CVE-2022-49058

In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning:arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error:__memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'lin...

CVE-2022-49060

In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() dev_name() was called with dev.parent as argument but without toNULL-check it before.Solve this by checking the pointer before the call to dev_name().

CVE-2022-49087

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix a race in rxrpc_exit_net() Current code can lead to the following race: CPU0 CPU1 rxrpc_exit_net()rxrpc_peer_keepalive_worker()if (rxnet->live) rxnet->live = false;del_timer_sync(&rxnet->peer_keepalive_timer); t...

CVE-2022-49093

In the Linux kernel, the following vulnerability has been resolved: skbuff: fix coalescing for page_pool fragment recycling Fix a use-after-free when using page_pool with page fragments. Weencountered this problem during normal RX in the hns3 driver: (1) Initially we have three descriptors in the R...

CVE-2021-47631

In the Linux kernel, the following vulnerability has been resolved: ARM: davinci: da850-evm: Avoid NULL pointer dereference With newer versions of GCC, there is a panic in da850_evm_config_emac()when booting multi_v5_defconfig in QEMU under the palmetto-bmc machine: Unable to handle kernel NULL poi...

CVE-2022-49053

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does nottake refcount properly and just returns page pointer. Whentcmu_try_get_data_page() returns, the returned page may hav...

CVE-2022-49055

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmalloc_array() As the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference.Therefore, it is better to check the return value of kmalloc_...

CVE-2022-49046

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: check return value when calling dev_set_name() If dev_set_name() fails, the dev_name() is null, check the returnvalue of dev_set_name() to avoid the null-ptr-deref.

CVE-2022-49063

In the Linux kernel, the following vulnerability has been resolved: ice: arfs: fix use-after-free when freeing @rx_cpu_rmap The CI testing bots triggered the following splat: [ 718.203054] BUG: KASAN: use-after-free in free_irq_cpu_rmap+0x53/0x80[ 718.206349] Read of size 4 at addr ffff8881bd127e00...

CVE-2022-49085

In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in get_initial_state In get_initial_state, it calls notify_initial_state_done(skb,..) ifcb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(),the skb will be freed by nlmsg_fre...

CVE-2022-49096

In the Linux kernel, the following vulnerability has been resolved: net: sfc: add missing xdp queue reinitialization After rx/tx ring buffer size is changed, kernel panic occurs whenit acts XDP_TX or XDP_REDIRECT. When tx/rx ring buffer size is changed(ethtool -G), sfc driverreallocates and reiniti...

CVE-2022-49061

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link When using a fixed-link, the altr_tse_pcs driver crashesdue to null-pointer dereference as no phy_device is provided totse_pcs_fix_mac_speed function. Fix thi...

CVE-2022-49065

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix the svc_deferred_event trace class Fix a NULL deref crash that occurs when an svc_rqst is deferredwhile the sunrpc tracing subsystem is enabled. svc_revisit() setsdr->xprt to NULL, so it can't be relied upon in the t...

CVE-2022-49076

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix use-after-free bug for mm struct Under certain conditions, such as MPI_Abort, the hfi1 cleanup code mayrepresent the last reference held on the task mm.hfi1_mmu_rb_unregister() then drops the last reference and the m...

CVE-2022-49059

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flush_workqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching anNCI device. The main reason for this bug is the unexpected schedulingbetween the used delayed mechanism (timer and wor...

CVE-2022-49062

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr Use the actual length of volume coherency data when setting thexattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in cachefiles_set_volu...

CVE-2022-49071

In the Linux kernel, the following vulnerability has been resolved: drm/panel: ili9341: fix optional regulator handling If the optional regulator lookup fails, reset the pointer to NULL.Other functions such as mipi_dbi_poweron_reset_conditional() only doa NULL pointer check and will otherwise deref...

CVE-2022-49082

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() The function mpt3sas_transport_port_remove() called in_scsih_expander_node_remove() frees the port field of the sas_expanderstructure, leading to the following use-...

CVE-2022-49047

In the Linux kernel, the following vulnerability has been resolved: ep93xx: clock: Fix UAF in ep93xx_clk_register_gate() arch/arm/mach-ep93xx/clock.c:154:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]arch/arm/mach-ep93xx/clock.c:151:2: note: Taking true branchif (IS_ERR(cl...