CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50304 – mtd: core: fix possible resource leak in init_mtd()
https://notcve.org/view.php?id=CVE-2022-50304
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: core: fix possible resource leak in init_mtd() I got the error report while inject fault in init_mtd(): sysfs: cannot create duplicate filename '/devices/virtual/bdi/mtd-0' Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50303 – drm/amdkfd: Fix double release compute pasid
https://notcve.org/view.php?id=CVE-2022-50303
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix double release compute pasid If kfd_process_device_init_vm returns failure after vm is converted to compute vm and vm->pasid set to compute pasid, KFD will not take pdd->drm_file reference. As a result, drm close file handler maybe called to release the compute pasid before KFD process destroy worker to release the same pasid and set vm->pasid to zero, this generates below WARNING backtrace and NULL pointer access. Add helpe... • https://git.kernel.org/stable/c/4a488a7ad71401169cecee75dc94bcce642e2c53 • CWE-1341: Multiple Releases of Same Resource or Handle •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50301 – iommu/omap: Fix buffer overflow in debugfs
https://notcve.org/view.php?id=CVE-2022-50301
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/omap: Fix buffer overflow in debugfs There are two issues here: 1) The "len" variable needs to be checked before the very first write. Otherwise if omap2_iommu_dump_ctx() with "bytes" less than 32 it is a buffer overflow. 2) The snprintf() function returns the number of bytes that *would* have been copied if there were enough space. But we want to know the number of bytes which were *actually* copied so use scnprintf() instead. In the... • https://git.kernel.org/stable/c/bd4396f09a4a9e77423e92ec9448217ab46f6edf •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50300 – btrfs: fix extent map use-after-free when handling missing device in read_one_chunk
https://notcve.org/view.php?id=CVE-2022-50300
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when handling missing device in read_one_chunk Store the error code before freeing the extent_map. Though it's reference counted structure, in that function it's the first and last allocation so this would lead to a potential use-after-free. The error can happen eg. when chunk is stored on a missing device and the degraded mount option is missing. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216... • https://git.kernel.org/stable/c/adfb69af7d8cb6a3958f75aad1ef4bc96891d116 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50299 – md: Replace snprintf with scnprintf
https://notcve.org/view.php?id=CVE-2022-50299
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf() returns the number of characters generated from the given input, which could cause the expression “200 – len” to wrap around to a large positive number. Fix this by using scnprintf() instead, which returns the actual number of characters written into the buffe... • https://git.kernel.org/stable/c/766038846e875740cf4c20dfc5d5b292ba47360a • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50297 – wifi: ath9k: verify the expected usb_endpoints are present
https://notcve.org/view.php?id=CVE-2022-50297
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usb_endpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. (In this case there was an interrupt endpoint where the driver expected a bulk endpoint.) The kernel needs to be able to handle such devices without getting an internal error. usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 3 PID: 500 at drivers/usb/core/urb.c:493 usb_submit_urb+0... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 • CWE-544: Missing Standardized Error Handling Mechanism •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50296 – UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
https://notcve.org/view.php?id=CVE-2022-50296
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50294 – wifi: libertas: fix memory leak in lbs_init_adapter()
https://notcve.org/view.php?id=CVE-2022-50294
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix memory leak in lbs_init_adapter() When kfifo_alloc() failed in lbs_init_adapter(), cmd buffer is not released. Add free memory to processing error path. In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix memory leak in lbs_init_adapter() When kfifo_alloc() failed in lbs_init_adapter(), cmd buffer is not released. Add free memory to processing error path. This update provides the initi... • https://git.kernel.org/stable/c/7919b89c8276d657976d4d4d6b7cb58ea1aa08c3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50293 – btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range
https://notcve.org/view.php?id=CVE-2022-50293
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range If we get -ENOMEM while dropping file extent items in a given range, at btrfs_drop_extents(), due to failure to allocate memory when attempting to increment the reference count for an extent or drop the reference count, we handle it with a BUG_ON(). This is excessive, instead we can simply abort the transaction and return the error to the caller. In fact most callers of... • https://git.kernel.org/stable/c/39279cc3d2704cfbf9c35dcb5bdd392159ae4625 •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50291 – kcm: annotate data-races around kcm->rx_psock
https://notcve.org/view.php?id=CVE-2022-50291
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: kcm: annotate data-races around kcm->rx_psock kcm->rx_psock can be read locklessly in kcm_rfree(). Annotate the read and writes accordingly. We do the same for kcm->rx_wait in the following patch. syzbot reported: BUG: KCSAN: data-race in kcm_rfree / unreserve_rx_kcm write to 0xffff888123d827b8 of 8 bytes by task 2758 on cpu 1: unreserve_rx_kcm+0x72/0x1f0 net/kcm/kcmsock.c:313 kcm_rcv_strparser+0x2b5/0x3a0 net/kcm/kcmsock.c:373 __strp_recv+... • https://git.kernel.org/stable/c/ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 •