CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50558 – regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode
https://notcve.org/view.php?id=CVE-2022-50558
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode Commit faa87ce9196d ("regmap-irq: Introduce config registers for irq types") added the num_config_regs, then commit 9edd4f5aee84 ("regmap-irq: Deprecate type registers and virtual registers") suggested to replace num_type_reg with it. However, regmap_add_irq_chip_fwnode wasn't modified to use the new property. Later on, commit 255a03bb1bb3 ("ASoC: wcd9335: Conver... • https://git.kernel.org/stable/c/faa87ce9196dbb074d75bd4aecb8bacf18f19b4e • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50557 – pinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions()
https://notcve.org/view.php?id=CVE-2022-50557
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions() The thunderbay_add_functions() will free memory of thunderbay_funcs when everything is ok, but thunderbay_funcs will not be freed when thunderbay_add_functions() fails, then there will be a memory leak, so we need to add kfree() when thunderbay_add_functions() fails to fix it. In addition, doing some cleaner works, moving kfree(funcs) from thunderbay_add_functions... • https://git.kernel.org/stable/c/12422af8194df85243d68b11f8783de9d01e58dc •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50556 – drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
https://notcve.org/view.php?id=CVE-2022-50556
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref due to drmm_mode_config_init() drmm_mode_config_init() will call drm_mode_create_standard_properties() and won't check the ret value. When drm_mode_create_standard_properties() failed due to alloc, property will be a NULL pointer and may causes the null-ptr-deref. Fix the null-ptr-deref by adding the ret value check. Found null-ptr-deref while testing insert module bochs: general protection fault, probably ... • https://git.kernel.org/stable/c/6b4959f43a04e12d39c5700607727f2cbcfeac31 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40016 – media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID
https://notcve.org/view.php?id=CVE-2025-40016
20 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` If we add a new entity with id 0 or a ... • https://git.kernel.org/stable/c/a3fbc2e6bb05a3b1ea341cd29dea09b4a033727b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40013 – ASoC: qcom: audioreach: fix potential null pointer dereference
https://notcve.org/view.php?id=CVE-2025-40013
20 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widget_load_module_common() could return NULL or an error pointer. Add missing NULL check so that we do not dereference it. In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widg... • https://git.kernel.org/stable/c/36ad9bf1d93d66b901342eab9f8ed6c1537655a6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40011 – drm/gma500: Fix null dereference in hdmi teardown
https://notcve.org/view.php?id=CVE-2025-40011
20 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix null dereference in hdmi teardown pci_set_drvdata sets the value of pdev->driver_data to NULL, after which the driver_data obtained from the same dev is dereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is extracted from it. To prevent this, swap these calls. Found by Linux Verification Center (linuxtesting.org) with Svacer. In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix null derefe... • https://git.kernel.org/stable/c/1b082ccf5901108d3acd860a73d8c0442556c0bb •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-40010 – afs: Fix potential null pointer dereference in afs_put_server
https://notcve.org/view.php?id=CVE-2025-40010
20 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afs_put_server afs_put_server() accessed server->debug_id before the NULL check, which could lead to a null pointer dereference. Move the debug_id assignment, ensuring we never dereference a NULL server pointer. In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afs_put_server afs_put_server() accessed server->debug_id before the N... • https://git.kernel.org/stable/c/2757a4dc184997c66ef1de32636f73b9f21aac14 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-40008 – kmsan: fix out-of-bounds access to shadow memory
https://notcve.org/view.php?id=CVE-2025-40008
20 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: kmsan: fix out-of-bounds access to shadow memory Running sha224_kunit on a KMSAN-enabled kernel results in a crash in kmsan_internal_set_shadow_origin(): BUG: unable to handle page fault for address: ffffbc3840291000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 1810067 P4D 1810067 PUD 192d067 PMD 3c17067 PTE 0 Oops: 0000 [#1] SMP NOPTI CPU: 0 UID: 0 PID: 81 Comm: kunit_try_catch Tainted: G N 6.17... • https://git.kernel.org/stable/c/9ff078f5bad8990091f1639347de5e02636e9536 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-40006 – mm/hugetlb: fix folio is still mapped when deleted
https://notcve.org/view.php?id=CVE-2025-40006
20 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix folio is still mapped when deleted Migration may be raced with fallocating hole. remove_inode_single_folio will unmap the folio if the folio is still mapped. However, it's called without folio lock. If the folio is migrated and the mapped pte has been converted to migration entry, folio_mapped() returns false, and won't unmap it. Due to extra refcount held by remove_inode_single_folio, migration fails, restores migration ent... • https://git.kernel.org/stable/c/4aae8d1c051ea00b456da6811bc36d1f69de5445 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40005 – spi: cadence-quadspi: Implement refcount to handle unbind during busy
https://notcve.org/view.php?id=CVE-2025-40005
20 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation with assumption no force device removal(unbind) operation. However force device removal(removal) is still available to root superuser. Unbinding driver during operation causes kernel crash. This changes ensure driver able to handle such operation for indirect read and indirect write by implementing refcount to trac... • https://git.kernel.org/stable/c/b7ec8a2b094a33d0464958c2cbf75b8f229098b0 •