CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50058 – vdpa_sim_blk: set number of address spaces and virtqueue groups
https://notcve.org/view.php?id=CVE-2022-50058
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: vdpa_sim_blk: set number of address spaces and virtqueue groups Commit bda324fd037a ("vdpasim: control virtqueue support") added two new fields (nas, ngroups) to vdpasim_dev_attr, but we forgot to initialize them for vdpa_sim_blk. When creating a new vdpa_sim_blk device this causes the kernel to panic in this way: $ vdpa dev add mgmtdev vdpasim_blk name blk0 BUG: kernel NULL pointer dereference, address: 0000000000000030 ... RIP: 0010:vhost... • https://git.kernel.org/stable/c/bda324fd037a6b0d44da5699574ce741ca161bc4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50057 – fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr
https://notcve.org/view.php?id=CVE-2022-50057
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr If ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL. Code should check this ptr before dereferencing. Syzbot hit this issue via passing wrong mount param as can be seen from log below Fail log: ntfs3: Unknown parameter 'iochvrset' general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000... • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50056 – fs/ntfs3: Fix missing i_op in ntfs_read_mft
https://notcve.org/view.php?id=CVE-2022-50056
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing i_op in ntfs_read_mft There is null pointer dereference because i_op == NULL. The bug happens because we don't initialize i_op for records in $Extend. In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing i_op in ntfs_read_mft There is null pointer dereference because i_op == NULL. The bug happens because we don't initialize i_op for records in $Extend. • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50055 – iavf: Fix adminq error handling
https://notcve.org/view.php?id=CVE-2022-50055
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent memory for VF mailbox. Free DMA regions for both ASQ and ARQ in case error happens during configuration of ASQ/ARQ registers. Without this change it is possible to see when unloading interface: 74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32] One of leaked entries det... • https://git.kernel.org/stable/c/d358aa9a7a2d5f91b1d33d5d4e27c2e46638d123 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50054 – iavf: Fix NULL pointer dereference in iavf_get_link_ksettings
https://notcve.org/view.php?id=CVE-2022-50054
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->vf_res in iavf_init_get_resources. Previous commit introduced a regression, where receiving IAVF_ERR_ADMIN_QUEUE_NO_WORK from iavf_get_vf_config would free adapter->vf_res. However, netdev is still registered, so ethtool_ops can be called. Calling iavf_get_link_ksettings with no vf_res, will result with: [ 9385.242... • https://git.kernel.org/stable/c/209f2f9c718138ddbd8586e5a1463bd079a17241 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50053 – iavf: Fix reset error handling
https://notcve.org/view.php?id=CVE-2022-50053
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavf_close in iavf_reset_task error handling. Doing so can lead to double call of napi_disable, which can lead to deadlock there. Removing VF would lead to iavf_remove task being stuck, because it requires crit_lock, which is held by iavf_close. Call iavf_disable_vf if reset fail, so that driver will clean up remaining invalid resources. During rapid VF resets, HW can fail to setup VF mailbox. Wron... • https://git.kernel.org/stable/c/f0db78928783f0a4cce4940e8c03c2e9a760e629 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50052 – ASoC: Intel: avs: Fix potential buffer overflow by snprintf()
https://notcve.org/view.php?id=CVE-2022-50052
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in a buffer overflow (although it's unrealistic). This patch replaces it with a safer version, scnprintf() for papering over such a potential issue. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix potential buffer... • https://git.kernel.org/stable/c/f1b3b320bd6519b16e3480f74f2926d106e3bcba •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50051 – ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
https://notcve.org/view.php?id=CVE-2022-50051
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: debug: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow (although it's unrealistic). This patch replaces with a safer version, scnprintf() for papering over such a potential issue. In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: debug: Fix potential buffer ... • https://git.kernel.org/stable/c/5b10b62989219aa527ee4fa555d1995a3b70981b •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50050 – ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()
https://notcve.org/view.php?id=CVE-2022-50050
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow (although it's unrealistic). This patch replaces with a safer version, scnprintf() for papering over such a potential issue. In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potenti... • https://git.kernel.org/stable/c/29c8e4398f02adacd429c7847dacc8aea5a0c2f1 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50049 – ASoC: DPCM: Don't pick up BE without substream
https://notcve.org/view.php?id=CVE-2022-50049
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections at dpcm_add_paths(), it doesn't check whether the picked BE actually supports for the given stream direction. Due to that, when an asymmetric BE stream is present, it picks up wrongly and this may result in a NULL dereference at a later point where the code assumes the existence of a corresponding BE substream. This patch adds the check for the presen... • https://git.kernel.org/stable/c/bbf7d3b1c4f40eb02dd1dffb500ba00b0bff0303 •