5.5
CVE-2022-49153 - wireguard: socket: free skb in send6 when ipv6 is disabled
In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 (size 232): comm "kworker/u17:0", pid 23193, jiffies 4295238848 (age 3464.870s) hex dump (first 32β¦
5.5
CVE-2022-49066 - veth: Ensure eth header is in skb's linear part
In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with act_mirred, skb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(), which expects at least ETH_HLEN byte of lineβ¦
5.5
CVE-2022-49663 - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
In the Linux kernel, the following vulnerability has been resolved: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() Recently added debug in commit f9aefd6b2aa3 ("net: warn if mac header was not set") caught a bug in skb_tunnel_check_pmtu(), as shown in this syzbot report [1]. β¦
7.1
CVE-2022-49503 - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix The "rxstatus->rs_keyix" eventually gets passed to test_bit() so we need to ensure that it is within the bitmap. drivers/net/wireless/ath/ath9k/commonβ¦
5.5
CVE-2022-49456 - bonding: fix missed rcu protection
In the Linux kernel, the following vulnerability has been resolved: bonding: fix missed rcu protection When removing the rcu_read_lock in bond_ethtool_get_ts_info() as discussed [1], I didn't notice it could be called via setsockopt, which doesn't hold rcu lock, as syzbot pointed: stack backtrβ¦
5.5
CVE-2022-49431 - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Add missing of_node_put in iommu_init_early_dart The device_node pointer is returned by of_find_compatible_node with refcount incremented. We should use of_node_put() to avoid the refcount leak.
7.8
CVE-2022-49384 - md: fix double free of io_acct_set bioset
In the Linux kernel, the following vulnerability has been resolved: md: fix double free of io_acct_set bioset Now io_acct_set is alloc and free in personality. Remove the codes that free io_acct_set in md_free and md_stop.
5.5
CVE-2022-49379 - driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction
In the Linux kernel, the following vulnerability has been resolved: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Mounting NFS rootfs was timing out when deferred_probe_timeout was non-zero [1]. This was because ip_auto_config() initcall times out waiting for the β¦
5.5
CVE-2022-49340 - ip_gre: test csum_start instead of transport header
In the Linux kernel, the following vulnerability has been resolved: ip_gre: test csum_start instead of transport header GRE with TUNNEL_CSUM will apply local checksum offload on CHECKSUM_PARTIAL packets. ipgre_xmit must validate csum_start after an optional skb_pull, else lco_csum may trigger anβ¦
5.5
CVE-2022-49293 - netfilter: nf_tables: initialize registers in nft_do_chain()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: initialize registers in nft_do_chain() Initialize registers to avoid stack leak into userspace.