CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50076 – cifs: Fix memory leak on the deferred close
https://notcve.org/view.php?id=CVE-2022-50076
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak on the deferred close xfstests on smb21 report kmemleak as below: unreferenced object 0xffff8881767d6200 (size 64): comm "xfs_io", pid 1284, jiffies 4294777434 (age 20.789s) hex dump (first 32 bytes): 80 5a d0 11 81 88 ff ff 78 8a aa 63 81 88 ff ff .Z......x..c.... 00 71 99 76 81 88 ff ff 00 00 00 00 00 00 00 00 .q.v............ backtrace: [<00000000ad04e6ea>] cifs_close+0x92/0x2c0 [<0000000028b93c82>] __fput+0xff/0x3f... • https://git.kernel.org/stable/c/9e992755be8f2d458a0bcbefd19e493483c1dba2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50075 – tracing/eprobes: Have event probes be consistent with kprobes and uprobes
https://notcve.org/view.php?id=CVE-2022-50075
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Have event probes be consistent with kprobes and uprobes Currently, if a symbol "@" is attempted to be used with an event probe (eprobes), it will cause a NULL pointer dereference crash. Both kprobes and uprobes can reference data other than the main registers. Such as immediate address, symbols and the current task name. Have eprobes do the same thing. For "comm", if "comm" is used and the event being attached to does not ... • https://git.kernel.org/stable/c/7491e2c442781a1860181adb5ab472a52075f393 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50074 – apparmor: Fix memleak in aa_simple_write_to_buffer()
https://notcve.org/view.php?id=CVE-2022-50074
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aa_simple_write_to_buffer() When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue. In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aa_simple_write_to_buffer() When copy_from_user failed, the memory is fr... • https://git.kernel.org/stable/c/a6a52579e52b55448326db88bd9a5740e7c1a037 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50073 – net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null
https://notcve.org/view.php?id=CVE-2022-50073
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tap_get_user calls virtio_net_hdr_to_skb the skb->dev is null (in tap.c skb->dev is set after the call to virtio_net_hdr_to_skb) virtio_net_hdr_to_skb calls dev_parse_header_protocol which needs skb->dev field to be valid. The line that trigers the bug is in dev_parse_header_protocol (dev is ... • https://git.kernel.org/stable/c/924a9bc362a5223cd448ca08c3dde21235adc310 •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50072 – NFSv4/pnfs: Fix a use-after-free bug in open
https://notcve.org/view.php?id=CVE-2022-50072
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutget operation arguments, since they are likely still in use by the hung RPC call. In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutge... • https://git.kernel.org/stable/c/6b3fc1496e7227cd6a39a80bbfb7588ef7c7a010 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50071 – mptcp: move subflow cleanup in mptcp_destroy_common()
https://notcve.org/view.php?id=CVE-2022-50071
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: move subflow cleanup in mptcp_destroy_common() If the mptcp socket creation fails due to a CGROUP_INET_SOCK_CREATE eBPF program, the MPTCP protocol ends-up leaking all the subflows: the related cleanup happens in __mptcp_destroy_sock() that is not invoked in such code path. Address the issue moving the subflow sockets cleanup in the mptcp_destroy_common() helper, which is invoked in every msk cleanup path. Additionally get rid of the... • https://git.kernel.org/stable/c/e16163b6e2b720fb74e5af758546f6dad27e6c9e •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50070 – mptcp: do not queue data on closed subflows
https://notcve.org/view.php?id=CVE-2022-50070
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/af_inet.c:153 inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153 Modules linked in: uio_ivshmem(OE) uio(E) CPU: 1 PID: 10818 Comm: kworker/1:16 Tainted: G OE 5.19.0-rc6-g2eae0556bb9d #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: events mptcp_worker RIP:... • https://git.kernel.org/stable/c/d5f49190def61c47b2faff170ba8fbc48bac4371 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50069 – BPF: Fix potential bad pointer dereference in bpf_sys_bpf()
https://notcve.org/view.php?id=CVE-2022-50069
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpf_sys_bpf() The bpf_sys_bpf() helper function allows an eBPF program to load another eBPF program from within the kernel. In this case the argument union bpf_attr pointer (as well as the insns and license pointers inside) is a kernel address instead of a userspace address (which is the case of a usual bpf() syscall). To make the memory copying process in the syscall work in both cases, bpfptr_... • https://git.kernel.org/stable/c/af2ac3e13e45752af03c8a933f9b6e18841b128b •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50068 – drm/ttm: Fix dummy res NULL ptr deref bug
https://notcve.org/view.php?id=CVE-2022-50068
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix dummy res NULL ptr deref bug Check the bo->resource value before accessing the resource mem_type. v2: Fix commit description unwrapped warning
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50067 – btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
https://notcve.org/view.php?id=CVE-2022-50067
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() In btrfs_relocate_block_group(), the rc is allocated. Then btrfs_relocate_block_group() calls relocate_block_group() prepare_to_relocate() set_reloc_control() that assigns rc to the variable fs_info->reloc_ctl. When prepare_to_relocate() returns, it calls btrfs_commit_transaction() btrfs_start_dirty_block_groups() btrfs_alloc_path() kmem_cache_zalloc() which may... • https://git.kernel.org/stable/c/ff0e8ed8dfb584575cffc1561f17a1d094e8565b •