CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50096 – x86/kprobes: Update kcb status flag after singlestepping
https://notcve.org/view.php?id=CVE-2022-50096
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/kprobes: Update kcb status flag after singlestepping Fix kprobes to update kcb (kprobes control block) status flag to KPROBE_HIT_SSDONE even if the kp->post_handler is not set. This bug may cause a kernel panic if another INT3 user runs right after kprobes because kprobe_int3_handler() misunderstands the INT3 is kprobe's single stepping INT3. In the Linux kernel, the following vulnerability has been resolved: x86/kprobes: Update kcb sta... • https://git.kernel.org/stable/c/6256e668b7af9d81472e03c6a171630c08f8858a •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50095 – posix-cpu-timers: Cleanup CPU timers before freeing them during exec
https://notcve.org/view.php?id=CVE-2022-50095
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not a task") started looking up tasks by PID when deleting a CPU timer. When a non-leader thread calls execve, it will switch PIDs with the leader process. Then, as it calls exit_itimers, posix_cpu_timer_del cannot find the task because the timer still points out to the old PID. That means that armed timers... • https://git.kernel.org/stable/c/55e8c8eb2c7b6bf30e99423ccfe7ca032f498f59 • CWE-459: Incomplete Cleanup •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50094 – spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
https://notcve.org/view.php?id=CVE-2022-50094
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions trace_spmi_write_begin() and trace_spmi_read_end() both call memcpy() with a length of "len + 1". This leads to one extra byte being read beyond the end of the specified buffer. Fix this out-of-bound memory access by using a length of "len" instead. Here is a KASAN log showing the issue: BUG: KASAN: stack-out-of-bounds in trace_event_raw_event_spmi_read_end+0x1d0/0x234 Rea... • https://git.kernel.org/stable/c/a9fce374815d8ab94a3e6259802a944e2cc21408 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50093 – iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
https://notcve.org/view.php?id=CVE-2022-50093
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) KASAN reports: [ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497) [ 4.676149][ T0] Read of size 8 at addr 1fffffff85115558 by task swapper/0/0 [ 4.683454][ T0] [ 4.685... • https://git.kernel.org/stable/c/ee34b32d8c2950f66038c8975747ef9aec855289 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50092 – dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
https://notcve.org/view.php?id=CVE-2022-50092
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80 Read of size 8 at addr ffff8881b9d50068 by task dmsetup/950 CPU: 7 PID: 950 Comm: dmsetup Tainted: G W 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50091 – locking/csd_lock: Change csdlock_debug from early_param to __setup
https://notcve.org/view.php?id=CVE-2022-50091
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: locking/csd_lock: Change csdlock_debug from early_param to __setup The csdlock_debug kernel-boot parameter is parsed by the early_param() function csdlock_debug(). If set, csdlock_debug() invokes static_branch_enable() to enable csd_lock_wait feature, which triggers a panic on arm64 for kernels built with CONFIG_SPARSEMEM=y and CONFIG_SPARSEMEM_VMEMMAP=n. With CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in static_key_enable() and ... • https://git.kernel.org/stable/c/8d0968cc6b8ffd8496c2ebffdfdc801f949a85e5 •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50090 – btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size
https://notcve.org/view.php?id=CVE-2022-50090
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size On zoned filesystem, data write out is limited by max_zone_append_size, and a large ordered extent is split according the size of a bio. OTOH, the number of extents to be written is calculated using BTRFS_MAX_EXTENT_SIZE, and that estimated number is used to reserve the metadata bytes to update and/or create the metadata items. The metadata reservation is done at e.g, btrfs_... • https://git.kernel.org/stable/c/d8e3fb106f393858b90b3befc4f6092a76c86d1c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50089 – btrfs: ensure pages are unlocked on cow_file_range() failure
https://notcve.org/view.php?id=CVE-2022-50089
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: ensure pages are unlocked on cow_file_range() failure There is a hung_task report on zoned btrfs like below. https://github.com/naota/linux/issues/59 [726.328648] INFO: task rocksdb:high0:11085 blocked for more than 241 seconds. [726.329839] Not tainted 5.16.0-rc1+ #1 [726.330484] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [726.331603] task:rocksdb:high0 state:D stack: 0 pid:11085 ppid: 11082 flags:0x00... • https://git.kernel.org/stable/c/42c011000963442ce533d92a492c4a057b2f5a46 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50088 – mm/damon/reclaim: fix potential memory leak in damon_reclaim_init()
https://notcve.org/view.php?id=CVE-2022-50088
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: fix potential memory leak in damon_reclaim_init() damon_reclaim_init() allocates a memory chunk for ctx with damon_new_ctx(). When damon_select_ops() fails, ctx is not released, which will lead to a memory leak. We should release the ctx with damon_destroy_ctx() when damon_select_ops() fails to fix the memory leak. In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: fix potential memory le... • https://git.kernel.org/stable/c/4d69c3457821100a39fa8c6e0c23ed910bb6c29d •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50087 – firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
https://notcve.org/view.php?id=CVE-2022-50087
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails. In the Linux kernel, the following vulnerabili... • https://git.kernel.org/stable/c/5aa558232edc30468d1f35108826dd5b3ffe978f •