CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-50520 – drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
https://notcve.org/view.php?id=CVE-2022-50520
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() As comment of pci_get_class() says, it returns a pci_device with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we break the loop in radeon_atrm_get_bios() with 'pdev' not NULL, we need to call pci_dev_put() to decrease the refcount. Add the missing pci_dev_put() to avoid refcount leak. In the Linux kernel, the following... • https://git.kernel.org/stable/c/c61e2775873f603148e8e998a938721b7d222d24 • CWE-911: Improper Update of Reference Count •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50519 – nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
https://notcve.org/view.php?id=CVE-2022-50519
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure If creation or finalization of a checkpoint fails due to anomalies in the checkpoint metadata on disk, a kernel warning is generated. This patch replaces the WARN_ONs by nilfs_error, so that a kernel, booted with panic_on_warn, does not panic. A nilfs_error is appropriate here to handle the abnormal filesystem condition. This also replaces the detected error codes wi... • https://git.kernel.org/stable/c/9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50518 – parisc: Fix locking in pdc_iodc_print() firmware call
https://notcve.org/view.php?id=CVE-2022-50518
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Fix locking in pdc_iodc_print() firmware call Utilize pdc_lock spinlock to protect parallel modifications of the iodc_dbuf[] buffer, check length to prevent buffer overflow of iodc_dbuf[], drop the iodc_retbuf[] buffer and fix some wrong indentings. In the Linux kernel, the following vulnerability has been resolved: parisc: Fix locking in pdc_iodc_print() firmware call Utilize pdc_lock spinlock to protect parallel modifications of t... • https://git.kernel.org/stable/c/ef1afd4d79f0479960ff36bb5fe6ec6eba1ebff2 •
CVSS: 5.2EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50516 – fs: dlm: fix invalid derefence of sb_lvbptr
https://notcve.org/view.php?id=CVE-2022-50516
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sb_lvbptr I experience issues when putting a lkbsb on the stack and have sb_lvbptr field to a dangled pointer while not using DLM_LKF_VALBLK. It will crash with the following kernel message, the dangled pointer is here 0xdeadbeef as example: [ 102.749317] BUG: unable to handle page fault for address: 00000000deadbeef [ 102.749320] #PF: supervisor read access in kernel mode [ 102.749323] #PF: error_code(0x00... • https://git.kernel.org/stable/c/e7fd41792fc0ee52a05fcaac87511f118328d147 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50514 – usb: gadget: f_hid: fix refcount leak on error path
https://notcve.org/view.php?id=CVE-2022-50514
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: fix refcount leak on error path When failing to allocate report_desc, opts->refcnt has already been incremented so it needs to be decremented to avoid leaving the options structure permanently locked. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: fix refcount leak on error path When failing to allocate report_desc, opts->refcnt has already been incremented so it needs to be decre... • https://git.kernel.org/stable/c/21a9476a7ba847e413bf1c144d7c614532aed6dd •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50513 – staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
https://notcve.org/view.php?id=CVE-2022-50513
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() In rtw_init_cmd_priv(), if `pcmdpriv->rsp_allocated_buf` is allocated in failure, then `pcmdpriv->cmd_allocated_buf` will be not properly released. Besides, considering there are only two error paths and the first one can directly return, so we do not need implicitly jump to the `exit` tag to execute the error handler. So this patch added `kfree(pcmdpriv->cmd_allocated_b... • https://git.kernel.org/stable/c/554c0a3abf216c991c5ebddcdb2c08689ecd290b •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50511 – lib/fonts: fix undefined behavior in bit shift for get_default_font
https://notcve.org/view.php?id=CVE-2022-50511
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavior in bit shift for get_default_font Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in lib/fonts/fonts.c:139:20 left shift of 1 by 31 places cannot be represented in type 'int'
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50510 – perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()
https://notcve.org/view.php?id=CVE-2022-50510
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init() arm_smmu_pmu_init() won't remove the callback added by cpuhp_setup_state_multi() when platform_driver_register() failed. Remove the callback by cpuhp_remove_multi_state() in fail path. Similar to the handling of arm_ccn_init() in commit 26242b330093 ("bus: arm-ccn: Prevent hotplug callback leak") In the Linux kernel, the following vulnerability has been resolved: perf/smmuv3: Fix... • https://git.kernel.org/stable/c/7d839b4b9e00645e49345d6ce5dfa8edf53c1a21 •
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50509 – media: coda: Add check for kmalloc
https://notcve.org/view.php?id=CVE-2022-50509
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for kmalloc As the kmalloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others. In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for kmalloc As the kmalloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others. The ... • https://git.kernel.org/stable/c/cb1d3a336371e35c3920cc50a701c5403c255644 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53616 – jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
https://notcve.org/view.php?id=CVE-2023-53616
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount syzbot found an invalid-free in diUnmount: BUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline] BUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674 Free of addr ffff88806f410000 by task syz-executor131/3632 CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0 Hardware name: Google Google Compute Engine/Google Comp... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •