CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50059 – ceph: don't leak snap_rwsem in handle_cap_grant
https://notcve.org/view.php?id=CVE-2022-50059
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: don't leak snap_rwsem in handle_cap_grant When handle_cap_grant is called on an IMPORT op, then the snap_rwsem is held and the function is expected to release it before returning. It currently fails to do that in all cases which could lead to a deadlock. In the Linux kernel, the following vulnerability has been resolved: ceph: don't leak snap_rwsem in handle_cap_grant When handle_cap_grant is called on an IMPORT op, then the snap_rwse... • https://git.kernel.org/stable/c/6f05b30ea063a2a05dda47a4105a69267ae5270f •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50057 – fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr
https://notcve.org/view.php?id=CVE-2022-50057
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr If ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL. Code should check this ptr before dereferencing. Syzbot hit this issue via passing wrong mount param as can be seen from log below Fail log: ntfs3: Unknown parameter 'iochvrset' general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000... • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50056 – fs/ntfs3: Fix missing i_op in ntfs_read_mft
https://notcve.org/view.php?id=CVE-2022-50056
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing i_op in ntfs_read_mft There is null pointer dereference because i_op == NULL. The bug happens because we don't initialize i_op for records in $Extend. In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing i_op in ntfs_read_mft There is null pointer dereference because i_op == NULL. The bug happens because we don't initialize i_op for records in $Extend. • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50055 – iavf: Fix adminq error handling
https://notcve.org/view.php?id=CVE-2022-50055
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent memory for VF mailbox. Free DMA regions for both ASQ and ARQ in case error happens during configuration of ASQ/ARQ registers. Without this change it is possible to see when unloading interface: 74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32] One of leaked entries det... • https://git.kernel.org/stable/c/d358aa9a7a2d5f91b1d33d5d4e27c2e46638d123 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50053 – iavf: Fix reset error handling
https://notcve.org/view.php?id=CVE-2022-50053
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavf_close in iavf_reset_task error handling. Doing so can lead to double call of napi_disable, which can lead to deadlock there. Removing VF would lead to iavf_remove task being stuck, because it requires crit_lock, which is held by iavf_close. Call iavf_disable_vf if reset fail, so that driver will clean up remaining invalid resources. During rapid VF resets, HW can fail to setup VF mailbox. Wron... • https://git.kernel.org/stable/c/f0db78928783f0a4cce4940e8c03c2e9a760e629 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50051 – ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
https://notcve.org/view.php?id=CVE-2022-50051
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: debug: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow (although it's unrealistic). This patch replaces with a safer version, scnprintf() for papering over such a potential issue. In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: debug: Fix potential buffer ... • https://git.kernel.org/stable/c/5b10b62989219aa527ee4fa555d1995a3b70981b •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50050 – ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()
https://notcve.org/view.php?id=CVE-2022-50050
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow (although it's unrealistic). This patch replaces with a safer version, scnprintf() for papering over such a potential issue. In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potenti... • https://git.kernel.org/stable/c/29c8e4398f02adacd429c7847dacc8aea5a0c2f1 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50048 – netfilter: nf_tables: possible module reference underflow in error path
https://notcve.org/view.php?id=CVE-2022-50048
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: possible module reference underflow in error path dst->ops is set on when nft_expr_clone() fails, but module refcount has not been bumped yet, therefore nft_expr_destroy() leads to module reference underflow. In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: possible module reference underflow in error path dst->ops is set on when nft_expr_clone() fails, but module refcount has n... • https://git.kernel.org/stable/c/8cfd9b0f8515e7c361bba27e2a2684cbd427fe01 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50047 – net: dsa: mv88e6060: prevent crash on an unused port
https://notcve.org/view.php?id=CVE-2022-50047
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6060: prevent crash on an unused port If the port isn't a CPU port nor a user port, 'cpu_dp' is a null pointer and a crash happened on dereferencing it in mv88e6060_setup_port(): [ 9.575872] Unable to handle kernel NULL pointer dereference at virtual address 00000014 ... [ 9.942216] mv88e6060_setup from dsa_register_switch+0x814/0xe84 [ 9.948616] dsa_register_switch from mdio_probe+0x2c/0x54 [ 9.954433] mdio_probe from really... • https://git.kernel.org/stable/c/0abfd494deefdbab66ac03c1181a614285e7d90c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50046 – net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()
https://notcve.org/view.php?id=CVE-2022-50046
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() The issue happens on some error handling paths. When the function fails to grab the object `xprt`, it simply returns 0, forgetting to decrease the reference count of another object `xps`, which is increased by rpc_sysfs_xprt_kobj_get_xprt_switch(), causing refcount leaks. Also, the function forgets to check whether `xps` is valid before using it, which may result in NUL... • https://git.kernel.org/stable/c/5b7eb78486cd9ac58bfbd6d84ea0fe2d9fead03b •