CVSS: 9.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50330 – crypto: cavium - prevent integer overflow loading firmware
https://notcve.org/view.php?id=CVE-2022-50330
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "ntohl(ucode->code_length) * 2" multiplication can hav... • https://git.kernel.org/stable/c/9e2c7d99941d000a36f68a3594cec27a1bbea274 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50327 – ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
https://notcve.org/view.php?id=CVE-2022-50327
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could be NULL, which would cause a NULL pointer dereference to occur in acpi_device_hid(). [ rjw: Subject and changelog edits, added empty line after if () ] In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could ... • https://git.kernel.org/stable/c/a36a7fecfe6071732075ad5aa31196adce13181b • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50324 – mtd: maps: pxa2xx-flash: fix memory leak in probe
https://notcve.org/view.php?id=CVE-2022-50324
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: maps: pxa2xx-flash: fix memory leak in probe Free 'info' upon remapping error to avoid a memory leak. [<miquel.raynal@bootlin.com>: Reword the commit log] This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/e644f7d6289456657996df4192de76c5d0a9f9c7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50321 – wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
https://notcve.org/view.php?id=CVE-2022-50321
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() The brcmf_netdev_start_xmit() returns NETDEV_TX_OK without freeing skb in case of pskb_expand_head() fails, add dev_kfree_skb() to fix it. Compile tested only. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() The brcmf_netdev_start_xmit() returns NETDEV_TX_OK without freeing skb in ... • https://git.kernel.org/stable/c/270a6c1f65fe68a28a5d39cd405592c550b496c7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50318 – perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
https://notcve.org/view.php?id=CVE-2022-50318
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() pci_get_device() will increase the reference count for the returned 'dev'. We need to call pci_dev_put() to decrease the reference count. Since 'dev' is only used in pci_read_config_dword(), let's add pci_dev_put() right after it. In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox... • https://git.kernel.org/stable/c/a8e87042482fd2d31c5cee62875b2ae75759ae8b • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50317 – drm/bridge: megachips: Fix a null pointer dereference bug
https://notcve.org/view.php?id=CVE-2022-50317
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/bridge: megachips: Fix a null pointer dereference bug When removing the module we will get the following warning: [ 31.911505] i2c-core: driver [stdp2690-ge-b850v3-fw] unregistered [ 31.912484] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI [ 31.913338] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 31.915280] RIP: 0010:drm_bridge_remove+0x97/0x1... • https://git.kernel.org/stable/c/7649972d97fb98578fbc4a351416cf72895e7c4d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50316 – orangefs: Fix kmemleak in orangefs_sysfs_init()
https://notcve.org/view.php?id=CVE-2022-50316
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefs_sysfs_init() When insert and remove the orangefs module, there are kobjects memory leaked as below: unreferenced object 0xffff88810f95af00 (size 64): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): a0 83 af 01 81 88 ff ff 08 af 95 0f 81 88 ff ff ................ 08 af 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmalloc_trace... • https://git.kernel.org/stable/c/f7ab093f74bf638ed98fd1115f3efa17e308bb7f •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53261 – coresight: Fix memory leak in acpi_buffer->pointer
https://notcve.org/view.php?id=CVE-2023-53261
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: coresight: Fix memory leak in acpi_buffer->pointer There are memory leaks reported by kmemleak: ... unreferenced object 0xffff00213c141000 (size 1024): comm "systemd-udevd", pid 2123, jiffies 4294909467 (age 6062.160s) hex dump (first 32 bytes): 04 00 00 00 02 00 00 00 18 10 14 3c 21 00 ff ff ...........] __kmem_cache_alloc_node+0x2f8/0x348 ... • https://git.kernel.org/stable/c/76ffa5ab5b79c250b9744b7f8bdd835db426a1ae • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53259 – VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF
https://notcve.org/view.php?id=CVE-2023-53259
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF The call to get_user_pages_fast() in vmci_host_setup_notify() can return NULL context->notify_page causing a GPF. To avoid GPF check if context->notify_page == NULL and return error if so. general protection fault, probably for non-canonical address 0xe0009d1000000060: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: maybe wild-memory-access in range [0x00050880000003... • https://git.kernel.org/stable/c/a1d88436d53a75e950db15834b3d2f8c0c358fdc •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53255 – firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool()
https://notcve.org/view.php?id=CVE-2023-53255
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() svc_create_memory_pool() is only called from stratix10_svc_drv_probe(). Most of resources in the probe are managed, but not this memremap() call. There is also no memunmap() call in the file. So switch to devm_memremap() to avoid a resource leak. In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: Fix a potential resou... • https://git.kernel.org/stable/c/7ca5ce896524f5292e610b27d168269e5ab74951 • CWE-401: Missing Release of Memory after Effective Lifetime •