CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50140 – memstick/ms_block: Fix a memory leak
https://notcve.org/view.php?id=CVE-2022-50140
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: memstick/ms_block: Fix a memory leak 'erased_blocks_bitmap' is never freed. As it is allocated at the same time as 'used_blocks_bitmap', it is likely that it should be freed also at the same time. Add the corresponding bitmap_free() in msb_data_clear(). In the Linux kernel, the following vulnerability has been resolved: memstick/ms_block: Fix a memory leak 'erased_blocks_bitmap' is never freed. As it is allocated at the same time as 'used_b... • https://git.kernel.org/stable/c/0ab30494bc4f3bc1ea4659b7c5d97c5218554a63 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50139 – usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()
https://notcve.org/view.php?id=CVE-2022-50139
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() We should call of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount. In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() We should call of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount. • https://git.kernel.org/stable/c/30d2617fd7ed052c30d1c21ddd4af4703d922be8 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50138 – RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()
https://notcve.org/view.php?id=CVE-2022-50138
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() __qedr_alloc_mr() allocates a memory chunk for "mr->info.pbl_table" with init_mr_info(). When rdma_alloc_tid() and rdma_register_tid() fail, "mr" is released while "mr->info.pbl_table" is not released, which will lead to a memory leak. We should release the "mr->info.pbl_table" with qedr_free_pbl() when error occurs to fix the memory leak. In the Linux kernel, the following vulnerabi... • https://git.kernel.org/stable/c/e0290cce6ac02f8e5ec501f25f6f6900f384550c •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50137 – RDMA/irdma: Fix a window for use-after-free
https://notcve.org/view.php?id=CVE-2022-50137
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a window for use-after-free During a destroy CQ an interrupt may cause processing of a CQE after CQ resources are freed by irdma_cq_free_rsrc(). Fix this by moving the call to irdma_cq_free_rsrc() after the irdma_sc_cleanup_ceqes(), which is called under the cq_lock. In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a window for use-after-free During a destroy CQ an interrupt may cause proce... • https://git.kernel.org/stable/c/b48c24c2d710cf34810c555dcef883a3d35a9c08 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50136 – RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
https://notcve.org/view.php?id=CVE-2022-50136
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event If siw_recv_mpa_rr returns -EAGAIN, it means that the MPA reply hasn't been received completely, and should not report IW_CM_EVENT_CONNECT_REPLY in this case. This may trigger a call trace in iw_cm. A simple way to trigger this: server: ib_send_lat client: ib_send_lat -R
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50135 – RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup
https://notcve.org/view.php?id=CVE-2022-50135
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup The function rxe_create_qp calls rxe_qp_from_init. If some error occurs, the error handler of function rxe_qp_from_init will set both scq and rcq to NULL. Then rxe_create_qp calls rxe_put to handle qp. In the end, rxe_qp_do_cleanup is called by rxe_put. rxe_qp_do_cleanup directly accesses scq and rcq before checking them. This will cause null-ptr-deref error. • https://git.kernel.org/stable/c/4703b4f0d94a5f887297713a2f6c2916a1ef08fd •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50134 – RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
https://notcve.org/view.php?id=CVE-2022-50134
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() setup_base_ctxt() allocates a memory chunk for uctxt->groups with hfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groups is not released, which will lead to a memory leak. We should release the uctxt->groups with hfi1_free_ctxt_rcv_groups() when init_user_ctxt() fails. In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memor... • https://git.kernel.org/stable/c/e87473bc1b6c2cb08f1b760cfc8cd012822241a6 •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50133 – usb: xhci_plat_remove: avoid NULL dereference
https://notcve.org/view.php?id=CVE-2022-50133
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci_plat_remove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a ("usb: host: xhci-plat: omit shared hcd if either root hub has no ports") xhci->shared_hcd can be NULL, which causes the following Oops on reboot: [ 710.124450] systemd-shutdown[1]: Rebooting. [ 710.298861] xhci-hcd xhci-hcd.2.auto: remove, state 4 [ 710.304217] usb usb3: USB disconnect, device number 1 [ 710.317441] xhci-hcd xhci-hcd.2.auto:... • https://git.kernel.org/stable/c/4736ebd7fcaff1eb8481c140ba494962847d6e0a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50132 – usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()
https://notcve.org/view.php?id=CVE-2022-50132
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() If 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid pointer and its dereference with priv_ep->cdns3_dev may cause panic. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), c... • https://git.kernel.org/stable/c/7733f6c32e36ff9d7adadf40001039bf219b1cbe •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50131 – HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()
https://notcve.org/view.php?id=CVE-2022-50131
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() Smatch Warning: drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() '&mcp->txbuf[5]' too small (59 vs 255) drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() 'buf' too small (34 vs 255) The 'len' variable can take a value between 0-255 as it can come from data->block[0] and it is user data. So add an bound check to prevent a buffer overflow in memcpy()... • https://git.kernel.org/stable/c/67a95c21463d066060b0f66d65a75d45bb386ffb •