CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50432 – kernfs: fix use-after-free in __kernfs_remove
https://notcve.org/view.php?id=CVE-2022-50432
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: kernfs: fix use-after-free in __kernfs_remove Syzkaller managed to trigger concurrent calls to kernfs_remove_by_name_ns() for the same file resulting in a KASAN detected use-after-free. The race occurs when the root node is freed during kernfs_drain(). To prevent this acquire an additional reference for the root of the tree that is removed before calling __kernfs_remove(). Found by syzkaller with the following reproducer (slab_nomerge is re... • https://git.kernel.org/stable/c/45a140e587f3d32d8d424ed940dffb61e1739047 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50431 – ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
https://notcve.org/view.php?id=CVE-2022-50431
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() dev_set_name() in soundbus_add_one() allocates memory for name, it need be freed when of_device_register() fails, call soundbus_dev_put() to give up the reference that hold in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hit to 0. And other resources are also freed in i2sbus_release_dev(), so it can return 0 directly. In the Linux kernel, ... • https://git.kernel.org/stable/c/f3d9478b2ce468c3115b02ecae7e975990697f15 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50430 – mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
https://notcve.org/view.php?id=CVE-2022-50430
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING vub300_enable_sdio_irq() works with mutex and need TASK_RUNNING here. Ensure that we mark current as TASK_RUNNING for sleepable context. [ 77.554641] do not call blocking ops when !TASK_RUNNING; state=1 set at [
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50429 – memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
https://notcve.org/view.php?id=CVE-2022-50429
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() We should add the of_node_put() when breaking out of for_each_child_of_node() as it will automatically increase and decrease the refcount. In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() We should add the of_node_put() when breaking out of for_each_child_of_node() as it will automatically incr... • https://git.kernel.org/stable/c/976897dd96db94c74209d0a0671d7a73aa02fab9 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50428 – ext4: fix off-by-one errors in fast-commit block filling
https://notcve.org/view.php?id=CVE-2022-50428
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one errors in fast-commit block filling Due to several different off-by-one errors, or perhaps due to a late change in design that wasn't fully reflected in the code that was actually merged, there are several very strange constraints on how fast-commit blocks are filled with tlv entries: - tlvs must start at least 10 bytes before the end of the block, even though the minimum tlv length is 8. Otherwise, the replay code will... • https://git.kernel.org/stable/c/aa75f4d3daaeb1389b9cce9d6b84401eaf228d4e •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50427 – ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
https://notcve.org/view.php?id=CVE-2022-50427
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should call put_device() to give up reference, or the name allocated in dev_set_name() is leaked. In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should call put_device() to give u... • https://git.kernel.org/stable/c/0ca06a00e206b963587ac471e6d1c52bf33b9a18 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50426 – remoteproc: imx_dsp_rproc: Add mutex protection for workqueue
https://notcve.org/view.php?id=CVE-2022-50426
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_dsp_rproc: Add mutex protection for workqueue The workqueue may execute late even after remoteproc is stopped or stopping, some resources (rpmsg device and endpoint) have been released in rproc_stop_subdevices(), then rproc_vq_interrupt() accessing these resources will cause kennel dump. Call trace: virtqueue_add_split+0x1ac/0x560 virtqueue_add_inbuf+0x4c/0x60 rpmsg_recv_done+0x15c/0x294 vring_interrupt+0x6c/0xa4 rproc_vq_in... • https://git.kernel.org/stable/c/ec0e5549f3586d2cb99a05edd006d722ebad912c • CWE-820: Missing Synchronization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50425 – x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly
https://notcve.org/view.php?id=CVE-2022-50425
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly When an extended state component is not present in fpstate, but in init state, the function copies from init_fpstate via copy_feature(). But, dynamic states are not present in init_fpstate because of all-zeros init states. Then retrieving them from init_fpstate will explode like this: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:memcpy_erms+0x6... • https://git.kernel.org/stable/c/2308ee57d93d896618dd65c996429c9d3e469fe0 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50424 – wifi: mt76: mt7921: resource leaks at mt7921_check_offload_capability()
https://notcve.org/view.php?id=CVE-2022-50424
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: resource leaks at mt7921_check_offload_capability() Fixed coverity issue with resource leaks at variable "fw" going out of scope leaks the storage it points to mt7921_check_offload_capability(). Addresses-Coverity-ID: 1527806 ("Resource leaks") In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: resource leaks at mt7921_check_offload_capability() Fixed coverity issue with resource leak... • https://git.kernel.org/stable/c/034ae28b56f13dc1f2beb3fa294b455f57ede9cb •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-50423 – ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
https://notcve.org/view.php?id=CVE-2022-50423
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() There is an use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpi_ut_remove_reference+0x3b/0x82 Read of size 1 at addr ffff888112afc460 by task modprobe/2111 CPU: 0 PID: 2111 Comm: modprobe Not tainted 6.1.0-rc7-dirty Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), Call Trace: