CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50391 – mm/mempolicy: fix memory leak in set_mempolicy_home_node system call
https://notcve.org/view.php?id=CVE-2022-50391
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leak in set_mempolicy_home_node system call When encountering any vma in the range with policy other than MPOL_BIND or MPOL_PREFERRED_MANY, an error is returned without issuing a mpol_put on the policy just allocated with mpol_dup(). This allows arbitrary users to leak kernel memory. In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leak in set_mempolicy_home_node system ca... • https://git.kernel.org/stable/c/c6018b4b254971863bd0ad36bb5e7d0fa0f0ddb0 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50390 – drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED
https://notcve.org/view.php?id=CVE-2022-50390
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in ./include/drm/ttm/ttm_tt.h:122:26 left shift of 1 by 31 places cannot be represented in type 'int' Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50389 – tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
https://notcve.org/view.php?id=CVE-2022-50389
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak In crb_acpi_add(), we get the TPM2 table to retrieve information like start method, and then assign them to the priv data, so the TPM2 table is not used after the init, should be freed, call acpi_put_table() to fix the memory leak. In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak In crb_acpi_ad... • https://git.kernel.org/stable/c/30fc8d138e9123f374a3c3867e7c7c5cd4004941 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50388 – nvme: fix multipath crash caused by flush request when blktrace is enabled
https://notcve.org/view.php?id=CVE-2022-50388
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nvme: fix multipath crash caused by flush request when blktrace is enabled The flush request initialized by blk_kick_flush has NULL bio, and it may be dealt with nvme_end_req during io completion. When blktrace is enabled, nvme_trace_bio_complete with multipath activated trying to access NULL pointer bio from flush request results in the following crash: [ 2517.831677] BUG: kernel NULL pointer dereference, address: 000000000000001a [ 2517.8... • https://git.kernel.org/stable/c/35fe0d12c8a3d5e45f297562732ddc9ba9dc58dd • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50387 – net: hinic: fix the issue of CMDQ memory leaks
https://notcve.org/view.php?id=CVE-2022-50387
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: hinic: fix the issue of CMDQ memory leaks When hinic_set_cmdq_depth() fails in hinic_init_cmdqs(), the cmdq memory is not released correctly. Fix it. In the Linux kernel, the following vulnerability has been resolved: net: hinic: fix the issue of CMDQ memory leaks When hinic_set_cmdq_depth() fails in hinic_init_cmdqs(), the cmdq memory is not released correctly. Fix it. • https://git.kernel.org/stable/c/72ef908bb3ff9261dc38d079ef332c91418f8693 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50386 – Bluetooth: L2CAP: Fix user-after-free
https://notcve.org/view.php?id=CVE-2022-50386
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2cap_chan_hold_unless_zero() after calling __l2cap_get_chan_blah() to prevent the following trace: Bluetooth: l2cap_core.c:static void l2cap_chan_destroy(struct kref *kref) Bluetooth: chan 0000000023c4974d Bluetooth: parent 00000000ae861c08 ================================================================== BUG: KASAN: use-after-free in __mutex_waiter_is_first kernel/locking/mutex.c:191 [inlin... • https://git.kernel.org/stable/c/3df91ea20e744344100b10ae69a17211fcf5b207 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50385 – NFS: Fix an Oops in nfs_d_automount()
https://notcve.org/view.php?id=CVE-2022-50385
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfs_d_automount() When mounting from a NFSv4 referral, path->dentry can end up being a negative dentry, so derive the struct nfs_server from the dentry itself instead. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfs_d_automount() When mounting from a NFSv4 referral, path->dentry can end up being a negative dentry, so derive the struct nfs_server from the dentry itself instead. ... • https://git.kernel.org/stable/c/2b0143b5c986be1ce8408b3aadc4709e0a94429d • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50384 – staging: vme_user: Fix possible UAF in tsi148_dma_list_add
https://notcve.org/view.php?id=CVE-2022-50384
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: vme_user: Fix possible UAF in tsi148_dma_list_add Smatch report warning as follows: drivers/staging/vme_user/vme_tsi148.c:1757 tsi148_dma_list_add() warn: '&entry->list' not removed from list In tsi148_dma_list_add(), the error path "goto err_dma" will not remove entry->list from list->entries, but entry will be freed, then list traversal may cause UAF. Fix by removeing it from list->entries before free(). In the Linux kernel, the ... • https://git.kernel.org/stable/c/b2383c90a9d691201b9aee557776694cde86a935 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50383 – media: mediatek: vcodec: Can't set dst buffer to done when lat decode error
https://notcve.org/view.php?id=CVE-2022-50383
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Can't set dst buffer to done when lat decode error Core thread will call v4l2_m2m_buf_done to set dst buffer done for lat architecture. If lat call v4l2_m2m_buf_done_and_job_finish to free dst buffer when lat decode error, core thread will access kernel NULL pointer dereference, then crash. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Can't set dst buffer to done when ... • https://git.kernel.org/stable/c/7b182b8d9c852343fb34923a2d1b4e61421b37c7 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50382 – padata: Always leave BHs disabled when running ->parallel()
https://notcve.org/view.php?id=CVE-2022-50382
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: padata: Always leave BHs disabled when running ->parallel() A deadlock can happen when an overloaded system runs ->parallel() in the context of the current task: padata_do_parallel ->parallel() pcrypt_aead_enc/dec padata_do_serial spin_lock(&reorder->lock) // BHs still enabled