CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50089 – btrfs: ensure pages are unlocked on cow_file_range() failure
https://notcve.org/view.php?id=CVE-2022-50089
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: ensure pages are unlocked on cow_file_range() failure There is a hung_task report on zoned btrfs like below. https://github.com/naota/linux/issues/59 [726.328648] INFO: task rocksdb:high0:11085 blocked for more than 241 seconds. [726.329839] Not tainted 5.16.0-rc1+ #1 [726.330484] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [726.331603] task:rocksdb:high0 state:D stack: 0 pid:11085 ppid: 11082 flags:0x00... • https://git.kernel.org/stable/c/42c011000963442ce533d92a492c4a057b2f5a46 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50088 – mm/damon/reclaim: fix potential memory leak in damon_reclaim_init()
https://notcve.org/view.php?id=CVE-2022-50088
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: fix potential memory leak in damon_reclaim_init() damon_reclaim_init() allocates a memory chunk for ctx with damon_new_ctx(). When damon_select_ops() fails, ctx is not released, which will lead to a memory leak. We should release the ctx with damon_destroy_ctx() when damon_select_ops() fails to fix the memory leak. In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: fix potential memory le... • https://git.kernel.org/stable/c/4d69c3457821100a39fa8c6e0c23ed910bb6c29d •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50087 – firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
https://notcve.org/view.php?id=CVE-2022-50087
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails. In the Linux kernel, the following vulnerabili... • https://git.kernel.org/stable/c/5aa558232edc30468d1f35108826dd5b3ffe978f •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50086 – block: don't allow the same type rq_qos add more than once
https://notcve.org/view.php?id=CVE-2022-50086
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't allow the same type rq_qos add more than once In our test of iocost, we encountered some list add/del corruptions of inner_walk list in ioc_timer_fn. The reason can be described as follows: cpu 0 cpu 1 ioc_qos_write ioc_qos_write ioc = q_to_ioc(queue); if (!ioc) { ioc = kzalloc(); ioc = q_to_ioc(queue); if (!ioc) { ioc = kzalloc(); ... rq_qos_add(q, rqos); } ... rq_qos_add(q, rqos); ... } When the io.cost.qos file is written by... • https://git.kernel.org/stable/c/0b7f5d7a4d2a72ad9de04ab8ccba2a31904aa638 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50085 – dm raid: fix address sanitizer warning in raid_resume
https://notcve.org/view.php?id=CVE-2022-50085
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert-raid.sh. The reason for the warning is that mddev->raid_disks is greater than rs->raid_disks, so the loop touches one entry beyond the allocated length. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume... • https://git.kernel.org/stable/c/c2f075e729636a44e98d9722e3852c2fa6fa49b6 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50084 – dm raid: fix address sanitizer warning in raid_status
https://notcve.org/view.php?id=CVE-2022-50084
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid ================================================================== BUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid] Read of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319 CPU: 0 PID: ... • https://git.kernel.org/stable/c/1ae0ebfb576b72c2ef400917a5484ebe7892d80b •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50083 – ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
https://notcve.org/view.php?id=CVE-2022-50083
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure that the inode_size is not less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise, the end position may be greater than the start position, resulting in UAF. In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure t... • https://git.kernel.org/stable/c/214c68423fd632646c68f3ec8b3c2602cf8273f3 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50082 – ext4: fix warning in ext4_iomap_begin as race between bmap and write
https://notcve.org/view.php?id=CVE-2022-50082
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_iomap_begin as race between bmap and write We got issue as follows: ------------[ cut here ]------------ WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4_iomap_begin+0x182/0x5d0 RIP: 0010:ext4_iomap_begin+0x182/0x5d0 RSP: 0018:ffff88812460fa08 EFLAGS: 00010293 RAX: ffff88811f168000 RBX: 0000000000000000 RCX: ffffffff97793c12 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff88812c6691... • https://git.kernel.org/stable/c/e1682c7171a6c0ff576fe8116b8cba5b8f538b94 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50080 – tee: add overflow check in register_shm_helper()
https://notcve.org/view.php?id=CVE-2022-50080
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in register_shm_helper() With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This causes internal_get_user_pages_fast() a helper function of pin_user_pages_fast() to do a NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Modules linked... • https://git.kernel.org/stable/c/033ddf12bcf5326b93bd604f50a7474a434a35f9 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50079 – drm/amd/display: Check correct bounds for stream encoder instances for DCN303
https://notcve.org/view.php?id=CVE-2022-50079
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check correct bounds for stream encoder instances for DCN303 [Why & How] eng_id for DCN303 cannot be more than 1, since we have only two instances of stream encoders. Check the correct boundary condition for engine ID for DCN303 prevent the potential out of bounds access. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check correct bounds for stream encoder instances for DCN303 [Why & H... • https://git.kernel.org/stable/c/cd6d421e3d1ad5926b74091254e345db730e7706 •