CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50430 – mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
https://notcve.org/view.php?id=CVE-2022-50430
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING vub300_enable_sdio_irq() works with mutex and need TASK_RUNNING here. Ensure that we mark current as TASK_RUNNING for sleepable context. [ 77.554641] do not call blocking ops when !TASK_RUNNING; state=1 set at [
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50429 – memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
https://notcve.org/view.php?id=CVE-2022-50429
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() We should add the of_node_put() when breaking out of for_each_child_of_node() as it will automatically increase and decrease the refcount. In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() We should add the of_node_put() when breaking out of for_each_child_of_node() as it will automatically incr... • https://git.kernel.org/stable/c/976897dd96db94c74209d0a0671d7a73aa02fab9 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50428 – ext4: fix off-by-one errors in fast-commit block filling
https://notcve.org/view.php?id=CVE-2022-50428
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one errors in fast-commit block filling Due to several different off-by-one errors, or perhaps due to a late change in design that wasn't fully reflected in the code that was actually merged, there are several very strange constraints on how fast-commit blocks are filled with tlv entries: - tlvs must start at least 10 bytes before the end of the block, even though the minimum tlv length is 8. Otherwise, the replay code will... • https://git.kernel.org/stable/c/aa75f4d3daaeb1389b9cce9d6b84401eaf228d4e •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50427 – ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
https://notcve.org/view.php?id=CVE-2022-50427
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should call put_device() to give up reference, or the name allocated in dev_set_name() is leaked. In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should call put_device() to give u... • https://git.kernel.org/stable/c/0ca06a00e206b963587ac471e6d1c52bf33b9a18 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-50423 – ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
https://notcve.org/view.php?id=CVE-2022-50423
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() There is an use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpi_ut_remove_reference+0x3b/0x82 Read of size 1 at addr ffff888112afc460 by task modprobe/2111 CPU: 0 PID: 2111 Comm: modprobe Not tainted 6.1.0-rc7-dirty Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50422 – scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
https://notcve.org/view.php?id=CVE-2022-50422
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() When executing SMP task failed, the smp_execute_task_sg() calls del_timer() to delete "slow_task->timer". However, if the timer handler sas_task_internal_timedout() is running, the del_timer() in smp_execute_task_sg() will not stop it and a UAF will happen. The process is shown below: (thread 1) | (thread 2) smp_execute_task_sg() | sas_task_internal_timedout() ... | del_timer() |... • https://git.kernel.org/stable/c/2908d778ab3e244900c310974e1fc1c69066e450 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50420 – crypto: hisilicon/hpre - fix resource leak in remove process
https://notcve.org/view.php?id=CVE-2022-50420
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre - fix resource leak in remove process In hpre_remove(), when the disable operation of qm sriov failed, the following logic should continue to be executed to release the remaining resources that have been allocated, instead of returning directly, otherwise there will be resource leakage. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre - fix resource leak in remove process In h... • https://git.kernel.org/stable/c/c8b4b477079d1995cc0a1c10d5cdfd02be938cdf • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39927 – ceph: fix race condition validating r_parent before applying state
https://notcve.org/view.php?id=CVE-2025-39927
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating r_parent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent operations (e.g. rename) cause r_parent to become stale between request initiation and reply processing, which could lead to applying state changes to incorrect directory inodes. [ idryomov: folded a kerneldoc fixup ... • https://git.kernel.org/stable/c/9030aaf9bf0a1eee47a154c316c789e959638b0f • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39925 – can: j1939: implement NETDEV_UNREGISTER notification handler
https://notcve.org/view.php?id=CVE-2025-39925
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEV_UNREGISTER notification handler for undoing changes made by j1939_sk_bind(). Commit 25fe97cb7620 ("can: j1939: move j1939_priv_put() into sk_destruct callback") expects that a call to j1939_priv_put() can be unconditionally delayed until j1939... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •
CVSS: 6.6EPSS: 0%CPEs: 11EXPL: 0CVE-2025-39923 – dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
https://notcve.org/view.php?id=CVE-2025-39923
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees When we don't have a clock specified in the device tree, we have no way to ensure the BAM is on. This is often the case for remotely-controlled or remotely-powered BAM instances. In this case, we need to read num-channels from the DT to have all the necessary information to complete probing. However, at the moment invalid device trees without clock and without num-channels... • https://git.kernel.org/stable/c/48d163b1aa6e7f650c0b7a4f9c61c387a6def868 •