CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50889 – dm integrity: Fix UAF in dm_integrity_dtr()
https://notcve.org/view.php?id=CVE-2022-50889
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm integrity: Fix UAF in dm_integrity_dtr() Dm_integrity also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in dm_integrity_dtr(). • https://git.kernel.org/stable/c/7eada909bfd7ac90a4522e56aa3179d1fd68cd14 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50888 – remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio()
https://notcve.org/view.php?id=CVE-2022-50888
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() q6v5_wcss_init_mmio() will call platform_get_resource_byname() that may fail and return NULL. devm_ioremap() will use res->start as input, which may causes null-ptr-deref. Check the ret value of platform_get_resource_byname() to avoid the null-ptr-deref. • https://git.kernel.org/stable/c/0af65b9b915e52019aee91db3e1f8b39a7ec8d08 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50887 – regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
https://notcve.org/view.php?id=CVE-2022-50887
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() I got the the following report: OF: ERROR: memory leak, expected refcount 1 instead of 2, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /i2c/pmic@62/regulators/exten In of_get_regulator(), the node is returned from of_parse_phandle() with refcount incremented, after using it, of_node_put() need be called. • https://git.kernel.org/stable/c/69511a452e6dc6b74fe4f3671a51b1b44b9c57e3 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54322 – arm64: set __exception_irq_entry with __irq_entry as a default
https://notcve.org/view.php?id=CVE-2023-54322
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: set __exception_irq_entry with __irq_entry as a default filter_irq_stacks() is supposed to cut entries which are related irq entries from its call stack. And in_irqentry_text() which is called by filter_irq_stacks() uses __irqentry_text_start/end symbol to find irq entries in callstack. But it doesn't work correctly as without "CONFIG_FUNCTION_GRAPH_TRACER", arm64 kernel doesn't include gic_handle_irq which is entry point of arm64 ir... • https://git.kernel.org/stable/c/9a5ad7d0e3e1c6c0c11df89fbc5376f8aaf7a90f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-54321 – driver core: fix potential null-ptr-deref in device_add()
https://notcve.org/view.php?id=CVE-2023-54321
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential null-ptr-deref in device_add() I got the following null-ptr-deref report while doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 CPU: 2 PID: 278 Comm: 37-i2c-ds2482 Tainted: G B W N 6.1.0-rc3+ RIP: 0010:klist_put+0x2d/0xd0 Call Trace:
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-54320 – platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2()
https://notcve.org/view.php?id=CVE-2023-54320
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2() Function amd_pmc_stb_debugfs_open_v2() may be called when the STB debug mechanism enabled. When amd_pmc_send_cmd() fails, the 'buf' needs to be released. • https://git.kernel.org/stable/c/1ecfd30960d4377c2d85181608936dedd35bb171 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54319 – pinctrl: at91-pio4: check return value of devm_kasprintf()
https://notcve.org/view.php?id=CVE-2023-54319
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91-pio4: check return value of devm_kasprintf() devm_kasprintf() returns a pointer to dynamically allocated memory. Pointer could be NULL in case allocation fails. Check pointer validity. Identified with coccinelle (kmerr.cocci script). Depends-on: 1c4e5c470a56 ("pinctrl: at91: use devm_kasprintf() to avoid potential leaks") Depends-on: 5a8f9cf269e8 ("pinctrl: at91-pio4: use proper format specifier for unsigned int") • https://git.kernel.org/stable/c/776180848b574c9c01217fa958f10843ffce584f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50886 – mmc: toshsd: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50886
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: toshsd: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and goto error path which will call mmc_free_host(), besides, free_irq() also needs be called. • https://git.kernel.org/stable/c/a5eb8bbd66ccf9f169419f9652544aec771b7c57 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50885 – RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
https://notcve.org/view.php?id=CVE-2022-50885
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup+0x2f3/0x360 [rdma_rxe] Read of size 8 at addr 0000000000000018 by task mount.cifs/3046 CPU: 2 PID: 3046 Comm: mount.cifs Not tainted 6.1.0-rc5+ #62 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc3 Call Trace:
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50884 – drm: Prevent drm_copy_field() to attempt copying a NULL pointer
https://notcve.org/view.php?id=CVE-2022-50884
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drm_copy_field() to attempt copying a NULL pointer There are some struct drm_driver fields that are required by drivers since drm_copy_field() attempts to copy them to user-space via DRM_IOCTL_VERSION. But it can be possible that a driver has a bug and did not set some of the fields, which leads to drm_copy_field() attempting to copy a NULL pointer: [ +10.395966] Unable to handle kernel access to user memory outside uaccess rou... • https://git.kernel.org/stable/c/22eae947bf76e236ba972f2f11cfd1b083b736ad •