CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50066 – net: atlantic: fix aq_vec index out of range error
https://notcve.org/view.php?id=CVE-2022-50066
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aq_vec index out of range error The final update statement of the for loop exceeds the array range, the dereference of self->aq_vec[i] is not checked and then leads to the index out of range error. Also fixed this kind of coding style in other for loop. [ 97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48 [ 97.937607] index 8 is out of range for type 'aq_vec_s *[8]' [ 97... • https://git.kernel.org/stable/c/97bde5c4f909a55ab4c36cf0ac9094f6c9e4cdf6 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50065 – virtio_net: fix memory leak inside XPD_TX with mergeable
https://notcve.org/view.php?id=CVE-2022-50065
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix memory leak inside XPD_TX with mergeable When we call xdp_convert_buff_to_frame() to get xdpf, if it returns NULL, we should check if xdp_page was allocated by xdp_linearize_page(). If it is newly allocated, it should be freed here alone. Just like any other "goto err_xdp". In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix memory leak inside XPD_TX with mergeable When we call xdp_convert_buf... • https://git.kernel.org/stable/c/44fa2dbd475996ddc8f3a0e6113dee983e0ee3aa •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50062 – net: bgmac: Fix a BUG triggered by wrong bytes_compl
https://notcve.org/view.php?id=CVE-2022-50062
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: bgmac: Fix a BUG triggered by wrong bytes_compl On one of our machines we got: kernel BUG at lib/dynamic_queue_limits.c:27! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM CPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O 4.14.275-rt132 #1 Hardware name: BRCM XGS iProc task: ee3415c0 task.stack: ee32a000 PC is at dql_completed+0x168/0x178 LR is at bgmac_poll+0x18c/0x6d8 pc : [
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50061 – pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
https://notcve.org/view.php?id=CVE-2022-50061
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak." In the Linux kernel, the following vulnerability has been resolved: pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map of_parse_phandle() returns a node pointer with refcount incre... • https://git.kernel.org/stable/c/c2f6d059abfc29822af732e4da70813a5b6fd9cd •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50060 – octeontx2-af: Fix mcam entry resource leak
https://notcve.org/view.php?id=CVE-2022-50060
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix mcam entry resource leak The teardown sequence in FLR handler returns if no NIX LF is attached to PF/VF because it indicates that graceful shutdown of resources already happened. But there is a chance of all allocated MCAM entries not being freed by PF/VF. Hence free mcam entries even in case of detached LF. In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix mcam entry resource leak The t... • https://git.kernel.org/stable/c/c554f9c1574e022821260b24b043a4277e8ec5d8 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50059 – ceph: don't leak snap_rwsem in handle_cap_grant
https://notcve.org/view.php?id=CVE-2022-50059
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: don't leak snap_rwsem in handle_cap_grant When handle_cap_grant is called on an IMPORT op, then the snap_rwsem is held and the function is expected to release it before returning. It currently fails to do that in all cases which could lead to a deadlock. In the Linux kernel, the following vulnerability has been resolved: ceph: don't leak snap_rwsem in handle_cap_grant When handle_cap_grant is called on an IMPORT op, then the snap_rwse... • https://git.kernel.org/stable/c/6f05b30ea063a2a05dda47a4105a69267ae5270f •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50057 – fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr
https://notcve.org/view.php?id=CVE-2022-50057
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr If ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL. Code should check this ptr before dereferencing. Syzbot hit this issue via passing wrong mount param as can be seen from log below Fail log: ntfs3: Unknown parameter 'iochvrset' general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000... • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50056 – fs/ntfs3: Fix missing i_op in ntfs_read_mft
https://notcve.org/view.php?id=CVE-2022-50056
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing i_op in ntfs_read_mft There is null pointer dereference because i_op == NULL. The bug happens because we don't initialize i_op for records in $Extend. In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing i_op in ntfs_read_mft There is null pointer dereference because i_op == NULL. The bug happens because we don't initialize i_op for records in $Extend. • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50055 – iavf: Fix adminq error handling
https://notcve.org/view.php?id=CVE-2022-50055
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent memory for VF mailbox. Free DMA regions for both ASQ and ARQ in case error happens during configuration of ASQ/ARQ registers. Without this change it is possible to see when unloading interface: 74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32] One of leaked entries det... • https://git.kernel.org/stable/c/d358aa9a7a2d5f91b1d33d5d4e27c2e46638d123 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50053 – iavf: Fix reset error handling
https://notcve.org/view.php?id=CVE-2022-50053
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavf_close in iavf_reset_task error handling. Doing so can lead to double call of napi_disable, which can lead to deadlock there. Removing VF would lead to iavf_remove task being stuck, because it requires crit_lock, which is held by iavf_close. Call iavf_disable_vf if reset fail, so that driver will clean up remaining invalid resources. During rapid VF resets, HW can fail to setup VF mailbox. Wron... • https://git.kernel.org/stable/c/f0db78928783f0a4cce4940e8c03c2e9a760e629 •