CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50335 – 9p: set req refcount to zero to avoid uninitialized usage
https://notcve.org/view.php?id=CVE-2022-50335
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the refcount will be zero if it is reused, but if the request is newly allocated from slab, it is not fully initialized before being added to idr. If the p9_read_work got a response before the refcount initiated. It will use a uninitialized req, which will result in a bad request data struct. Here is the logs from syzbot. Corrupted memory at 0xffff888... • https://git.kernel.org/stable/c/728356dedeff8ef999cb436c71333ef4ac51a81c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50334 – hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
https://notcve.org/view.php?id=CVE-2022-50334
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() Syzkaller reports a null-ptr-deref bug as follows: ====================================================== KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:hugetlbfs_parse_param+0x1dd/0x8e0 fs/hugetlbfs/inode.c:1380 [...] Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50333 – fs: jfs: fix shift-out-of-bounds in dbDiscardAG
https://notcve.org/view.php?id=CVE-2022-50333
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding the dbMount. As syzbot feeding rubbish into the bmap descriptor. In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding the dbMount. As syzbot feeding rubbish into the bmap de... • https://git.kernel.org/stable/c/b40c2e665cd552eae5fbdbb878bc29a34357668e •
CVSS: 9.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50330 – crypto: cavium - prevent integer overflow loading firmware
https://notcve.org/view.php?id=CVE-2022-50330
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "ntohl(ucode->code_length) * 2" multiplication can hav... • https://git.kernel.org/stable/c/9e2c7d99941d000a36f68a3594cec27a1bbea274 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50328 – jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
https://notcve.org/view.php?id=CVE-2022-50328
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2_fc_wait_bufs In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count which may lead to use-after-free. So judge buffer if uptodate before put buffer head reference count. In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2_fc_wait_bufs In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count which may lead to use-... • https://git.kernel.org/stable/c/ff780b91efe901b8eecd8114785abae5341820ad •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50327 – ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
https://notcve.org/view.php?id=CVE-2022-50327
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could be NULL, which would cause a NULL pointer dereference to occur in acpi_device_hid(). [ rjw: Subject and changelog edits, added empty line after if () ] In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could ... • https://git.kernel.org/stable/c/a36a7fecfe6071732075ad5aa31196adce13181b • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50324 – mtd: maps: pxa2xx-flash: fix memory leak in probe
https://notcve.org/view.php?id=CVE-2022-50324
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: maps: pxa2xx-flash: fix memory leak in probe Free 'info' upon remapping error to avoid a memory leak. [<miquel.raynal@bootlin.com>: Reword the commit log] This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/e644f7d6289456657996df4192de76c5d0a9f9c7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50321 – wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
https://notcve.org/view.php?id=CVE-2022-50321
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() The brcmf_netdev_start_xmit() returns NETDEV_TX_OK without freeing skb in case of pskb_expand_head() fails, add dev_kfree_skb() to fix it. Compile tested only. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() The brcmf_netdev_start_xmit() returns NETDEV_TX_OK without freeing skb in ... • https://git.kernel.org/stable/c/270a6c1f65fe68a28a5d39cd405592c550b496c7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50318 – perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
https://notcve.org/view.php?id=CVE-2022-50318
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() pci_get_device() will increase the reference count for the returned 'dev'. We need to call pci_dev_put() to decrease the reference count. Since 'dev' is only used in pci_read_config_dword(), let's add pci_dev_put() right after it. In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox... • https://git.kernel.org/stable/c/a8e87042482fd2d31c5cee62875b2ae75759ae8b • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50317 – drm/bridge: megachips: Fix a null pointer dereference bug
https://notcve.org/view.php?id=CVE-2022-50317
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/bridge: megachips: Fix a null pointer dereference bug When removing the module we will get the following warning: [ 31.911505] i2c-core: driver [stdp2690-ge-b850v3-fw] unregistered [ 31.912484] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI [ 31.913338] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 31.915280] RIP: 0010:drm_bridge_remove+0x97/0x1... • https://git.kernel.org/stable/c/7649972d97fb98578fbc4a351416cf72895e7c4d •