CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50873 – vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove
https://notcve.org/view.php?id=CVE-2022-50873
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove In vp_vdpa_remove(), the code kfree(&vp_vdpa_mgtdev->mgtdev.id_table) uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this: Unable to handle kernel paging request at virtual address 00ffff003363e30c Internal error: Oops: 96000004 [#1] SMP Call trace: rb_next+0x20/0x5c ext4_readdir+0x494/0x5c4 [ext4] iterate_dir+0x168/0x1b4 ... • https://git.kernel.org/stable/c/ffbda8e9df10d1784d5427ec199e7d8308e3763f •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50872 – ARM: OMAP2+: Fix memory leak in realtime_counter_init()
https://notcve.org/view.php?id=CVE-2022-50872
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix memory leak in realtime_counter_init() The "sys_clk" resource is malloced by clk_get(), it is not released when the function return. • https://git.kernel.org/stable/c/fa6d79d27614223d82418023b7f5300f1a1530d3 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50871 – wifi: ath11k: Fix qmi_msg_handler data structure initialization
https://notcve.org/view.php?id=CVE-2022-50871
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix qmi_msg_handler data structure initialization qmi_msg_handler is required to be null terminated by QMI module. There might be a case where a handler for a msg id is not present in the handlers array which can lead to infinite loop while searching the handler and therefore out of bound access in qmi_invoke_handler(). Hence update the initialization in qmi_msg_handler data structure. Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50870 – powerpc/rtas: avoid device tree lookups in rtas_os_term()
https://notcve.org/view.php?id=CVE-2022-50870
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtas_os_term() rtas_os_term() is called during panic. Its behavior depends on a couple of conditions in the /rtas node of the device tree, the traversal of which entails locking and local IRQ state changes. If the kernel panics while devtree_lock is held, rtas_os_term() as currently written could hang. Instead of discovering the relevant characteristics at panic time, cache them in file-static vari... • https://git.kernel.org/stable/c/088186ded490ced80758200cf8f906ed741df306 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50869 – fs/ntfs3: Fix slab-out-of-bounds in r_page
https://notcve.org/view.php?id=CVE-2022-50869
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds in r_page When PAGE_SIZE is 64K, if read_log_page is called by log_read_rst for the first time, the size of *buffer would be equal to DefaultLogPageSize(4K).But for *buffer operations like memcpy, if the memory area size(n) which being assigned to buffer is larger than 4K (log->page_size(64K) or bytes(64K-page_off)), it will cause an out of boundary error. Call trace: [...] kasan_report+0x44/0x130 check_memo... • https://git.kernel.org/stable/c/b46acd6a6a627d876898e1c84d3f84902264b445 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50868 – hwrng: amd - Fix PCI device refcount leak
https://notcve.org/view.php?id=CVE-2022-50868
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_put() for the n... • https://git.kernel.org/stable/c/96d63c0297ccfd6d9059c614b3f5555d9441a2b3 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50866 – ASoC: pxa: fix null-pointer dereference in filter()
https://notcve.org/view.php?id=CVE-2022-50866
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter() kasprintf() would return NULL pointer when kmalloc() fail to allocate. Need to check the return pointer before calling strcmp(). • https://git.kernel.org/stable/c/7a824e214e25a49442fe868dac0af8a904b24f58 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50864 – nilfs2: fix shift-out-of-bounds due to too large exponent of block size
https://notcve.org/view.php?id=CVE-2022-50864
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field s_log_block_size of superblock data is corrupted and too large, init_nilfs() and load_nilfs() still can trigger a shift-out-of-bounds warning followed by a kernel panic (if panic_on_warn is set): shift exponent 38973 is too large for 32-bit type 'int' Call Trace:
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50861 – NFSD: Finish converting the NFSv2 GETACL result encoder
https://notcve.org/view.php?id=CVE-2022-50861
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Finish converting the NFSv2 GETACL result encoder The xdr_stream conversion inadvertently left some code that set the page_len of the send buffer. The XDR stream encoders should handle this automatically now. This oversight adds garbage past the end of the Reply message. Clients typically ignore the garbage, but NFSD does not need to send it, as it leaks stale memory contents onto the wire. • https://git.kernel.org/stable/c/f8cba47344f794b54373189bec23195b51020faf •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50860 – apparmor: Fix memleak in alloc_ns()
https://notcve.org/view.php?id=CVE-2022-50860
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in alloc_ns() After changes in commit a1bd627b46d1 ("apparmor: share profile name on replacement"), the hname member of struct aa_policy is not valid slab object, but a subset of that, it can not be freed by kfree_sensitive(), use aa_policy_destroy() to fix it. • https://git.kernel.org/stable/c/a1bd627b46d169268a0ee5960899fb5be960a317 •