CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50045 – powerpc/pci: Fix get_phb_number() locking
https://notcve.org/view.php?id=CVE-2022-50045
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pci: Fix get_phb_number() locking The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP warning on some systems: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 1 lock held by swapper/1: #0: c157efb0 (hose_spinlock){+.+.}-{2:2}, at: pcibios_alloc_controller+... • https://git.kernel.org/stable/c/47a8fe1b154aa6d836582365b1c70684af8597e4 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50044 – net: qrtr: start MHI channel after endpoit creation
https://notcve.org/view.php?id=CVE-2022-50044
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues. 1) Such event may be dropped by qcom_mhi_qrtr_dl_callback() at check: if (!qdev || mhi_res->transaction_status) return; Because dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at this moment. In this situation qrtr-ns will be unable to enumerate services in device. ----------... • https://git.kernel.org/stable/c/a2e2cc0dbb1121dfa875da1c04f3dff966fec162 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50043 – net: fix potential refcount leak in ndisc_router_discovery()
https://notcve.org/view.php?id=CVE-2022-50043
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix potential refcount leak in ndisc_router_discovery() The issue happens on specific paths in the function. After both the object `rt` and `neigh` are grabbed successfully, when `lifetime` is nonzero but the metric needs change, the function just deletes the route and set `rt` to NULL. Then, it may try grabbing `rt` and `neigh` again if above conditions hold. The function simply overwrite `neigh` if succeeds or returns if fails, witho... • https://git.kernel.org/stable/c/6b2e04bc240fe9be9e690059f710e9f95346d34d •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50042 – net: genl: fix error path memory leak in policy dumping
https://notcve.org/view.php?id=CVE-2022-50042
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: genl: fix error path memory leak in policy dumping If construction of the array of policies fails when recording non-first policy we need to unwind. netlink_policy_dump_add_policy() itself also needs fixing as it currently gives up on error without recording the allocated pointer in the pstate pointer. In the Linux kernel, the following vulnerability has been resolved: net: genl: fix error path memory leak in policy dumping If construc... • https://git.kernel.org/stable/c/50a896cf2d6f34e884a00139d6e6012c9833ace3 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50040 – net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions()
https://notcve.org/view.php?id=CVE-2022-50040
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() If an error occurs in dsa_devlink_region_create(), then 'priv->regions' array will be accessed by negative index '-1'. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() If an error occurs in dsa_devlink_region_cr... • https://git.kernel.org/stable/c/bf425b82059e0b0752c0026353c1902112200837 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50039 – stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove()
https://notcve.org/view.php?id=CVE-2022-50039
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() Commit 09f012e64e4b ("stmmac: intel: Fix clock handling on error and remove paths") removed this clk_disable_unprepare() This was partly revert by commit ac322f86b56c ("net: stmmac: Fix clock handling on remove path") which removed this clk_disable_unprepare() because: " While unloading the dwmac-intel driver, clk_disable_unprepare() is being called twice in... • https://git.kernel.org/stable/c/3afe11be6435e126f1507ddf1a9d0e5a0d90b336 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50038 – drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
https://notcve.org/view.php?id=CVE-2022-50038
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() In this function, there are two refcount leak bugs: (1) when breaking out of for_each_endpoint_of_node(), we need call the of_node_put() for the 'ep'; (2) we should call of_node_put() for the reference returned by of_graph_get_remote_port() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in meson... • https://git.kernel.org/stable/c/bbbe775ec5b5dace43a35886da9924837da09ddd •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50036 – drm/sun4i: dsi: Prevent underflow when computing packet sizes
https://notcve.org/view.php?id=CVE-2022-50036
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when computing packet sizes Currently, the packet overhead is subtracted using unsigned arithmetic. With a short sync pulse, this could underflow and wrap around to near the maximal u16 value. Fix this by using signed subtraction. The call to max() will correctly handle any negative numbers that are produced. Apply the same fix to the other timings, even though those subtractions are less likely to underflo... • https://git.kernel.org/stable/c/133add5b5ad42b7bb5fcd59d681aef6475d08600 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50034 – usb: cdns3 fix use-after-free at workaround 2
https://notcve.org/view.php?id=CVE-2022-50034
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac cdns3_wa2_remove_old_request() { ... kfree(priv_req->request.buf); cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ^^^ use after free ... } cdns3_gadget_ep_free_request() free the space pointed by priv_req, but priv_req is used in the following list_del_init(). This patch mo... • https://git.kernel.org/stable/c/8bc1901ca7b07d864fca11461b3875b31f949765 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50033 – usb: host: ohci-ppc-of: Fix refcount leak bug
https://notcve.org/view.php?id=CVE-2022-50033
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return a node pointer with refcount incremented. We should u... • https://git.kernel.org/stable/c/fe6fe64403710287f0ae61a516954d8a4f7c9e3f •