CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50244 – cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
https://notcve.org/view.php?id=CVE-2022-50244
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() If device_register() fails in cxl_pci_afu|adapter(), the device is not added, device_unregister() can not be called in the error path, otherwise it will cause a null-ptr-deref because of removing not added device. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So split device_unregister() into device_del() and put_dev... • https://git.kernel.org/stable/c/f204e0b8cedd7da1dfcfd05ed6b7692737e24029 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50243 – sctp: handle the error returned from sctp_auth_asoc_init_active_key
https://notcve.org/view.php?id=CVE-2022-50243
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctp_auth_asoc_init_active_key When it returns an error from sctp_auth_asoc_init_active_key(), the active_key is actually not updated. The old sh_key will be freeed while it's still used as active key in asoc. Then an use-after-free will be triggered when sending patckets, as found by syzbot: sctp_auth_shkey_hold+0x22/0xa0 net/sctp/auth.c:112 sctp_set_owner_w net/sctp/socket.c:132 [inline] sctp_sendmsg_t... • https://git.kernel.org/stable/c/50b57223da67653c61e405d0a7592355cfe4585e • CWE-324: Use of a Key Past its Expiration Date •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50242 – drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
https://notcve.org/view.php?id=CVE-2022-50242
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() If vp alloc failed in qlcnic_sriov_init(), all previously allocated vp needs to be freed. In the Linux kernel, the following vulnerability has been resolved: drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() If vp alloc failed in qlcnic_sriov_init(), all previously allocated vp needs to be freed. This update provides the initial livepatch for this ke... • https://git.kernel.org/stable/c/f197a7aa62888f27c9a7976b18eb4f040f6606ce •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50236 – iommu/mediatek: Fix crash on isr after kexec()
https://notcve.org/view.php?id=CVE-2022-50236
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix crash on isr after kexec() If the system is rebooted via isr(), the IRQ handler might be triggered before the domain is initialized. Resulting on an invalid memory access error. Fix: [ 0.500930] Unable to handle kernel read from unreadable memory at virtual address 0000000000000070 [ 0.501166] Call trace: [ 0.501174] report_iommu_fault+0x28/0xfc [ 0.501180] mtk_iommu_isr+0x10c/0x1c0 [ joro: Fixed spelling in commit messa... • https://git.kernel.org/stable/c/0df4fabe208d9576f2671d31e77cf46d20fdcd01 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-39801 – usb: dwc3: Remove WARN_ON for device endpoint command timeouts
https://notcve.org/view.php?id=CVE-2025-39801
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'panic_on_warn' is enabled and unnecessary call trace prints when 'panic_on_warn' is disabled. It is seen during fast software-controlled connect/disconnect testcases. The following is one such endpoint command timeout that we observed: 1. Connect ======= ->dwc3_thread_int... • https://git.kernel.org/stable/c/72246da40f3719af3bfd104a2365b32537c27d83 •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39800 – btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()
https://notcve.org/view.php?id=CVE-2025-39800
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() If we find an unexpected generation for the extent buffer we are cloning at btrfs_copy_root(), we just WARN_ON() and don't error out and abort the transaction, meaning we allow to persist metadata with an unexpected generation. Instead of warning only, abort the transaction and return -EUCLEAN. In the Linux kernel, the following vulnerability has been resolved: btrfs:... • https://git.kernel.org/stable/c/be20aa9dbadc8c06283784ee12bbc0d97dea3418 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39798 – NFS: Fix the setting of capabilities when automounting a new filesystem
https://notcve.org/view.php?id=CVE-2025-39798
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be reset to the minimal defaults, and then probed for again. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be re... • https://git.kernel.org/stable/c/54ceac4515986030c2502960be620198dd8fe25b •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39797 – xfrm: Duplicate SPI Handling
https://notcve.org/view.php?id=CVE-2025-39797
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI Netlink message, which triggers the kernel function xfrm_alloc_spi(). This function is expected to ensure uniqueness of the Security Parameter Index (SPI) for inbound Security Associations (SAs). However, it can return success even when the requested SPI is already in use, leading to duplicate SPIs assigned to multiple inbound SAs, differentiate... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-39794 – ARM: tegra: Use I/O memcpy to write to IRAM
https://notcve.org/view.php?id=CVE-2025-39794
12 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when using the normal memcpy. In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when using the normal memcpy. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to ov... • https://git.kernel.org/stable/c/b36ab9754efbd7429d214b3b03dc9843882571bd •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39789 – crypto: x86/aegis - Add missing error checks
https://notcve.org/view.php?id=CVE-2025-39789
11 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. In the Linux kernel, the following vulnerability has been resolved: crypto: x86/aegis - Add missing error checks The skcipher_walk functions can allocate memory and can fail, so checking for errors is necessary. • https://git.kernel.org/stable/c/1d373d4e8e15b358f08de52956b32e0e38a11f84 •