CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50046 – net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()
https://notcve.org/view.php?id=CVE-2022-50046
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() The issue happens on some error handling paths. When the function fails to grab the object `xprt`, it simply returns 0, forgetting to decrease the reference count of another object `xps`, which is increased by rpc_sysfs_xprt_kobj_get_xprt_switch(), causing refcount leaks. Also, the function forgets to check whether `xps` is valid before using it, which may result in NUL... • https://git.kernel.org/stable/c/5b7eb78486cd9ac58bfbd6d84ea0fe2d9fead03b •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50044 – net: qrtr: start MHI channel after endpoit creation
https://notcve.org/view.php?id=CVE-2022-50044
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues. 1) Such event may be dropped by qcom_mhi_qrtr_dl_callback() at check: if (!qdev || mhi_res->transaction_status) return; Because dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at this moment. In this situation qrtr-ns will be unable to enumerate services in device. ----------... • https://git.kernel.org/stable/c/a2e2cc0dbb1121dfa875da1c04f3dff966fec162 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50043 – net: fix potential refcount leak in ndisc_router_discovery()
https://notcve.org/view.php?id=CVE-2022-50043
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix potential refcount leak in ndisc_router_discovery() The issue happens on specific paths in the function. After both the object `rt` and `neigh` are grabbed successfully, when `lifetime` is nonzero but the metric needs change, the function just deletes the route and set `rt` to NULL. Then, it may try grabbing `rt` and `neigh` again if above conditions hold. The function simply overwrite `neigh` if succeeds or returns if fails, witho... • https://git.kernel.org/stable/c/6b2e04bc240fe9be9e690059f710e9f95346d34d •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50042 – net: genl: fix error path memory leak in policy dumping
https://notcve.org/view.php?id=CVE-2022-50042
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: genl: fix error path memory leak in policy dumping If construction of the array of policies fails when recording non-first policy we need to unwind. netlink_policy_dump_add_policy() itself also needs fixing as it currently gives up on error without recording the allocated pointer in the pstate pointer. In the Linux kernel, the following vulnerability has been resolved: net: genl: fix error path memory leak in policy dumping If construc... • https://git.kernel.org/stable/c/50a896cf2d6f34e884a00139d6e6012c9833ace3 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50041 – ice: Fix call trace with null VSI during VF reset
https://notcve.org/view.php?id=CVE-2022-50041
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: Fix call trace with null VSI during VF reset During stress test with attaching and detaching VF from KVM and simultaneously changing VFs spoofcheck and trust there was a call trace in ice_reset_vf that VF's VSI is null. [145237.352797] WARNING: CPU: 46 PID: 840629 at drivers/net/ethernet/intel/ice/ice_vf_lib.c:508 ice_reset_vf+0x3d6/0x410 [ice] [145237.352851] Modules linked in: ice(E) vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type... • https://git.kernel.org/stable/c/efe41860008e57fb6b69855b4b93fdf34bc42798 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50040 – net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions()
https://notcve.org/view.php?id=CVE-2022-50040
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() If an error occurs in dsa_devlink_region_create(), then 'priv->regions' array will be accessed by negative index '-1'. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() If an error occurs in dsa_devlink_region_cr... • https://git.kernel.org/stable/c/bf425b82059e0b0752c0026353c1902112200837 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50039 – stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove()
https://notcve.org/view.php?id=CVE-2022-50039
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() Commit 09f012e64e4b ("stmmac: intel: Fix clock handling on error and remove paths") removed this clk_disable_unprepare() This was partly revert by commit ac322f86b56c ("net: stmmac: Fix clock handling on remove path") which removed this clk_disable_unprepare() because: " While unloading the dwmac-intel driver, clk_disable_unprepare() is being called twice in... • https://git.kernel.org/stable/c/3afe11be6435e126f1507ddf1a9d0e5a0d90b336 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50038 – drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
https://notcve.org/view.php?id=CVE-2022-50038
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() In this function, there are two refcount leak bugs: (1) when breaking out of for_each_endpoint_of_node(), we need call the of_node_put() for the 'ep'; (2) we should call of_node_put() for the reference returned by of_graph_get_remote_port() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in meson... • https://git.kernel.org/stable/c/bbbe775ec5b5dace43a35886da9924837da09ddd •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50037 – drm/i915/ttm: don't leak the ccs state
https://notcve.org/view.php?id=CVE-2022-50037
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should still take care not to leak the CCS state from the previous user. (cherry picked from commit 353819d85f87be46aeb9c1dd929d445a006fc6ec) In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the k... • https://git.kernel.org/stable/c/48760ffe923aeb2cc73865ea36b3509718d102e3 •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50036 – drm/sun4i: dsi: Prevent underflow when computing packet sizes
https://notcve.org/view.php?id=CVE-2022-50036
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when computing packet sizes Currently, the packet overhead is subtracted using unsigned arithmetic. With a short sync pulse, this could underflow and wrap around to near the maximal u16 value. Fix this by using signed subtraction. The call to max() will correctly handle any negative numbers that are produced. Apply the same fix to the other timings, even though those subtractions are less likely to underflo... • https://git.kernel.org/stable/c/133add5b5ad42b7bb5fcd59d681aef6475d08600 •