbdmxdevrelease+0x4d5/0x5d0 dvbcore Call Trace: ... dvbdmxdevrelease+0x4d5/0x5d0 dvbcore...

SUSE CVE-2022-50726

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix possible use-after-free in async command interface mlx5cmdcleanupasyncctx should return only after all its callback handlers were completed. Before this patch, the below race between mlx5cmdcleanupasyncctx and...

SUSE CVE-2022-50727

In the Linux kernel, the following vulnerability has been resolved: scsi: efct: Fix possible memleak in efctdeviceinit In efctdeviceinit, when efctscsiregfctransport fails, efctscsitgtdriverexit is not called to release memory for efctscsitgtdriverinit and causes memleak: unreferenced object...

SUSE CVE-2022-50728

In the Linux kernel, the following vulnerability has been resolved: s390/lcs: Fix return type of lcsstartxmit With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid ...

SUSE CVE-2022-50729

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix resource leak in ksmbdsessionrpcopen When ksmbdrpcopen fails then it must call ksmbdrpcidfree to undo the result of ksmbdipcidalloc...

SUSE CVE-2022-50730

In the Linux kernel, the following vulnerability has been resolved: ext4: silence the warning when evicting inode with dioreadnolock When evicting an inode with default dioreadnolock, it could be raced by the unwritten extents converting kworker after writeback some new allocated dirty blocks. It...

SUSE CVE-2022-50731

In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher - default implementation for setting a private key Changes from v1: removed the default implementation from setpubkey: it is assumed that an implementation must always have this callback defined as there are no u...

SUSE CVE-2022-50732

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192u: Fix use after free in ieee80211rx We cannot dereference the "skb" pointer after calling ieee80211monitorrx, because it is a use after free...

SUSE CVE-2022-50733

In the Linux kernel, the following vulnerability has been resolved: usb: idmouse: fix an uninit-value in idmouseopen In idmousecreateimage, if any ftipcommand fails, it will go to the reset label. However, this leads to the data in bulkinbufferHEADER..IMGSIZE uninitialized. And the check for vali...

SUSE CVE-2022-50734

In the Linux kernel, the following vulnerability has been resolved: nvmem: core: Fix memleak in nvmemregister devsetname will alloc memory for nvmem-dev.kobj.name in nvmemregister, when nvmemvalidatekeepouts failed, nvmem's memory will be freed and return, but nobody will free memory for...

SUSE CVE-2022-50735

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: do not run mt76ustatusworker if the device is not running Fix the following NULL pointer dereference avoiding to run mt76ustatusworker thread if the device is not running yet. KASAN: null-ptr-deref in range...

SUSE CVE-2022-50736

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work request flushing in post sendqueue operation, if the QP is in ERROR state. An undefined ocode value...

SUSE CVE-2022-50737

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. 162.459513 BUG: KASAN: use-after-free in...

SUSE CVE-2022-50738

In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix an iotlb memory leak Before commit 3d5698793897 "vhost-vdpa: introduce asid based IOTLB" we called vhostvdpaiotlbunmapv, iotlb, 0ULL, 0ULL - 1 during release to free all the resources allocated when processing use...

SUSE CVE-2022-50739

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check for inode operations This adds a sanity check for the iop pointer of the inode which is returned after reading Root directory MFT record. We should check the iop is valid before trying to create t...

SUSE CVE-2022-50740

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: fix memory leak of urbs in ath9khifusbdealloctxurbs Syzkaller reports a long-known leak of urbs in ath9khifusbdealloctxurbs. The cause of the leak is that usbgeturb is called but usbfreeurb or usbputurb is no...

SUSE CVE-2022-50741

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Disable useless interrupt to avoid kernel panic There is a hardware bug that the interrupt STMBUFHALF may be triggered after or when disable interrupt. It may led to unexpected kernel panic. And interrupt...

SUSE CVE-2022-50742

In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible refcount leak in afuioctl eventfdctxput need to be called to put the refcount that gotten by eventfdctxfdget when ocxlirqsethandler fails...

SUSE CVE-2022-50743

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix pcluster memleak when its block address is zero syzkaller reported a memleak: https://syzkaller.appspot.com/bug?id=62f37ff612f0021641eda5b17f056f1668aa9aed unreferenced object 0xffff88811009c7f8 size 136: ... backtrace...

SUSE CVE-2022-50744

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix hard lockup when reading the rxmonitor from debugfs During I/O and simultaneous cat of /sys/kernel/debug/lpfc/fnX/rxmonitor, a hard lockup similar to the call trace below may occur. The spinlockbh in...

SUSE CVE-2022-50745

In the Linux kernel, the following vulnerability has been resolved: staging: media: tegra-video: fix devicenode use after free At probe time this code path is followed: tegracsiinit tegracsichannelsalloc foreachchildofnodenode, channel -- iterates over channels automatically gets 'channel'...

