CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50223 – LoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
https://notcve.org/view.php?id=CVE-2022-50223
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5... • https://git.kernel.org/stable/c/fa96b57c149061f71a70bd6582d995f6424fbbf4 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50222 – tty: vt: initialize unicode screen buffer
https://notcve.org/view.php?id=CVE-2022-50222
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read immediately after resize operation. Initialize buffer using kzalloc(). ---------- #include
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50221 – drm/fb-helper: Fix out-of-bounds access
https://notcve.org/view.php?id=CVE-2022-50221
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fix out-of-bounds access Clip memory range to screen-buffer size to avoid out-of-bounds access in fbdev deferred I/O's damage handling. Fbdev's deferred I/O can only track pages. From the range of pages, the damage handler computes the clipping rectangle for the display update. If the fbdev screen buffer ends near the beginning of a page, that page could contain more scanlines. The damage handler would then track these non-ex... • https://git.kernel.org/stable/c/67b723f5b74254d27962b1b59bddfee1584575ff •
CVSS: 6.6EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50220 – usbnet: Fix linkwatch use-after-free on disconnect
https://notcve.org/view.php?id=CVE-2022-50220
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which may sleep. On disconnect, completion of the work was originally awaited in ->ndo_stop(). But in 2003, that was moved to ->disconnect() by historic commit "[PATCH] USB: usbnet, prevent exotic rtnl deadlock": https://git.kernel.org/tglx/history/c/0f138bbfd83c The change was made because back then, the kernel's workqueue impl... • https://git.kernel.org/stable/c/d2d6b530d89b0a912148018027386aa049f0a309 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50219 – bpf: Fix KASAN use-after-free Read in compute_effective_progs
https://notcve.org/view.php?id=CVE-2022-50219
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in compute_effective_progs Syzbot found a Use After Free bug in compute_effective_progs(). The reproducer creates a number of BPF links, and causes a fault injected alloc to fail, while calling bpf_link_detach on them. Link detach triggers the link to be freed by bpf_link_free(), which calls __cgroup_bpf_detach() and update_effective_progs(). If the memory allocation in this function fails, the function re... • https://git.kernel.org/stable/c/af6eea57437a830293eab56246b6025cc7d46ee7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50218 – iio: light: isl29028: Fix the warning in isl29028_remove()
https://notcve.org/view.php?id=CVE-2022-50218
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028_remove() The driver use the non-managed form of the register function in isl29028_remove(). To keep the release order as mirroring the ordering in probe, the driver should use non-managed form in probe, too. The following log reveals it: [ 32.374955] isl29028 0-0010: remove [ 32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KAS... • https://git.kernel.org/stable/c/2db5054ac28d4ab2eaa6c67e2d9f61fa5ba006b8 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50217 – fuse: write inode in fuse_release()
https://notcve.org/view.php?id=CVE-2022-50217
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: fuse: write inode in fuse_release() A race between write(2) and close(2) allows pages to be dirtied after fuse_flush -> write_inode_now(). If these pages are not flushed from fuse_release(), then there might not be a writable open file later. So any remaining dirty pages must be written back before the file is released. This is a partial revert of the blamed commit. In the Linux kernel, the following vulnerability has been resolved: fuse: w... • https://git.kernel.org/stable/c/36ea23374d1f7b6a9d96a2b61d38830fdf23e45d •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50215 – scsi: sg: Allow waiting for commands to complete on removed device
https://notcve.org/view.php?id=CVE-2022-50215
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before the removal. This is problematic for commands that use SG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel when userspace frees or reuses it after getting ENODEV, leading to corrupted userspace ... • https://git.kernel.org/stable/c/bbc118acf7baf9e93c5e1314d14f481301af4d0f •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50214 – coresight: Clear the connection field properly
https://notcve.org/view.php?id=CVE-2022-50214
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: coresight: Clear the connection field properly coresight devices track their connections (output connections) and hold a reference to the fwnode. When a device goes away, we walk through the devices on the coresight bus and make sure that the references are dropped. This happens both ways: a) For all output connections from the device, drop the reference to the target device via coresight_release_platform_data() b) Iterate over all the devi... • https://git.kernel.org/stable/c/37ea1ffddffa63c920ce826786fe610c78f57842 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50213 – netfilter: nf_tables: do not allow SET_ID to refer to another table
https://notcve.org/view.php?id=CVE-2022-50213
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set may be kept after the set is freed, leading to a potential use-after-free. When looking for sets by ID, use the table that was used for the lookup by name, and only return sets belonging to that same table. This fix... • https://git.kernel.org/stable/c/958bee14d0718ca7a5002c0f48a099d1d345812a •