CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50306 – ext4: fix potential out of bound read in ext4_fc_replay_scan()
https://notcve.org/view.php?id=CVE-2022-50306
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential out of bound read in ext4_fc_replay_scan() For scan loop must ensure that at least EXT4_FC_TAG_BASE_LEN space. If remain space less than EXT4_FC_TAG_BASE_LEN which will lead to out of bound read when mounting corrupt file system image. ADD_RANGE/HEAD/TAIL is needed to add extra check when do journal scan, as this three tags will read data during scan, tag length couldn't less than data length which will read. In the Linu... • https://git.kernel.org/stable/c/6969367c1500c15eddc38fda12f6d15518ad6d03 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50304 – mtd: core: fix possible resource leak in init_mtd()
https://notcve.org/view.php?id=CVE-2022-50304
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: core: fix possible resource leak in init_mtd() I got the error report while inject fault in init_mtd(): sysfs: cannot create duplicate filename '/devices/virtual/bdi/mtd-0' Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50303 – drm/amdkfd: Fix double release compute pasid
https://notcve.org/view.php?id=CVE-2022-50303
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix double release compute pasid If kfd_process_device_init_vm returns failure after vm is converted to compute vm and vm->pasid set to compute pasid, KFD will not take pdd->drm_file reference. As a result, drm close file handler maybe called to release the compute pasid before KFD process destroy worker to release the same pasid and set vm->pasid to zero, this generates below WARNING backtrace and NULL pointer access. Add helpe... • https://git.kernel.org/stable/c/4a488a7ad71401169cecee75dc94bcce642e2c53 • CWE-1341: Multiple Releases of Same Resource or Handle •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50302 – lockd: set other missing fields when unlocking files
https://notcve.org/view.php?id=CVE-2022-50302
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfs_lock_file() expects the struct file_lock to be fully initialised by the caller. Re-exported NFSv3 has been seen to Oops if the fl_file field is NULL. In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfs_lock_file() expects the struct file_lock to be fully initialised by the caller. Re-exported NFSv3 has been seen ... • https://git.kernel.org/stable/c/9c3eef773cf4a8a18f959234bbb4c0a55c31ab71 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50301 – iommu/omap: Fix buffer overflow in debugfs
https://notcve.org/view.php?id=CVE-2022-50301
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/omap: Fix buffer overflow in debugfs There are two issues here: 1) The "len" variable needs to be checked before the very first write. Otherwise if omap2_iommu_dump_ctx() with "bytes" less than 32 it is a buffer overflow. 2) The snprintf() function returns the number of bytes that *would* have been copied if there were enough space. But we want to know the number of bytes which were *actually* copied so use scnprintf() instead. In the... • https://git.kernel.org/stable/c/bd4396f09a4a9e77423e92ec9448217ab46f6edf •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50300 – btrfs: fix extent map use-after-free when handling missing device in read_one_chunk
https://notcve.org/view.php?id=CVE-2022-50300
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when handling missing device in read_one_chunk Store the error code before freeing the extent_map. Though it's reference counted structure, in that function it's the first and last allocation so this would lead to a potential use-after-free. The error can happen eg. when chunk is stored on a missing device and the degraded mount option is missing. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216... • https://git.kernel.org/stable/c/adfb69af7d8cb6a3958f75aad1ef4bc96891d116 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50299 – md: Replace snprintf with scnprintf
https://notcve.org/view.php?id=CVE-2022-50299
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf() returns the number of characters generated from the given input, which could cause the expression “200 – len” to wrap around to a large positive number. Fix this by using scnprintf() instead, which returns the actual number of characters written into the buffe... • https://git.kernel.org/stable/c/766038846e875740cf4c20dfc5d5b292ba47360a • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50298 – slimbus: qcom-ngd: cleanup in probe error path
https://notcve.org/view.php?id=CVE-2022-50298
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd: cleanup in probe error path Add proper error path in probe() to cleanup resources previously acquired/allocated to fix warnings visible during probe deferral: notifier callback qcom_slim_ngd_ssr_notify already registered WARNING: CPU: 6 PID: 70 at kernel/notifier.c:28 notifier_chain_register+0x5c/0x90 Modules linked in: CPU: 6 PID: 70 Comm: kworker/u16:1 Not tainted 6.0.0-rc3-next-20220830 #380 Call trace: notifier_chain_... • https://git.kernel.org/stable/c/e1ae85e1830e167a63f94007e50e088b86aa0a16 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50297 – wifi: ath9k: verify the expected usb_endpoints are present
https://notcve.org/view.php?id=CVE-2022-50297
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usb_endpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. (In this case there was an interrupt endpoint where the driver expected a bulk endpoint.) The kernel needs to be able to handle such devices without getting an internal error. usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 3 PID: 500 at drivers/usb/core/urb.c:493 usb_submit_urb+0... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 • CWE-544: Missing Standardized Error Handling Mechanism •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50296 – UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
https://notcve.org/view.php?id=CVE-2022-50296
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f... • https://git.kernel.org/stable/c/8f96aa67c2ccbd7e41b8dc992b8d13cfe206d571 •