SUSE CVE-2022-50746

In the Linux kernel, the following vulnerability has been resolved: erofs: validate the extent length for uncompressed pclusters syzkaller reported a KASAN use-after-free: https://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2 The referenced fuzzed image actually has two issues: - mpa == 0 ...

SUSE CVE-2022-50747

In the Linux kernel, the following vulnerability has been resolved: hfs: Fix OOB Write in hfsasc2mac Syzbot reported a OOB Write bug: loop0: detected capacity change from 0 to 64 ================================================================== BUG: KASAN: slab-out-of-bounds in...

SUSE CVE-2022-50748

In the Linux kernel, the following vulnerability has been resolved: ipc: mqueue: fix possible memory leak in initmqueuefs commit db7cfc380900 "ipc: Free mqsysctls if ipc namespace creation failed" Here's a similar memory leak to the one fixed by the patch above. retiremqsysctls need to be called...

SUSE CVE-2022-50749

In the Linux kernel, the following vulnerability has been resolved: acct: fix potential integer overflow in encodecompt The integer overflow is descripted with following codes: 317 static compt encodecomptu64 value 318 319 int exp, rnd; ...... 341 exp 342 exp += value; 343 return exp; 344 Current...

SUSE CVE-2022-50750

In the Linux kernel, the following vulnerability has been resolved: drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure In case mipidsiattach fails, call drmpanelremove to avoid memory leak...

SUSE CVE-2022-50751

In the Linux kernel, the following vulnerability has been resolved: configfs: fix possible memory leak in configfscreatedir kmemleak reported memory leaks in configfscreatedir: unreferenced object 0xffff888009f6af00 size 192: comm "modprobe", pid 3777, jiffies 4295537735 age 233.784s backtrace:...

SUSE CVE-2022-50752

In the Linux kernel, the following vulnerability has been resolved: md/raid5: Remove unnecessary bioput in raid5readonechunk When running chunk-sized reads on disks with badblocks duplicate bio free/puts are observed: ============================================================================= B...

SUSE CVE-2022-50753

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on summary info As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=216456 BUG: KASAN: use-after-free in recoverdata+0x63ae/0x6ae0 f2fs Read of size 4 at addr...

SUSE CVE-2022-50754

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix a memleak in multitransactionnew In multitransactionnew, the variable t is not freed or passed out on the failure of copyfromusert-data, buf, size, which could lead to a memleak. Fix this bug by adding a...

SUSE CVE-2022-50755

In the Linux kernel, the following vulnerability has been resolved: udf: Avoid double brelse in udfrename syzbot reported a warning like below 1: VFS: brelse: Trying to free free buffer WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 brelse+0x67/0xa0 ... Call Trace: invalidatebhlru+0x99/0x150...

SUSE CVE-2022-50756

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. The result is used to determine how many PRP Lists are required. The code was...

SUSE CVE-2022-50757

In the Linux kernel, the following vulnerability has been resolved: media: camss: Clean up received buffers on failed start of streaming It is required to return the received buffers, if streaming can not be started. For instance mediapipelinestart may fail with EPIPE, if a link validation betwee...

SUSE CVE-2022-50758

In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix potential memory leak In function deviceinittd0ring, memory is allocated for member tdinfo of priv-apTD0Ringsi, with i increasing from 0. In case of allocation failure, the memory is freed in reversed order,...

SUSE CVE-2022-50759

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5648: Free V4L2 fwnode data on unbind The V4L2 fwnode data structure doesn't get freed on unbind, which leads to a memleak...

SUSE CVE-2022-50760

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix PCI device refcount leak in amdgpuatrmgetbios As comment of pcigetclass says, it returns a pcidevice with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we...

SUSE CVE-2022-50761

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xeninitlockcpu In xeninitlockcpu, the @name has allocated new string by kasprintf, if bindipitoirqhandler fails, it should be freed, otherwise may lead to a memory leak issue, fix it...

SUSE CVE-2022-50762

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Avoid UBSAN error on truesectorsperclst syzbot reported UBSAN error as below: 76.901829 T6677 ================================================================================ 76.903908 T6677 UBSAN: shift-out-of-bounds i...

SUSE CVE-2022-50763

In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/octeontx - prevent integer overflows The "codelength" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to...

SUSE CVE-2022-50764

In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: use DEVSTATSINC to avoid data-races syzbot/KCSAN reported that multiple cpus are updating dev-stats.txerror concurrently. This is because sit tunnels are NETIFFLLTX, meaning their ndostartxmit is not protected by a...

SUSE CVE-2022-50765

In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xff2000000403d000 size 4096: comm "kexec", pid 146, jiffies 4294900633 age 64.792s hex dump first 32 bytes: 7f 45 4c ...