CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50498 – eth: alx: take rtnl_lock on resume
https://notcve.org/view.php?id=CVE-2022-50498
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: eth: alx: take rtnl_lock on resume Zbynek reports that alx trips an rtnl assertion on resume: RTNL: assertion failed at net/core/dev.c (2891) RIP: 0010:netif_set_real_num_tx_queues+0x1ac/0x1c0 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50497 – binfmt_misc: fix shift-out-of-bounds in check_special_flags
https://notcve.org/view.php?id=CVE-2022-50497
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: fix shift-out-of-bounds in check_special_flags UBSAN reported a shift-out-of-bounds warning: left shift of 1 by 31 places cannot be represented in type 'int' Call Trace:
CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50496 – dm cache: Fix UAF in destroy()
https://notcve.org/view.php?id=CVE-2022-50496
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy() Dm_cache also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in destroy(). In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy() Dm_cache also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in destroy(). The SUSE Linux Enterprise 15 SP5 RT kern... • https://git.kernel.org/stable/c/c6b4fcbad044e6fffcc75bba160e720eb8d67d17 • CWE-825: Expired Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50494 – thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
https://notcve.org/view.php?id=CVE-2022-50494
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash When CPU 0 is offline and intel_powerclamp is used to inject idle, it generates kernel BUG: BUG: using smp_processor_id() in preemptible [00000000] code: bash/15687 caller is debug_smp_processor_id+0x17/0x20 CPU: 4 PID: 15687 Comm: bash Not tainted 5.19.0-rc7+ #57 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50493 – scsi: qla2xxx: Fix crash when I/O abort times out
https://notcve.org/view.php?id=CVE-2022-50493
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call Trace: qla24xx_process_response_queue+0x42a/0x970 [qla2xxx] qla2x00_start_nvme_mq+0x3a2/0x4b0 [qla2xxx] qla_nvme_post_cmd+0x166/0x240 [qla2xxx] nvme_fc_start_fcp_op.part.0+0x119/0x2e0 [nvme_fc] blk_mq_dispatch_rq_list+0x17b/0x610 __blk_mq_sched_dispatch_requests+0xb0/0x140 blk_mq_sched_dispatch_requests+0x30/0x60 _... • https://git.kernel.org/stable/c/71c80b75ce8f08c0978ce9a9816b81b5c3ce5e12 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50492 – drm/msm: fix use-after-free on probe deferral
https://notcve.org/view.php?id=CVE-2022-50492
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix use-after-free on probe deferral The bridge counter was never reset when tearing down the DRM device so that stale pointers to deallocated structures would be accessed on the next tear down (e.g. after a second late bind deferral). Given enough bridges and a few probe deferrals this could currently also lead to data beyond the bridge array being corrupted. Patchwork: https://patchwork.freedesktop.org/patch/502665/ In the Linux ... • https://git.kernel.org/stable/c/a3376e3ec81c5dd0622cbc187db76d2824d31c1c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50491 – coresight: cti: Fix hang in cti_disable_hw()
https://notcve.org/view.php?id=CVE-2022-50491
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: coresight: cti: Fix hang in cti_disable_hw() cti_enable_hw() and cti_disable_hw() are called from an atomic context so shouldn't use runtime PM because it can result in a sleep when communicating with firmware. Since commit 3c6656337852 ("Revert "firmware: arm_scmi: Add clock management to the SCMI power domain""), this causes a hang on Juno when running the Perf Coresight tests or running this command: perf record -e cs_etm//u -- ls This w... • https://git.kernel.org/stable/c/835d722ba10ac924adba1e8a46f2d80955222b4b • CWE-1322: Use of Blocking Code in Single-threaded, Non-blocking Context •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50490 – bpf: Propagate error from htab_lock_bucket() to userspace
https://notcve.org/view.php?id=CVE-2022-50490
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htab_lock_bucket() to userspace In __htab_map_lookup_and_delete_batch() if htab_lock_bucket() returns -EBUSY, it will go to next bucket. Going to next bucket may not only skip the elements in current bucket silently, but also incur out-of-bound memory access or expose kernel memory to userspace if current bucket_cnt is greater than bucket_size or zero. Fixing it by stopping batch operation and returning -EBUSY when... • https://git.kernel.org/stable/c/20b6cc34ea74b6a84599c1f8a70f3315b56a1883 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50489 – drm/mipi-dsi: Detach devices when removing the host
https://notcve.org/view.php?id=CVE-2022-50489
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/mipi-dsi: Detach devices when removing the host Whenever the MIPI-DSI host is unregistered, the code of mipi_dsi_host_unregister() loops over every device currently found on that bus and will unregister it. However, it doesn't detach it from the bus first, which leads to all kind of resource leaks if the host wants to perform some clean up whenever a device is detached. In the Linux kernel, the following vulnerability has been resolved:... • https://git.kernel.org/stable/c/068a00233969833f1ba925e7627797489efd6041 • CWE-459: Incomplete Cleanup •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50488 – block, bfq: fix possible uaf for 'bfqq->bic'
https://notcve.org/view.php?id=CVE-2022-50488
04 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq->bic' Our test report a uaf for 'bfqq->bic' in 5.10: ================================================================== BUG: KASAN: use-after-free in bfq_select_queue+0x378/0xa30 CPU: 6 PID: 2318352 Comm: fsstress Kdump: loaded Not tainted 5.10.0-60.18.0.50.h602.kasan.eulerosv2r11.x86_64 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58-20220320_160524-szxrtosci10000 ... • https://git.kernel.org/stable/c/4dfc12f8c94c8052e975060f595938f75e8b7165 • CWE-826: Premature Release of Resource During Expected Lifetime •