5.5
CVE-2022-49415 - ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe
In the Linux kernel, the following vulnerability has been resolved: ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.
5.5
CVE-2022-49202 - Bluetooth: hci_uart: add missing NULL check in h5_enqueue
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: add missing NULL check in h5_enqueue Syzbot hit general protection fault in __pm_runtime_resume(). The problem was in missing NULL check. hu->serdev can be NULL and we should not blindly pass &serdev->dev soβ¦
7.8
CVE-2022-49179 - block, bfq: don't move oom_bfqq
In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq Our test report a UAF: [ 2073.019181] ================================================================== [ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168 [ 2073.019191]β¦
7.8
CVE-2022-49474 - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Connecting the same socket twice consecutively in sco_sock_connect() could lead to a race condition where two sco_conn objects are created but only one is asβ¦
5.5
CVE-2022-49449 - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()
In the Linux kernel, the following vulnerability has been resolved: pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() It will cause null-ptr-deref when using 'res', if platform_get_resource() returns NULL, so move using 'res' after devm_ioremap_resource() that will cheβ¦
7.8
CVE-2022-49416 - wifi: mac80211: fix use-after-free in chanctx code
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211_vif_use_reserved_context(), when we have an old context and the new context's replace_state is set to IEEE80211_CHANCTX_REPLACE_NONE, we free the old context in ieeeβ¦
4.7
CVE-2022-49631 - raw: Fix a data-race around sysctl_raw_l3mdev_accept.
In the Linux kernel, the following vulnerability has been resolved: raw: Fix a data-race around sysctl_raw_l3mdev_accept. While reading sysctl_raw_l3mdev_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
5.5
CVE-2022-49209 - bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full If tcp_bpf_sendmsg() is running while sk msg is full. When sk_msg_alloc() returns -ENOMEM error, tcp_bpf_sendmsg() goes to wait_for_memory. If partial memory has bβ¦
5.5
CVE-2022-49167 - btrfs: do not double complete bio on errors during compressed reads
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not double complete bio on errors during compressed reads I hit some weird panics while fixing up the error handling from btrfs_lookup_bio_sums(). Turns out the compression path will complete the bio we use if we set uβ¦
5.5
CVE-2022-49080 - mm/mempolicy: fix mpol_new leak in shared_policy_replace
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix mpol_new leak in shared_policy_replace If mpol_new is allocated but not used in restart loop, mpol_new will be freed via mpol_put before returning to the caller. But refcnt is not initialized yet, so mpol_put cβ¦