CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50100 – sched/core: Do not requeue task on CPU excluded from cpus_mask
https://notcve.org/view.php?id=CVE-2022-50100
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/core: Do not requeue task on CPU excluded from cpus_mask The following warning was triggered on a large machine early in boot on a distribution kernel but the same problem should also affect mainline. WARNING: CPU: 439 PID: 10 at ../kernel/workqueue.c:2231 process_one_work+0x4d/0x440 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50099 – video: fbdev: arkfb: Check the size of screen before memset_io()
https://notcve.org/view.php?id=CVE-2022-50099
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memset_io() In the function arkfb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 659.399066] BUG: unable to handle page fault for address: ffffc90003000000 [ 659.399077] #PF: supervisor write access in kernel mode [ 659.39907... • https://git.kernel.org/stable/c/681e14730c73cc2c71af282c001de6bc71c22f00 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50098 – scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts
https://notcve.org/view.php?id=CVE-2022-50098
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts Ensure SRB is returned during I/O timeout error escalation. If that is not possible fail the escalation path. Following crash stack was seen: BUG: unable to handle kernel paging request at 0000002f56aa90f8 IP: qla_chk_edif_rx_sa_delete_pending+0x14/0x30 [qla2xxx] Call Trace: ? qla2x00_status_entry+0x19f/0x1c50 [qla2xxx] ? qla2x00_start_sp+0x116/0x1170 [qla2xxx] ? • https://git.kernel.org/stable/c/d74595278f4ab192af66d9e60a9087464638beee •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50097 – video: fbdev: s3fb: Check the size of screen before memset_io()
https://notcve.org/view.php?id=CVE-2022-50097
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memset_io() In the function s3fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000 [ 54.083742] #PF: supervisor write access in kernel mode [ 54.083744] #P... • https://git.kernel.org/stable/c/a268422de8bf1b4c0cb97987b6c329c9f6a3da4b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50095 – posix-cpu-timers: Cleanup CPU timers before freeing them during exec
https://notcve.org/view.php?id=CVE-2022-50095
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not a task") started looking up tasks by PID when deleting a CPU timer. When a non-leader thread calls execve, it will switch PIDs with the leader process. Then, as it calls exit_itimers, posix_cpu_timer_del cannot find the task because the timer still points out to the old PID. That means that armed timers... • https://git.kernel.org/stable/c/55e8c8eb2c7b6bf30e99423ccfe7ca032f498f59 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50094 – spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
https://notcve.org/view.php?id=CVE-2022-50094
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions trace_spmi_write_begin() and trace_spmi_read_end() both call memcpy() with a length of "len + 1". This leads to one extra byte being read beyond the end of the specified buffer. Fix this out-of-bound memory access by using a length of "len" instead. Here is a KASAN log showing the issue: BUG: KASAN: stack-out-of-bounds in trace_event_raw_event_spmi_read_end+0x1d0/0x234 Rea... • https://git.kernel.org/stable/c/a9fce374815d8ab94a3e6259802a944e2cc21408 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50093 – iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
https://notcve.org/view.php?id=CVE-2022-50093
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) KASAN reports: [ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497) [ 4.676149][ T0] Read of size 8 at addr 1fffffff85115558 by task swapper/0/0 [ 4.683454][ T0] [ 4.685... • https://git.kernel.org/stable/c/ee34b32d8c2950f66038c8975747ef9aec855289 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50092 – dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
https://notcve.org/view.php?id=CVE-2022-50092
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80 Read of size 8 at addr ffff8881b9d50068 by task dmsetup/950 CPU: 7 PID: 950 Comm: dmsetup Tainted: G W 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50087 – firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
https://notcve.org/view.php?id=CVE-2022-50087
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails. In the Linux kernel, the following vulnerabili... • https://git.kernel.org/stable/c/5aa558232edc30468d1f35108826dd5b3ffe978f •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50086 – block: don't allow the same type rq_qos add more than once
https://notcve.org/view.php?id=CVE-2022-50086
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't allow the same type rq_qos add more than once In our test of iocost, we encountered some list add/del corruptions of inner_walk list in ioc_timer_fn. The reason can be described as follows: cpu 0 cpu 1 ioc_qos_write ioc_qos_write ioc = q_to_ioc(queue); if (!ioc) { ioc = kzalloc(); ioc = q_to_ioc(queue); if (!ioc) { ioc = kzalloc(); ... rq_qos_add(q, rqos); } ... rq_qos_add(q, rqos); ... } When the io.cost.qos file is written by... • https://git.kernel.org/stable/c/0b7f5d7a4d2a72ad9de04ab8ccba2a31904aa638 •