CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50133 – usb: xhci_plat_remove: avoid NULL dereference
https://notcve.org/view.php?id=CVE-2022-50133
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci_plat_remove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a ("usb: host: xhci-plat: omit shared hcd if either root hub has no ports") xhci->shared_hcd can be NULL, which causes the following Oops on reboot: [ 710.124450] systemd-shutdown[1]: Rebooting. [ 710.298861] xhci-hcd xhci-hcd.2.auto: remove, state 4 [ 710.304217] usb usb3: USB disconnect, device number 1 [ 710.317441] xhci-hcd xhci-hcd.2.auto:... • https://git.kernel.org/stable/c/4736ebd7fcaff1eb8481c140ba494962847d6e0a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50132 – usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()
https://notcve.org/view.php?id=CVE-2022-50132
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() If 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid pointer and its dereference with priv_ep->cdns3_dev may cause panic. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), c... • https://git.kernel.org/stable/c/7733f6c32e36ff9d7adadf40001039bf219b1cbe •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50131 – HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()
https://notcve.org/view.php?id=CVE-2022-50131
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() Smatch Warning: drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() '&mcp->txbuf[5]' too small (59 vs 255) drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() 'buf' too small (34 vs 255) The 'len' variable can take a value between 0-255 as it can come from data->block[0] and it is user data. So add an bound check to prevent a buffer overflow in memcpy()... • https://git.kernel.org/stable/c/67a95c21463d066060b0f66d65a75d45bb386ffb •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50130 – staging: fbtft: core: set smem_len before fb_deferred_io_init call
https://notcve.org/view.php?id=CVE-2022-50130
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: core: set smem_len before fb_deferred_io_init call The fbtft_framebuffer_alloc() calls fb_deferred_io_init() before initializing info->fix.smem_len. It is set to zero by the framebuffer_alloc() function. It will trigger a WARN_ON() at the start of fb_deferred_io_init() and the function will not do anything. In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: core: set smem_len before fb_deferr... • https://git.kernel.org/stable/c/6a9ae2fe887042f76fd3d334349e64e8ab3c55a2 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50129 – RDMA/srpt: Fix a use-after-free
https://notcve.org/view.php?id=CVE-2022-50129
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srpt_port from regular members into pointers. Allocate the LIO port data structures from inside srpt_make_tport() and free these from inside srpt_make_tport(). Keep struct srpt_device as long as either an RDMA port or a LIO target port is associated with it. This patch decouples the lifetime of struct srpt_port (controlled by the RDMA core) and struct srpt_port_id (co... • https://git.kernel.org/stable/c/a42d985bd5b234da8b61347a78dc3057bf7bb94d •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50127 – RDMA/rxe: Fix error unwind in rxe_create_qp()
https://notcve.org/view.php?id=CVE-2022-50127
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxe_create_qp() In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, internally things like the spin locks are not setup until rxe_qp_init_req(). If an error occures before this point then the unwind will call rxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task() which will oops when trying to access the uninitialized spinlock. Move the spinlock initializations earlie... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50126 – jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
https://notcve.org/view.php?id=CVE-2022-50126
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted Following process will fail assertion 'jh->b_frozen_data == NULL' in jbd2_journal_dirty_metadata(): jbd2_journal_commit_transaction unlink(dir/a) jh->b_transaction = trans1 jh->b_jlist = BJ_Metadata journal->j_running_transaction = NULL trans1->t_state = T_COMMIT unlink(dir/b) handle->h_trans = trans2 do_get_write_access jh->b_modified = 0 jh->b_frozen_data = froze... • https://git.kernel.org/stable/c/470decc613ab2048b619a01028072d932d9086ee •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50125 – ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe
https://notcve.org/view.php?id=CVE-2022-50125
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe of_parse_phandle() returns a node pointer with refcount in... • https://git.kernel.org/stable/c/b6bc07d4360dbf766e551f18e43c67fff6784955 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50124 – ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
https://notcve.org/view.php?id=CVE-2022-50124
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe of_parse_phandle() returns a node pointer with refcount incremented,... • https://git.kernel.org/stable/c/f0ab0bf250da5a115d5675a686117f21984f0760 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50123 – ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
https://notcve.org/view.php?id=CVE-2022-50123
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Fix missing of_node_put() in error paths. In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe of_parse_phandle() returns a node pointer with refcount ... • https://git.kernel.org/stable/c/94319ba10ecabc8f28129566d1f5793e3e7a0a79 •