CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50226 – crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak
https://notcve.org/view.php?id=CVE-2022-50226
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data that PSP firmware returns. In this case, kmalloc will allocate memory that is the size of the input rather than the size of the data. Since PSP firmware doesn't fully overwrite the buffer, the sev ioctl interfaces with the issue may re... • https://git.kernel.org/stable/c/e799035609e1526761aa2f896a974b233d04d36d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50225 – riscv:uprobe fix SR_SPIE set/clear handling
https://notcve.org/view.php?id=CVE-2022-50225
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv:uprobe fix SR_SPIE set/clear handling In riscv the process of uprobe going to clear spie before exec the origin insn,and set spie after that.But When access the page which origin insn has been placed a page fault may happen and irq was disabled in arch_uprobe_pre_xol function,It cause a WARN as follows. There is no need to clear/set spie in arch_uprobe_pre/post/abort_xol. We can just remove it. [ 31.684157] BUG: sleeping function call... • https://git.kernel.org/stable/c/74784081aac8a0f3636965fc230e2d3b7cc123c6 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50224 – KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT
https://notcve.org/view.php?id=CVE-2022-50224
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled (mindblowing) and trigger the WARN that fires on reserved SPTE bits being set. KVM has required NX support for SVM since commit b26a71a1a5b9 ("KVM: SVM: Refuse to load kvm_amd if NX support is not available") for exactly this reason, but apparently it never occurred to anyone to ... • https://git.kernel.org/stable/c/6271f2854b9233702e236e576b885a876dde4889 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50223 – LoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
https://notcve.org/view.php?id=CVE-2022-50223
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5... • https://git.kernel.org/stable/c/fa96b57c149061f71a70bd6582d995f6424fbbf4 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50222 – tty: vt: initialize unicode screen buffer
https://notcve.org/view.php?id=CVE-2022-50222
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read immediately after resize operation. Initialize buffer using kzalloc(). ---------- #include
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50221 – drm/fb-helper: Fix out-of-bounds access
https://notcve.org/view.php?id=CVE-2022-50221
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fix out-of-bounds access Clip memory range to screen-buffer size to avoid out-of-bounds access in fbdev deferred I/O's damage handling. Fbdev's deferred I/O can only track pages. From the range of pages, the damage handler computes the clipping rectangle for the display update. If the fbdev screen buffer ends near the beginning of a page, that page could contain more scanlines. The damage handler would then track these non-ex... • https://git.kernel.org/stable/c/67b723f5b74254d27962b1b59bddfee1584575ff •
CVSS: 6.6EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50220 – usbnet: Fix linkwatch use-after-free on disconnect
https://notcve.org/view.php?id=CVE-2022-50220
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which may sleep. On disconnect, completion of the work was originally awaited in ->ndo_stop(). But in 2003, that was moved to ->disconnect() by historic commit "[PATCH] USB: usbnet, prevent exotic rtnl deadlock": https://git.kernel.org/tglx/history/c/0f138bbfd83c The change was made because back then, the kernel's workqueue impl... • https://git.kernel.org/stable/c/d2d6b530d89b0a912148018027386aa049f0a309 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50219 – bpf: Fix KASAN use-after-free Read in compute_effective_progs
https://notcve.org/view.php?id=CVE-2022-50219
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in compute_effective_progs Syzbot found a Use After Free bug in compute_effective_progs(). The reproducer creates a number of BPF links, and causes a fault injected alloc to fail, while calling bpf_link_detach on them. Link detach triggers the link to be freed by bpf_link_free(), which calls __cgroup_bpf_detach() and update_effective_progs(). If the memory allocation in this function fails, the function re... • https://git.kernel.org/stable/c/af6eea57437a830293eab56246b6025cc7d46ee7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50218 – iio: light: isl29028: Fix the warning in isl29028_remove()
https://notcve.org/view.php?id=CVE-2022-50218
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028_remove() The driver use the non-managed form of the register function in isl29028_remove(). To keep the release order as mirroring the ordering in probe, the driver should use non-managed form in probe, too. The following log reveals it: [ 32.374955] isl29028 0-0010: remove [ 32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KAS... • https://git.kernel.org/stable/c/2db5054ac28d4ab2eaa6c67e2d9f61fa5ba006b8 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50217 – fuse: write inode in fuse_release()
https://notcve.org/view.php?id=CVE-2022-50217
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: fuse: write inode in fuse_release() A race between write(2) and close(2) allows pages to be dirtied after fuse_flush -> write_inode_now(). If these pages are not flushed from fuse_release(), then there might not be a writable open file later. So any remaining dirty pages must be written back before the file is released. This is a partial revert of the blamed commit. In the Linux kernel, the following vulnerability has been resolved: fuse: w... • https://git.kernel.org/stable/c/36ea23374d1f7b6a9d96a2b61d38830fdf23e45d •