CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53617 – soc: aspeed: socinfo: Add kfree for kstrdup
https://notcve.org/view.php?id=CVE-2023-53617
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: socinfo: Add kfree for kstrdup Add kfree() in the later error handling in order to avoid memory leak. • https://git.kernel.org/stable/c/e0218dca5787c851b403fcbc33cdfec795446fca •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50534 – dm thin: Use last transaction's pmd->root when commit failed
https://notcve.org/view.php?id=CVE-2022-50534
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dm thin: Use last transaction's pmd->root when commit failed Recently we found a softlock up problem in dm thin pool btree lookup code due to corrupted metadata: Kernel panic - not syncing: softlockup: hung tasks CPU: 7 PID: 2669225 Comm: kworker/u16:3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Workqueue: dm-thin do_worker [dm_thin_pool] Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50533 – wifi: mac80211: mlme: fix null-ptr deref on failed assoc
https://notcve.org/view.php?id=CVE-2022-50533
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mlme: fix null-ptr deref on failed assoc If association to an AP without a link 0 fails, then we crash in tracing because it assumes that either ap_mld_addr or link 0 BSS is valid, since we clear sdata->vif.valid_links and then don't add the ap_mld_addr to the struct. Since we clear also sdata->vif.cfg.ap_addr, keep a local copy of it and assign it earlier, before clearing valid_links, to fix this. In the Linux kernel, the f... • https://git.kernel.org/stable/c/81151ce462e533551f3284bfdb8e0f461c9220e6 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50532 – scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
https://notcve.org/view.php?id=CVE-2022-50532
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() In mpt3sas_transport_port_add(), if sas_rphy_add() returns error, sas_rphy_free() needs be called to free the resource allocated in sas_end_device_alloc(). Otherwise a kernel crash will happen: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 45 PID: 37020 Comm: bash Kdump: loaded Tainted: G W 6.1.0-rc1+ #189 pstate: 60000005 ... • https://git.kernel.org/stable/c/f92363d12359498f9a9960511de1a550f0ec41c2 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50531 – tipc: fix an information leak in tipc_topsrv_kern_subscr
https://notcve.org/view.php?id=CVE-2022-50531
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix an information leak in tipc_topsrv_kern_subscr Use a 8-byte write to initialize sub.usr_handle in tipc_topsrv_kern_subscr(), otherwise four bytes remain uninitialized when issuing setsockopt(..., SOL_TIPC, ...). This resulted in an infoleak reported by KMSAN when the packet was received: ===================================================== BUG: KMSAN: kernel-infoleak in copyout+0xbc/0x100 lib/iov_iter.c:169 instrument_copy_to_use... • https://git.kernel.org/stable/c/026321c6d056a54b4145522492245d2b5913ee1d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50530 – blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
https://notcve.org/view.php?id=CVE-2022-50530
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() Our syzkaller report a null pointer dereference, root cause is following: __blk_mq_alloc_map_and_rqs set->tags[hctx_idx] = blk_mq_alloc_map_and_rqs blk_mq_alloc_map_and_rqs blk_mq_alloc_rqs // failed due to oom alloc_pages_node // set->tags[hctx_idx] is still NULL blk_mq_free_rqs drv_tags = set->tags[hctx_idx]; // null pointer dereference is triggered blk_mq_clear_rq_mapping(... • https://git.kernel.org/stable/c/63064be150e4b1ba1e4af594ef5aa81adf21a52d • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50529 – test_firmware: fix memory leak in test_firmware_init()
https://notcve.org/view.php?id=CVE-2022-50529
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: test_firmware: fix memory leak in test_firmware_init() When misc_register() failed in test_firmware_init(), the memory pointed by test_fw_config->name is not released. The memory leak information is as follows: unreferenced object 0xffff88810a34cb00 (size 32): comm "insmod", pid 7952, jiffies 4294948236 (age 49.060s) hex dump (first 32 bytes): 74 65 73 74 2d 66 69 72 6d 77 61 72 65 2e 62 69 test-firmware.bi 6e 00 00 00 00 00 00 00 00 00 00 ... • https://git.kernel.org/stable/c/c92316bf8e94830a0225f2e904cbdbd173768419 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50528 – drm/amdkfd: Fix memory leakage
https://notcve.org/view.php?id=CVE-2022-50528
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leakage This patch fixes potential memory leakage and seg fault in _gpuvm_import_dmabuf() function In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leakage This patch fixes potential memory leakage and seg fault in _gpuvm_import_dmabuf() function • https://git.kernel.org/stable/c/d4ec4bdc0bd5ad352854473ba4dcbdb39fd5bfdd • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50527 – drm/amdgpu: Fix size validation for non-exclusive domains (v4)
https://notcve.org/view.php?id=CVE-2022-50527
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix size validation for non-exclusive domains (v4) Fix amdgpu_bo_validate_size() to check whether the TTM domain manager for the requested memory exists, else we get a kernel oops when dereferencing "man". v2: Make the patch standalone, i.e. not dependent on local patches. v3: Preserve old behaviour and just check that the manager pointer is not NULL. v4: Complain if GTT domain requested and it is uninitialized--most likely a bu... • https://git.kernel.org/stable/c/80546eef216854a7bd47e39e828f04b406c00599 •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50526 – drm/msm/dp: fix memory corruption with too many bridges
https://notcve.org/view.php?id=CVE-2022-50526
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork: https://patchwork.freedesktop.org/patch/502664/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix memory corruption with too many bridges Add the missing sanity check on the bridge co... • https://git.kernel.org/stable/c/8a3b4c17f863cde8e8743edd8faffe916c49b960 •