CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50082 – ext4: fix warning in ext4_iomap_begin as race between bmap and write
https://notcve.org/view.php?id=CVE-2022-50082
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_iomap_begin as race between bmap and write We got issue as follows: ------------[ cut here ]------------ WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4_iomap_begin+0x182/0x5d0 RIP: 0010:ext4_iomap_begin+0x182/0x5d0 RSP: 0018:ffff88812460fa08 EFLAGS: 00010293 RAX: ffff88811f168000 RBX: 0000000000000000 RCX: ffffffff97793c12 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff88812c6691... • https://git.kernel.org/stable/c/e1682c7171a6c0ff576fe8116b8cba5b8f538b94 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50080 – tee: add overflow check in register_shm_helper()
https://notcve.org/view.php?id=CVE-2022-50080
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in register_shm_helper() With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This causes internal_get_user_pages_fast() a helper function of pin_user_pages_fast() to do a NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Modules linked... • https://git.kernel.org/stable/c/033ddf12bcf5326b93bd604f50a7474a434a35f9 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50077 – apparmor: fix reference count leak in aa_pivotroot()
https://notcve.org/view.php?id=CVE-2022-50077
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: apparmor: fix reference count leak in aa_pivotroot() The aa_pivotroot() function has a reference counting bug in a specific path. When aa_replace_current_label() returns on success, the function forgets to decrement the reference count of “target”, which is increased earlier by build_pivotroot(), causing a reference leak. Fix it by decreasing the refcount of “target” in that path. In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/2ea3ffb7782a84da33a8382f13ebd016da50079b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50074 – apparmor: Fix memleak in aa_simple_write_to_buffer()
https://notcve.org/view.php?id=CVE-2022-50074
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aa_simple_write_to_buffer() When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue. In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aa_simple_write_to_buffer() When copy_from_user failed, the memory is fr... • https://git.kernel.org/stable/c/a6a52579e52b55448326db88bd9a5740e7c1a037 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50073 – net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null
https://notcve.org/view.php?id=CVE-2022-50073
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tap_get_user calls virtio_net_hdr_to_skb the skb->dev is null (in tap.c skb->dev is set after the call to virtio_net_hdr_to_skb) virtio_net_hdr_to_skb calls dev_parse_header_protocol which needs skb->dev field to be valid. The line that trigers the bug is in dev_parse_header_protocol (dev is ... • https://git.kernel.org/stable/c/924a9bc362a5223cd448ca08c3dde21235adc310 •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50072 – NFSv4/pnfs: Fix a use-after-free bug in open
https://notcve.org/view.php?id=CVE-2022-50072
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutget operation arguments, since they are likely still in use by the hung RPC call. In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutge... • https://git.kernel.org/stable/c/6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50068 – drm/ttm: Fix dummy res NULL ptr deref bug
https://notcve.org/view.php?id=CVE-2022-50068
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix dummy res NULL ptr deref bug Check the bo->resource value before accessing the resource mem_type. v2: Fix commit description unwrapped warning
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50067 – btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
https://notcve.org/view.php?id=CVE-2022-50067
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() In btrfs_relocate_block_group(), the rc is allocated. Then btrfs_relocate_block_group() calls relocate_block_group() prepare_to_relocate() set_reloc_control() that assigns rc to the variable fs_info->reloc_ctl. When prepare_to_relocate() returns, it calls btrfs_commit_transaction() btrfs_start_dirty_block_groups() btrfs_alloc_path() kmem_cache_zalloc() which may... • https://git.kernel.org/stable/c/ff0e8ed8dfb584575cffc1561f17a1d094e8565b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50066 – net: atlantic: fix aq_vec index out of range error
https://notcve.org/view.php?id=CVE-2022-50066
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aq_vec index out of range error The final update statement of the for loop exceeds the array range, the dereference of self->aq_vec[i] is not checked and then leads to the index out of range error. Also fixed this kind of coding style in other for loop. [ 97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48 [ 97.937607] index 8 is out of range for type 'aq_vec_s *[8]' [ 97... • https://git.kernel.org/stable/c/97bde5c4f909a55ab4c36cf0ac9094f6c9e4cdf6 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50065 – virtio_net: fix memory leak inside XPD_TX with mergeable
https://notcve.org/view.php?id=CVE-2022-50065
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix memory leak inside XPD_TX with mergeable When we call xdp_convert_buff_to_frame() to get xdpf, if it returns NULL, we should check if xdp_page was allocated by xdp_linearize_page(). If it is newly allocated, it should be freed here alone. Just like any other "goto err_xdp". In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix memory leak inside XPD_TX with mergeable When we call xdp_convert_buf... • https://git.kernel.org/stable/c/44fa2dbd475996ddc8f3a0e6113dee983e0ee3aa •