CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50092 – dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
https://notcve.org/view.php?id=CVE-2022-50092
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80 Read of size 8 at addr ffff8881b9d50068 by task dmsetup/950 CPU: 7 PID: 950 Comm: dmsetup Tainted: G W 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50087 – firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
https://notcve.org/view.php?id=CVE-2022-50087
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails. In the Linux kernel, the following vulnerabili... • https://git.kernel.org/stable/c/5aa558232edc30468d1f35108826dd5b3ffe978f •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50086 – block: don't allow the same type rq_qos add more than once
https://notcve.org/view.php?id=CVE-2022-50086
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't allow the same type rq_qos add more than once In our test of iocost, we encountered some list add/del corruptions of inner_walk list in ioc_timer_fn. The reason can be described as follows: cpu 0 cpu 1 ioc_qos_write ioc_qos_write ioc = q_to_ioc(queue); if (!ioc) { ioc = kzalloc(); ioc = q_to_ioc(queue); if (!ioc) { ioc = kzalloc(); ... rq_qos_add(q, rqos); } ... rq_qos_add(q, rqos); ... } When the io.cost.qos file is written by... • https://git.kernel.org/stable/c/0b7f5d7a4d2a72ad9de04ab8ccba2a31904aa638 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50085 – dm raid: fix address sanitizer warning in raid_resume
https://notcve.org/view.php?id=CVE-2022-50085
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert-raid.sh. The reason for the warning is that mddev->raid_disks is greater than rs->raid_disks, so the loop touches one entry beyond the allocated length. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume... • https://git.kernel.org/stable/c/c2f075e729636a44e98d9722e3852c2fa6fa49b6 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50084 – dm raid: fix address sanitizer warning in raid_status
https://notcve.org/view.php?id=CVE-2022-50084
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid ================================================================== BUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid] Read of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319 CPU: 0 PID: ... • https://git.kernel.org/stable/c/1ae0ebfb576b72c2ef400917a5484ebe7892d80b •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50083 – ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
https://notcve.org/view.php?id=CVE-2022-50083
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure that the inode_size is not less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise, the end position may be greater than the start position, resulting in UAF. In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure t... • https://git.kernel.org/stable/c/214c68423fd632646c68f3ec8b3c2602cf8273f3 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50082 – ext4: fix warning in ext4_iomap_begin as race between bmap and write
https://notcve.org/view.php?id=CVE-2022-50082
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_iomap_begin as race between bmap and write We got issue as follows: ------------[ cut here ]------------ WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4_iomap_begin+0x182/0x5d0 RIP: 0010:ext4_iomap_begin+0x182/0x5d0 RSP: 0018:ffff88812460fa08 EFLAGS: 00010293 RAX: ffff88811f168000 RBX: 0000000000000000 RCX: ffffffff97793c12 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff88812c6691... • https://git.kernel.org/stable/c/e1682c7171a6c0ff576fe8116b8cba5b8f538b94 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50080 – tee: add overflow check in register_shm_helper()
https://notcve.org/view.php?id=CVE-2022-50080
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in register_shm_helper() With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This causes internal_get_user_pages_fast() a helper function of pin_user_pages_fast() to do a NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Modules linked... • https://git.kernel.org/stable/c/033ddf12bcf5326b93bd604f50a7474a434a35f9 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50077 – apparmor: fix reference count leak in aa_pivotroot()
https://notcve.org/view.php?id=CVE-2022-50077
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: apparmor: fix reference count leak in aa_pivotroot() The aa_pivotroot() function has a reference counting bug in a specific path. When aa_replace_current_label() returns on success, the function forgets to decrement the reference count of “target”, which is increased earlier by build_pivotroot(), causing a reference leak. Fix it by decreasing the refcount of “target” in that path. In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/2ea3ffb7782a84da33a8382f13ebd016da50079b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50074 – apparmor: Fix memleak in aa_simple_write_to_buffer()
https://notcve.org/view.php?id=CVE-2022-50074
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aa_simple_write_to_buffer() When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue. In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aa_simple_write_to_buffer() When copy_from_user failed, the memory is fr... • https://git.kernel.org/stable/c/a6a52579e52b55448326db88bd9a5740e7c1a037 •