CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50476 – ntb_netdev: Use dev_kfree_skb_any() in interrupt context
https://notcve.org/view.php?id=CVE-2022-50476
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ntb_netdev: Use dev_kfree_skb_any() in interrupt context TX/RX callback handlers (ntb_netdev_tx_handler(), ntb_netdev_rx_handler()) can be called in interrupt context via the DMA framework when the respective DMA operations have completed. As such, any calls by these routines to free skb's, should use the interrupt context safe dev_kfree_skb_any() function. Previously, these callback handlers would call the interrupt unsafe version of dev_k... • https://git.kernel.org/stable/c/548c237c0a9972df5d1afaca38aa733ee577128d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50475 – RDMA/core: Make sure "ib_port" is valid when access sysfs node
https://notcve.org/view.php?id=CVE-2022-50475
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Make sure "ib_port" is valid when access sysfs node The "ib_port" structure must be set before adding the sysfs kobject, and reset after removing it, otherwise it may crash when accessing the sysfs node: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Mem abort info: ESR = 0x96000006 Exception class = DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ... • https://git.kernel.org/stable/c/d8a5883814b9f7c08d7ff291070687d925b4f859 • CWE-825: Expired Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50474 – macintosh: fix possible memory leak in macio_add_one_device()
https://notcve.org/view.php?id=CVE-2022-50474
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: macintosh: fix possible memory leak in macio_add_one_device() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically. It needs to be freed when of_device_register() fails. Call put_device() to give up the reference that's taken in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hits 0. macio device is freed in macio_release_dev... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50473 – cpufreq: Init completion before kobject_init_and_add()
https://notcve.org/view.php?id=CVE-2022-50473
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobject_init_and_add() In cpufreq_policy_alloc(), it will call uninitialed completion in cpufreq_sysfs_release() when kobject_init_and_add() fails. And that will cause a crash such as the following page fault in complete: BUG: unable to handle page fault for address: fffffffffffffff8 [..] RIP: 0010:complete+0x98/0x1f0 [..] Call Trace: kobject_put+0x1be/0x4c0 cpufreq_online.cold+0xee/0x1fd cpufreq_add_dev+0x18... • https://git.kernel.org/stable/c/4ebe36c94aed95de71a8ce6a6762226d31c938ee • CWE-909: Missing Initialization of Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50472 – IB/mad: Don't call to function that might sleep while in atomic context
https://notcve.org/view.php?id=CVE-2022-50472
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context Tracepoints are not allowed to sleep, as such the following splat is generated due to call to ib_query_pkey() in atomic context. WARNING: CPU: 0 PID: 1888000 at kernel/trace/ring_buffer.c:2492 rb_commit+0xc1/0x220 CPU: 0 PID: 1888000 Comm: kworker/u9:0 Kdump: loaded Tainted: G OE --------- - - 4.18.0-305.3.1.el8.x86_64 #1 Hardware name: Red Hat KVM, BIOS 1.13.0-2.module... • https://git.kernel.org/stable/c/821bf1de45a1a084e2e11b1a2308777434194bfe • CWE-474: Use of Function with Inconsistent Implementations •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39953 – cgroup: split cgroup_destroy_wq into 3 workqueues
https://notcve.org/view.php?id=CVE-2025-39953
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: cgroup: split cgroup_destroy_wq into 3 workqueues A hung task can occur during [1] LTP cgroup testing when repeatedly mounting/unmounting perf_event and net_prio controllers with systemd.unified_cgroup_hierarchy=1. The hang manifests in cgroup_lock_and_drain_offline() during root destruction. Related case: cgroup_fj_function_perf_event cgroup_fj_function.sh perf_event cgroup_fj_function_net_prio cgroup_fj_function.sh net_prio Call Trace: cg... • https://git.kernel.org/stable/c/334c3679ec4b2b113c35ebe37d2018b112dd5013 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39952 – wifi: wilc1000: avoid buffer overflow in WID string configuration
https://notcve.org/view.php?id=CVE-2025-39952
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: avoid buffer overflow in WID string configuration Fix the following copy overflow warning identified by Smatch checker. drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame() error: '__memcpy()' 'cfg->s[i]->str' copy overflow (512 vs 65537) This patch introduces size check before accessing the memory buffer. The checks are base on the WID type of received data from the firmware. For WID strin... • https://git.kernel.org/stable/c/c5c77ba18ea66aa05441c71e38473efb787705a4 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39951 – um: virtio_uml: Fix use-after-free after put_device in probe
https://notcve.org/view.php?id=CVE-2025-39951
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: um: virtio_uml: Fix use-after-free after put_device in probe When register_virtio_device() fails in virtio_uml_probe(), the code sets vu_dev->registered = 1 even though the device was not successfully registered. This can lead to use-after-free or other issues. In the Linux kernel, the following vulnerability has been resolved: um: virtio_uml: Fix use-after-free after put_device in probe When register_virtio_device() fails in virtio_uml_pro... • https://git.kernel.org/stable/c/04e5b1fb01834a602acaae2276b67a783a8c6159 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39949 – qed: Don't collect too many protection override GRC elements
https://notcve.org/view.php?id=CVE-2025-39949
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: qed: Don't collect too many protection override GRC elements In the protection override dump path, the firmware can return far too many GRC elements, resulting in attempting to write past the end of the previously-kmalloc'ed dump buffer. This will result in a kernel panic with reason: BUG: unable to handle kernel paging request at ADDRESS where "ADDRESS" is just past the end of the protection override dump buffer. The start address of the b... • https://git.kernel.org/stable/c/d52c89f120de849575f6b2e5948038f2be12ce6f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39947 – net/mlx5e: Harden uplink netdev access against device unbind
https://notcve.org/view.php?id=CVE-2025-39947
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Harden uplink netdev access against device unbind The function mlx5_uplink_netdev_get() gets the uplink netdevice pointer from mdev->mlx5e_res.uplink_netdev. However, the netdevice can be removed and its pointer cleared when unbound from the mlx5_core.eth driver. This results in a NULL pointer, causing a kernel panic. BUG: unable to handle page fault for address: 0000000000001300 at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx... • https://git.kernel.org/stable/c/7a9fb35e8c3a67145fca262c304de65cb2f83abf •