CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50366 – powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
https://notcve.org/view.php?id=CVE-2022-50366
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue When value < time_unit, the parameter of ilog2() will be zero and the return value is -1. u64(-1) is too large for shift exponent and then will trigger shift-out-of-bounds: shift exponent 18446744073709551615 is too large for 32-bit type 'int' Call Trace: rapl_compute_time_window_core rapl_write_data_raw set_time_window store_constraint_time_window_us • https://git.kernel.org/stable/c/2d281d8196e38dd3a4ee9af26621ddde8329f269 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-50365 – skbuff: Account for tail adjustment during pull operations
https://notcve.org/view.php?id=CVE-2022-50365
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: skbuff: Account for tail adjustment during pull operations Extending the tail can have some unexpected side effects if a program uses a helper like BPF_FUNC_skb_pull_data to read partial content beyond the head skb headlen when all the skbs in the gso frag_list are linear with no head_frag - kernel BUG at net/core/skbuff.c:4219! pc : skb_segment+0xcf4/0xd2c lr : skb_segment+0x63c/0xd2c Call trace: skb_segment+0xcf4/0xd2c __udp_gso_segment+0... • https://git.kernel.org/stable/c/162a5a8c3aff15c449e6b38355cdf80ab4f77a5a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50364 – i2c: mux: reg: check return value after calling platform_get_resource()
https://notcve.org/view.php?id=CVE-2022-50364
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: mux: reg: check return value after calling platform_get_resource() It will cause null-ptr-deref in resource_size(), if platform_get_resource() returns NULL, move calling resource_size() after devm_ioremap_resource() that will check 'res' to avoid null-ptr-deref. And use devm_platform_get_and_ioremap_resource() to simplify code. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and... • https://git.kernel.org/stable/c/b3fdd32799d834e2626fae087906e886037350c6 • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50363 – skmsg: pass gfp argument to alloc_sk_msg()
https://notcve.org/view.php?id=CVE-2022-50363
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: skmsg: pass gfp argument to alloc_sk_msg() syzbot found that alloc_sk_msg() could be called from a non sleepable context. sk_psock_verdict_recv() uses rcu_read_lock() protection. We need the callers to pass a gfp_t argument to avoid issues. syzbot report was: BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3613, name: syz-executor414 preempt_count: 0, ... • https://git.kernel.org/stable/c/43312915b5ba20741617dd2119e835205fa8580c • CWE-416: Use After Free CWE-767: Access to Critical Private Variable via Public Method •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50362 – dmaengine: hisilicon: Add multi-thread support for a DMA channel
https://notcve.org/view.php?id=CVE-2022-50362
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: hisilicon: Add multi-thread support for a DMA channel When we get a DMA channel and try to use it in multiple threads it will cause oops and hanging the system. % echo 100 > /sys/module/dmatest/parameters/threads_per_chan % echo 100 > /sys/module/dmatest/parameters/iterations % echo 1 > /sys/module/dmatest/parameters/run [383493.327077] Unable to handle kernel paging request at virtual address dead000000000108 [383493.335103] Mem... • https://git.kernel.org/stable/c/e9f08b65250d73ab70e79e194813f52b8d306784 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50361 – wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init()
https://notcve.org/view.php?id=CVE-2022-50361
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init() Fault injection test reports this issue: kernel BUG at net/core/dev.c:10731! invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50360 – drm/msm/dp: fix aux-bus EP lifetime
https://notcve.org/view.php?id=CVE-2022-50360
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix aux-bus EP lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is deferred. This can lead resource leaks or failure to bind the aggregate device when binding is later retried and a second attempt to allocate the resources is made. For the DP aux-bus, an attempt to populate the bus... • https://git.kernel.org/stable/c/c3bf8e21b38a89418f2e22173b229aaad2306815 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50359 – media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
https://notcve.org/view.php?id=CVE-2022-50359
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cx88: Fix a null-ptr-deref bug in buffer_prepare() When the driver calls cx88_risc_buffer() to prepare the buffer, the function call may fail, resulting in a empty buffer and null-ptr-deref later in buffer_queue(). The following log can reveal it: [ 41.822762] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 41.824488] KASAN: null-ptr-deref in range [0x0000000000000000... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-476: NULL Pointer Dereference •
CVSS: 4.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50358 – brcmfmac: return error when getting invalid max_flowrings from dongle
https://notcve.org/view.php?id=CVE-2022-50358
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid max_flowrings from dongle When firmware hit trap at initialization, host will read abnormal max_flowrings number from dongle, and it will cause kernel panic when doing iowrite to initialize dongle ring. To detect this error at early stage, we directly return error when getting invalid max_flowrings(>256). This update provides the initial livepatch for this kernel update. This update does not conta... • https://git.kernel.org/stable/c/9e37f045d5e7f33450515f237c2f6f6bfee137dd •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50357 – usb: dwc3: core: fix some leaks in probe
https://notcve.org/view.php?id=CVE-2022-50357
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: fix some leaks in probe The dwc3_get_properties() function calls: dwc->usb_psy = power_supply_get_by_name(usb_psy_name); so there is some additional clean up required on these error paths. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/6f0764b5adea18d70c3fab32d5f940678bcbd865 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •