CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50555 – tipc: fix a null-ptr-deref in tipc_topsrv_accept
https://notcve.org/view.php?id=CVE-2022-50555
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix a null-ptr-deref in tipc_topsrv_accept syzbot found a crash in tipc_topsrv_accept: KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] Workqueue: tipc_rcv tipc_topsrv_accept RIP: 0010:kernel_accept+0x22d/0x350 net/socket.c:3487 Call Trace:
CVSS: 5.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50554 – blk-mq: avoid double ->queue_rq() because of early timeout
https://notcve.org/view.php?id=CVE-2022-50554
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double ->queue_rq() because of early timeout David Jeffery found one double ->queue_rq() issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault in vCPU pthread, then block IO req could be timed out before queuing the request to hardware but after calling blk_mq_start_request() during ->queue_rq(), then timeout handler may handle it by requeue, then ... • https://git.kernel.org/stable/c/7a73c54a3750895888ab586896736c9434e062a1 • CWE-820: Missing Synchronization •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50552 – blk-mq: use quiesced elevator switch when reinitializing queues
https://notcve.org/view.php?id=CVE-2022-50552
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents requests from allocating and doesn't stop the hctx work from running. The work may get an elevator pointer that's being torn down, and can result in use-after-free errors and kernel panics (example below). Use the qui... • https://git.kernel.org/stable/c/63a681bcc32a43528ce0f690569f7f48e59c3963 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-50551 – wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
https://notcve.org/view.php?id=CVE-2022-50551
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() This patch fixes a shift-out-of-bounds in brcmfmac that occurs in BIT(chiprev) when a 'chiprev' provided by the device is too large. It should also not be equal to or greater than BITS_PER_TYPE(u32) as we do bitwise AND with a u32 variable and BIT(chiprev). The patch adds a check that makes the function return NULL if that is the case. Note that the NULL case is l... • https://git.kernel.org/stable/c/1db036d13e10809943c2dce553e2fa7fc9c6cd80 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50550 – blk-iolatency: Fix memory leak on add_disk() failures
https://notcve.org/view.php?id=CVE-2022-50550
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix memory leak on add_disk() failures When a gendisk is successfully initialized but add_disk() fails such as when a loop device has invalid number of minor device numbers specified, blkcg_init_disk() is called during init and then blkcg_exit_disk() during error handling. Unfortunately, iolatency gets initialized in the former but doesn't get cleaned up in the latter. This is because, in non-error cases, the cleanup is perfo... • https://git.kernel.org/stable/c/d70675121546c35feaceebf7ed9caed8716640f3 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50549 – dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
https://notcve.org/view.php?id=CVE-2022-50549
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata Following concurrent processes: P1(drop cache) P2(kworker) drop_caches_sysctl_handler drop_slab shrink_slab down_read(&shrinker_rwsem) - LOCK A do_shrink_slab super_cache_scan prune_icache_sb dispose_list evict ext4_evict_inode ext4_clear_inode ext4_discard_preallocations ext4_mb_load_buddy_gfp ext4_mb_init_cache ext4_read_block_bitmap_nowait ext4_read_bh_nowait submi... • https://git.kernel.org/stable/c/e49e582965b3694f07a106adc83ddb44aa4f0890 • CWE-833: Deadlock •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50547 – media: solo6x10: fix possible memory leak in solo_sysfs_init()
https://notcve.org/view.php?id=CVE-2022-50547
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: fix possible memory leak in solo_sysfs_init() If device_register() returns error in solo_sysfs_init(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). In the Linux kernel, the following vulnerability has been resolved: media: so... • https://git.kernel.org/stable/c/dcae5dacbce518513abf7776cb450b7bd95d722b •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50545 – r6040: Fix kmemleak in probe and remove
https://notcve.org/view.php?id=CVE-2022-50545
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: r6040: Fix kmemleak in probe and remove There is a memory leaks reported by kmemleak: unreferenced object 0xffff888116111000 (size 2048): comm "modprobe", pid 817, jiffies 4294759745 (age 76.502s) hex dump (first 32 bytes): 00 c4 0a 04 81 88 ff ff 08 10 11 16 81 88 ff ff ................ 08 10 11 16 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50544 – usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
https://notcve.org/view.php?id=CVE-2022-50544
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() xhci_alloc_stream_info() allocates stream context array for stream_info ->stream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs, stream_info->stream_ctx_array is not released, which will lead to a memory leak. We can fix it by releasing the stream_info->stream_ctx_array with xhci_free_stream_ctx() on the error path to avoid the potential memory leak. In t... • https://git.kernel.org/stable/c/7fc6bab3413e6a42bb1264ff7c9149808c93a4c7 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50542 – media: si470x: Fix use-after-free in si470x_int_in_callback()
https://notcve.org/view.php?id=CVE-2022-50542
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470x_int_in_callback() syzbot reported use-after-free in si470x_int_in_callback() [1]. This indicates that urb->context, which contains struct si470x_device object, is freed when si470x_int_in_callback() is called. The cause of this issue is that si470x_int_in_callback() is called for freed urb. si470x_usb_driver_probe() calls si470x_start_usb(), which then calls usb_submit_urb() and si470x_start(). If... • https://git.kernel.org/stable/c/146bd005ebb01ae190c22af050cb98623958c373 •