CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38083 – net_sched: prio: fix a race in prio_tune()
https://notcve.org/view.php?id=CVE-2025-38083
20 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() ... • https://git.kernel.org/stable/c/7b8e0b6e659983154c8d7e756cdb833d89a3d4d7 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-50232 – arm64: set UXN on swapper page tables
https://notcve.org/view.php?id=CVE-2022-50232
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables [ This issue was fixed upstream by accident in c3cee924bd85 ("arm64: head: cover entire kernel image in initial ID map") as part of a large refactoring of the arm64 boot flow. This simple fix is therefore preferred for -stable backporting ] On a system that implements FEAT_EPAN, read/write access to the idmap is denied because UXN is not set on the swapper PTEs. As a result, idmap_kpti_install_ng_mappin... • https://git.kernel.org/stable/c/18107f8a2df6bf1c6cac8d0713f757f866d5af51 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50231 – crypto: arm64/poly1305 - fix a read out-of-bound
https://notcve.org/view.php?id=CVE-2022-50231
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/poly1305 - fix a read out-of-bound A kasan error was reported during fuzzing: BUG: KASAN: slab-out-of-bounds in neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon] Read of size 4 at addr ffff0010e293f010 by task syz-executor.5/1646715 CPU: 4 PID: 1646715 Comm: syz-executor.5 Kdump: loaded Not tainted 5.10.0.aarch64 #1 Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.59 01/31/2019 Call trace: dump_backtrace+0x0/0x3... • https://git.kernel.org/stable/c/f569ca16475155013525686d0f73bc379c67e635 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-50230 – arm64: set UXN on swapper page tables
https://notcve.org/view.php?id=CVE-2022-50230
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables [ This issue was fixed upstream by accident in c3cee924bd85 ("arm64: head: cover entire kernel image in initial ID map") as part of a large refactoring of the arm64 boot flow. This simple fix is therefore preferred for -stable backporting ] On a system that implements FEAT_EPAN, read/write access to the idmap is denied because UXN is not set on the swapper PTEs. As a result, idmap_kpti_install_ng_mappin... • https://git.kernel.org/stable/c/18107f8a2df6bf1c6cac8d0713f757f866d5af51 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50229 – ALSA: bcd2000: Fix a UAF bug on the error path of probing
https://notcve.org/view.php?id=CVE-2022-50229
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: Fix a UAF bug on the error path of probing When the driver fails in snd_card_register() at probe time, it will free the 'bcd2k->midi_out_urb' before killing it, which may cause a UAF bug. The following log can reveal it: [ 50.727020] BUG: KASAN: use-after-free in bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000] [ 50.727623] Read of size 8 at addr ffff88810fab0e88 by task swapper/4/0 [ 50.729530] Call Trace: [ 50.732899] bcd20... • https://git.kernel.org/stable/c/b47a22290d581277be70e8a597824a4985d39e83 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50228 – KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
https://notcve.org/view.php?id=CVE-2022-50228
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVM_SET_VCPU_EVENTS (even if having at least a WARN there would be correct for KVM internally generated injections). kernel BUG at arch/x86/kvm/svm/svm.c:3386! invalid opcode: 0000 [#1] SMP CPU: 15 PID: 926 Comm: smm_test Not tainted 5.17.0-rc3+ #264 Hard... • https://git.kernel.org/stable/c/219b65dcf6c0bad83d51bfa12e25891c02de2414 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50227 – KVM: x86/xen: Initialize Xen timer only once
https://notcve.org/view.php?id=CVE-2022-50227
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Initialize Xen timer only once Add a check for existing xen timers before initializing a new one. Currently kvm_xen_init_timer() is called on every KVM_XEN_VCPU_ATTR_TYPE_TIMER, which is causing the following ODEBUG crash when vcpu->arch.xen.timer is already set. ODEBUG: init active (active state 0) object type: hrtimer hint: xen_timer_callbac0 RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:502 Call Trace: __debug... • https://git.kernel.org/stable/c/536395260582be7443b0b35b0bbb89ffe3947f62 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50226 – crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak
https://notcve.org/view.php?id=CVE-2022-50226
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data that PSP firmware returns. In this case, kmalloc will allocate memory that is the size of the input rather than the size of the data. Since PSP firmware doesn't fully overwrite the buffer, the sev ioctl interfaces with the issue may re... • https://git.kernel.org/stable/c/e799035609e1526761aa2f896a974b233d04d36d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50225 – riscv:uprobe fix SR_SPIE set/clear handling
https://notcve.org/view.php?id=CVE-2022-50225
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv:uprobe fix SR_SPIE set/clear handling In riscv the process of uprobe going to clear spie before exec the origin insn,and set spie after that.But When access the page which origin insn has been placed a page fault may happen and irq was disabled in arch_uprobe_pre_xol function,It cause a WARN as follows. There is no need to clear/set spie in arch_uprobe_pre/post/abort_xol. We can just remove it. [ 31.684157] BUG: sleeping function call... • https://git.kernel.org/stable/c/74784081aac8a0f3636965fc230e2d3b7cc123c6 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50224 – KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT
https://notcve.org/view.php?id=CVE-2022-50224
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled (mindblowing) and trigger the WARN that fires on reserved SPTE bits being set. KVM has required NX support for SVM since commit b26a71a1a5b9 ("KVM: SVM: Refuse to load kvm_amd if NX support is not available") for exactly this reason, but apparently it never occurred to anyone to ... • https://git.kernel.org/stable/c/6271f2854b9233702e236e576b885a876dde4889 •