CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50039 – stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove()
https://notcve.org/view.php?id=CVE-2022-50039
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() Commit 09f012e64e4b ("stmmac: intel: Fix clock handling on error and remove paths") removed this clk_disable_unprepare() This was partly revert by commit ac322f86b56c ("net: stmmac: Fix clock handling on remove path") which removed this clk_disable_unprepare() because: " While unloading the dwmac-intel driver, clk_disable_unprepare() is being called twice in... • https://git.kernel.org/stable/c/3afe11be6435e126f1507ddf1a9d0e5a0d90b336 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50038 – drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
https://notcve.org/view.php?id=CVE-2022-50038
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() In this function, there are two refcount leak bugs: (1) when breaking out of for_each_endpoint_of_node(), we need call the of_node_put() for the 'ep'; (2) we should call of_node_put() for the reference returned by of_graph_get_remote_port() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in meson... • https://git.kernel.org/stable/c/bbbe775ec5b5dace43a35886da9924837da09ddd •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50036 – drm/sun4i: dsi: Prevent underflow when computing packet sizes
https://notcve.org/view.php?id=CVE-2022-50036
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when computing packet sizes Currently, the packet overhead is subtracted using unsigned arithmetic. With a short sync pulse, this could underflow and wrap around to near the maximal u16 value. Fix this by using signed subtraction. The call to max() will correctly handle any negative numbers that are produced. Apply the same fix to the other timings, even though those subtractions are less likely to underflo... • https://git.kernel.org/stable/c/133add5b5ad42b7bb5fcd59d681aef6475d08600 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50034 – usb: cdns3 fix use-after-free at workaround 2
https://notcve.org/view.php?id=CVE-2022-50034
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac cdns3_wa2_remove_old_request() { ... kfree(priv_req->request.buf); cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ^^^ use after free ... } cdns3_gadget_ep_free_request() free the space pointed by priv_req, but priv_req is used in the following list_del_init(). This patch mo... • https://git.kernel.org/stable/c/8bc1901ca7b07d864fca11461b3875b31f949765 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50033 – usb: host: ohci-ppc-of: Fix refcount leak bug
https://notcve.org/view.php?id=CVE-2022-50033
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return a node pointer with refcount incremented. We should u... • https://git.kernel.org/stable/c/fe6fe64403710287f0ae61a516954d8a4f7c9e3f •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50032 – usb: renesas: Fix refcount leak bug
https://notcve.org/view.php?id=CVE-2022-50032
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will return a node pointer with refcount incremented. We should use of_node_put() whe... • https://git.kernel.org/stable/c/36b18b777dece704b7c2e9e7947ca41a9b0fb009 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50031 – scsi: iscsi: Fix HW conn removal use after free
https://notcve.org/view.php?id=CVE-2022-50031
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix HW conn removal use after free If qla4xxx doesn't remove the connection before the session, the iSCSI class tries to remove the connection for it. We were doing a iscsi_put_conn() in the iter function which is not needed and will result in a use after free because iscsi_remove_conn() will free the connection. In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix HW conn removal use after free ... • https://git.kernel.org/stable/c/0483ffc02ebb953124c592485a5c48ac4ffae5fe •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50030 – scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input
https://notcve.org/view.php?id=CVE-2022-50030
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Malformed user input to debugfs results in buffer overflow crashes. Adapt input string lengths to fit within internal buffers, leaving space for NULL terminators. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Malformed user input to debugfs results in buffer o... • https://git.kernel.org/stable/c/927907f1cbb3408cadde637fccfc17bb6b10a87d •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50029 – clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
https://notcve.org/view.php?id=CVE-2022-50029
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: dont disable gcc_sleep_clk_src Once the usb sleep clocks are disabled, clock framework is trying to disable the sleep clock source also. However, it seems that it cannot be disabled and trying to do so produces: [ 245.436390] ------------[ cut here ]------------ [ 245.441233] gcc_sleep_clk_src status stuck at 'on' [ 245.441254] WARNING: CPU: 2 PID: 223 at clk_branch_wait+0x130/0x140 [ 245.450435] Modules linked in: xhci_... • https://git.kernel.org/stable/c/38cee0d2b65eed42a44052de1bfdc0177b6c3f05 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50028 – gadgetfs: ep_io - wait until IRQ finishes
https://notcve.org/view.php?id=CVE-2022-50028
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: gadgetfs: ep_io - wait until IRQ finishes after usb_ep_queue() if wait_for_completion_interruptible() is interrupted we need to wait until IRQ gets finished. Otherwise complete() from epio_complete() can corrupt stack. In the Linux kernel, the following vulnerability has been resolved: gadgetfs: ep_io - wait until IRQ finishes after usb_ep_queue() if wait_for_completion_interruptible() is interrupted we need to wait until IRQ gets finished.... • https://git.kernel.org/stable/c/67a4874461422e633236a0286a01b483cd647113 •