CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50038 – drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
https://notcve.org/view.php?id=CVE-2022-50038
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() In this function, there are two refcount leak bugs: (1) when breaking out of for_each_endpoint_of_node(), we need call the of_node_put() for the 'ep'; (2) we should call of_node_put() for the reference returned by of_graph_get_remote_port() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in meson... • https://git.kernel.org/stable/c/bbbe775ec5b5dace43a35886da9924837da09ddd •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50037 – drm/i915/ttm: don't leak the ccs state
https://notcve.org/view.php?id=CVE-2022-50037
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should still take care not to leak the CCS state from the previous user. (cherry picked from commit 353819d85f87be46aeb9c1dd929d445a006fc6ec) In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the k... • https://git.kernel.org/stable/c/48760ffe923aeb2cc73865ea36b3509718d102e3 •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50036 – drm/sun4i: dsi: Prevent underflow when computing packet sizes
https://notcve.org/view.php?id=CVE-2022-50036
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when computing packet sizes Currently, the packet overhead is subtracted using unsigned arithmetic. With a short sync pulse, this could underflow and wrap around to near the maximal u16 value. Fix this by using signed subtraction. The call to max() will correctly handle any negative numbers that are produced. Apply the same fix to the other timings, even though those subtractions are less likely to underflo... • https://git.kernel.org/stable/c/133add5b5ad42b7bb5fcd59d681aef6475d08600 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50035 – drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex
https://notcve.org/view.php?id=CVE-2022-50035
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex If amdgpu_cs_vm_handling returns r != 0, then it will unlock the bo_list_mutex inside the function amdgpu_cs_vm_handling and again on amdgpu_cs_parser_fini. This problem results in the following use-after-free problem: [ 220.280990] ------------[ cut here ]------------ [ 220.281000] refcount_t: underflow; use-after-free. [ 220.281019] WARNING: CPU: 1 PID: 3746 at lib/refcount.c:28 refco... • https://git.kernel.org/stable/c/90af0ca047f3049c4b46e902f432ad6ef1e2ded6 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50034 – usb: cdns3 fix use-after-free at workaround 2
https://notcve.org/view.php?id=CVE-2022-50034
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac cdns3_wa2_remove_old_request() { ... kfree(priv_req->request.buf); cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ^^^ use after free ... } cdns3_gadget_ep_free_request() free the space pointed by priv_req, but priv_req is used in the following list_del_init(). This patch mo... • https://git.kernel.org/stable/c/8bc1901ca7b07d864fca11461b3875b31f949765 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50033 – usb: host: ohci-ppc-of: Fix refcount leak bug
https://notcve.org/view.php?id=CVE-2022-50033
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return a node pointer with refcount incremented. We should u... • https://git.kernel.org/stable/c/fe6fe64403710287f0ae61a516954d8a4f7c9e3f •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50032 – usb: renesas: Fix refcount leak bug
https://notcve.org/view.php?id=CVE-2022-50032
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will return a node pointer with refcount incremented. We should use of_node_put() whe... • https://git.kernel.org/stable/c/36b18b777dece704b7c2e9e7947ca41a9b0fb009 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50031 – scsi: iscsi: Fix HW conn removal use after free
https://notcve.org/view.php?id=CVE-2022-50031
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix HW conn removal use after free If qla4xxx doesn't remove the connection before the session, the iSCSI class tries to remove the connection for it. We were doing a iscsi_put_conn() in the iter function which is not needed and will result in a use after free because iscsi_remove_conn() will free the connection. In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix HW conn removal use after free ... • https://git.kernel.org/stable/c/0483ffc02ebb953124c592485a5c48ac4ffae5fe •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50030 – scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input
https://notcve.org/view.php?id=CVE-2022-50030
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Malformed user input to debugfs results in buffer overflow crashes. Adapt input string lengths to fit within internal buffers, leaving space for NULL terminators. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Malformed user input to debugfs results in buffer o... • https://git.kernel.org/stable/c/927907f1cbb3408cadde637fccfc17bb6b10a87d •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50029 – clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
https://notcve.org/view.php?id=CVE-2022-50029
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: dont disable gcc_sleep_clk_src Once the usb sleep clocks are disabled, clock framework is trying to disable the sleep clock source also. However, it seems that it cannot be disabled and trying to do so produces: [ 245.436390] ------------[ cut here ]------------ [ 245.441233] gcc_sleep_clk_src status stuck at 'on' [ 245.441254] WARNING: CPU: 2 PID: 223 at clk_branch_wait+0x130/0x140 [ 245.450435] Modules linked in: xhci_... • https://git.kernel.org/stable/c/38cee0d2b65eed42a44052de1bfdc0177b6c3f05 •