CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50735 – wifi: mt76: do not run mt76u_status_worker if the device is not running
https://notcve.org/view.php?id=CVE-2022-50735
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: do not run mt76u_status_worker if the device is not running Fix the following NULL pointer dereference avoiding to run mt76u_status_worker thread if the device is not running yet. KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 98 Comm: kworker/u2:2 Not tainted 5.14.0+ #78 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Workque... • https://git.kernel.org/stable/c/9daf27e62852d68c6ffc2c21090238ea51bb0a7f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50734 – nvmem: core: Fix memleak in nvmem_register()
https://notcve.org/view.php?id=CVE-2022-50734
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmem: core: Fix memleak in nvmem_register() dev_set_name will alloc memory for nvmem->dev.kobj.name in nvmem_register, when nvmem_validate_keepouts failed, nvmem's memory will be freed and return, but nobody will free memory for nvmem->dev.kobj.name, there will be memleak, so moving nvmem_validate_keepouts() after device_register() and let the device core deal with cleaning name in error cases. In the Linux kernel, the following vulnerabil... • https://git.kernel.org/stable/c/de0534df93474f268486c486ea7e01b44a478026 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50733 – usb: idmouse: fix an uninit-value in idmouse_open
https://notcve.org/view.php?id=CVE-2022-50733
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: idmouse: fix an uninit-value in idmouse_open In idmouse_create_image, if any ftip_command fails, it will go to the reset label. However, this leads to the data in bulk_in_buffer[HEADER..IMGSIZE] uninitialized. And the check for valid image incurs an uninitialized dereference. Fix this by moving the check before reset label since this check only be valid if the data after bulk_in_buffer[HEADER] has concrete data. Note that this is found... • https://git.kernel.org/stable/c/4244f72436ab77c3c29a6447af81734ab3925d85 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50732 – staging: rtl8192u: Fix use after free in ieee80211_rx()
https://notcve.org/view.php?id=CVE-2022-50732
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192u: Fix use after free in ieee80211_rx() We cannot dereference the "skb" pointer after calling ieee80211_monitor_rx(), because it is a use after free. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192u: Fix use after free in ieee80211_rx() We cannot dereference the "skb" pointer after calling ieee80211_monitor_rx(), because it is a use after free. The SUSE Linux Enterprise 15 SP5 RT kernel w... • https://git.kernel.org/stable/c/8fc8598e61f6f384f3eaf1d9b09500c12af47b37 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50731 – crypto: akcipher - default implementation for setting a private key
https://notcve.org/view.php?id=CVE-2022-50731
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher - default implementation for setting a private key Changes from v1: * removed the default implementation from set_pub_key: it is assumed that an implementation must always have this callback defined as there are no use case for an algorithm, which doesn't need a public key Many akcipher implementations (like ECDSA) support only signature verifications, so they don't have all callbacks defined. Commit 78a0324f4a53 ("crypto: ... • https://git.kernel.org/stable/c/78a0324f4a5328088fea9426cfe1d1851276c475 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50730 – ext4: silence the warning when evicting inode with dioread_nolock
https://notcve.org/view.php?id=CVE-2022-50730
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: silence the warning when evicting inode with dioread_nolock When evicting an inode with default dioread_nolock, it could be raced by the unwritten extents converting kworker after writeback some new allocated dirty blocks. It convert unwritten extents to written, the extents could be merged to upper level and free extent blocks, so it could mark the inode dirty again even this inode has been marked I_FREEING. But the inode->i_io_list ... • https://git.kernel.org/stable/c/ceff86fddae8748fe00d4f2d249cb02cae62ad84 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50729 – ksmbd: Fix resource leak in ksmbd_session_rpc_open()
https://notcve.org/view.php?id=CVE-2022-50729
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix resource leak in ksmbd_session_rpc_open() When ksmbd_rpc_open() fails then it must call ksmbd_rpc_id_free() to undo the result of ksmbd_ipc_id_alloc(). In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix resource leak in ksmbd_session_rpc_open() When ksmbd_rpc_open() fails then it must call ksmbd_rpc_id_free() to undo the result of ksmbd_ipc_id_alloc(). • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50728 – s390/lcs: Fix return type of lcs_start_xmit()
https://notcve.org/view.php?id=CVE-2022-50728
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/lcs: Fix return type of lcs_start_xmit() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. A proposed warning in clang aims to catch these at ... • https://git.kernel.org/stable/c/dc1f8bf68b311b1537cb65893430b6796118498a •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50727 – scsi: efct: Fix possible memleak in efct_device_init()
https://notcve.org/view.php?id=CVE-2022-50727
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: efct: Fix possible memleak in efct_device_init() In efct_device_init(), when efct_scsi_reg_fc_transport() fails, efct_scsi_tgt_driver_exit() is not called to release memory for efct_scsi_tgt_driver_init() and causes memleak: unreferenced object 0xffff8881020ce000 (size 2048): comm "modprobe", pid 465, jiffies 4294928222 (age 55.872s) backtrace: [<0000000021a1ef1b>] kmalloc_trace+0x27/0x110 [<000000004c3ed51c>] target_register_template... • https://git.kernel.org/stable/c/4df84e8466242de835416a4ec0c856c0e2ed26eb •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50726 – net/mlx5: Fix possible use-after-free in async command interface
https://notcve.org/view.php?id=CVE-2022-50726
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix possible use-after-free in async command interface mlx5_cmd_cleanup_async_ctx should return only after all its callback handlers were completed. Before this patch, the below race between mlx5_cmd_cleanup_async_ctx and mlx5_cmd_exec_cb_handler was possible and lead to a use-after-free: 1. mlx5_cmd_cleanup_async_ctx is called while num_inflight is 2 (i.e. elevated by 1, a single inflight callback). 2. mlx5_cmd_cleanup_async_ctx ... • https://git.kernel.org/stable/c/e355477ed9e4f401e3931043df97325d38552d54 •