CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50085 – dm raid: fix address sanitizer warning in raid_resume
https://notcve.org/view.php?id=CVE-2022-50085
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert-raid.sh. The reason for the warning is that mddev->raid_disks is greater than rs->raid_disks, so the loop touches one entry beyond the allocated length. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume... • https://git.kernel.org/stable/c/c2f075e729636a44e98d9722e3852c2fa6fa49b6 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50084 – dm raid: fix address sanitizer warning in raid_status
https://notcve.org/view.php?id=CVE-2022-50084
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid ================================================================== BUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid] Read of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319 CPU: 0 PID: ... • https://git.kernel.org/stable/c/1ae0ebfb576b72c2ef400917a5484ebe7892d80b •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50083 – ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
https://notcve.org/view.php?id=CVE-2022-50083
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure that the inode_size is not less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise, the end position may be greater than the start position, resulting in UAF. In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure t... • https://git.kernel.org/stable/c/214c68423fd632646c68f3ec8b3c2602cf8273f3 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50082 – ext4: fix warning in ext4_iomap_begin as race between bmap and write
https://notcve.org/view.php?id=CVE-2022-50082
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_iomap_begin as race between bmap and write We got issue as follows: ------------[ cut here ]------------ WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4_iomap_begin+0x182/0x5d0 RIP: 0010:ext4_iomap_begin+0x182/0x5d0 RSP: 0018:ffff88812460fa08 EFLAGS: 00010293 RAX: ffff88811f168000 RBX: 0000000000000000 RCX: ffffffff97793c12 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff88812c6691... • https://git.kernel.org/stable/c/e1682c7171a6c0ff576fe8116b8cba5b8f538b94 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50080 – tee: add overflow check in register_shm_helper()
https://notcve.org/view.php?id=CVE-2022-50080
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in register_shm_helper() With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This causes internal_get_user_pages_fast() a helper function of pin_user_pages_fast() to do a NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Modules linked... • https://git.kernel.org/stable/c/033ddf12bcf5326b93bd604f50a7474a434a35f9 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50077 – apparmor: fix reference count leak in aa_pivotroot()
https://notcve.org/view.php?id=CVE-2022-50077
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: apparmor: fix reference count leak in aa_pivotroot() The aa_pivotroot() function has a reference counting bug in a specific path. When aa_replace_current_label() returns on success, the function forgets to decrement the reference count of “target”, which is increased earlier by build_pivotroot(), causing a reference leak. Fix it by decreasing the refcount of “target” in that path. In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/2ea3ffb7782a84da33a8382f13ebd016da50079b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50074 – apparmor: Fix memleak in aa_simple_write_to_buffer()
https://notcve.org/view.php?id=CVE-2022-50074
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aa_simple_write_to_buffer() When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue. In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aa_simple_write_to_buffer() When copy_from_user failed, the memory is fr... • https://git.kernel.org/stable/c/a6a52579e52b55448326db88bd9a5740e7c1a037 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50073 – net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null
https://notcve.org/view.php?id=CVE-2022-50073
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tap_get_user calls virtio_net_hdr_to_skb the skb->dev is null (in tap.c skb->dev is set after the call to virtio_net_hdr_to_skb) virtio_net_hdr_to_skb calls dev_parse_header_protocol which needs skb->dev field to be valid. The line that trigers the bug is in dev_parse_header_protocol (dev is ... • https://git.kernel.org/stable/c/924a9bc362a5223cd448ca08c3dde21235adc310 •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50072 – NFSv4/pnfs: Fix a use-after-free bug in open
https://notcve.org/view.php?id=CVE-2022-50072
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutget operation arguments, since they are likely still in use by the hung RPC call. In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutge... • https://git.kernel.org/stable/c/6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50068 – drm/ttm: Fix dummy res NULL ptr deref bug
https://notcve.org/view.php?id=CVE-2022-50068
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix dummy res NULL ptr deref bug Check the bo->resource value before accessing the resource mem_type. v2: Fix commit description unwrapped warning