CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50028 – gadgetfs: ep_io - wait until IRQ finishes
https://notcve.org/view.php?id=CVE-2022-50028
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: gadgetfs: ep_io - wait until IRQ finishes after usb_ep_queue() if wait_for_completion_interruptible() is interrupted we need to wait until IRQ gets finished. Otherwise complete() from epio_complete() can corrupt stack. In the Linux kernel, the following vulnerability has been resolved: gadgetfs: ep_io - wait until IRQ finishes after usb_ep_queue() if wait_for_completion_interruptible() is interrupted we need to wait until IRQ gets finished.... • https://git.kernel.org/stable/c/67a4874461422e633236a0286a01b483cd647113 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50027 – scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE
https://notcve.org/view.php?id=CVE-2022-50027
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE There is no corresponding free routine if lpfc_sli4_issue_wqe fails to issue the CMF WQE in lpfc_issue_cmf_sync_wqe. If ret_val is non-zero, then free the iocbq request structure. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE There is no corresponding free routine if lpfc_sli4_issue_wqe ... • https://git.kernel.org/stable/c/9c8e2e607270a368834a0ef72aa82d970f89c596 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50026 – habanalabs/gaudi: fix shift out of bounds
https://notcve.org/view.php?id=CVE-2022-50026
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: habanalabs/gaudi: fix shift out of bounds When validating NIC queues, queue offset calculation must be performed only for NIC queues. In the Linux kernel, the following vulnerability has been resolved: habanalabs/gaudi: fix shift out of bounds When validating NIC queues, queue offset calculation must be performed only for NIC queues. • https://git.kernel.org/stable/c/ac0ae6a96aa58eeba4aed97b12ef1dea8c5bf399 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50025 – cxl: Fix a memory leak in an error handling path
https://notcve.org/view.php?id=CVE-2022-50025
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: cxl: Fix a memory leak in an error handling path A bitmap_zalloc() must be balanced by a corresponding bitmap_free() in the error handling path of afu_allocate_irqs(). In the Linux kernel, the following vulnerability has been resolved: cxl: Fix a memory leak in an error handling path A bitmap_zalloc() must be balanced by a corresponding bitmap_free() in the error handling path of afu_allocate_irqs(). • https://git.kernel.org/stable/c/c2c7a29f99788e9e5dfe41d16868ea33da7cc235 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50024 – dmaengine: dw-axi-dmac: do not print NULL LLI during error
https://notcve.org/view.php?id=CVE-2022-50024
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: do not print NULL LLI during error During debugging we have seen an issue where axi_chan_dump_lli() is passed a NULL LLI pointer which ends up causing an OOPS due to trying to get fields from it. Simply print NULL LLI and exit to avoid this. In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: do not print NULL LLI during error During debugging we have seen an issue where axi_ch... • https://git.kernel.org/stable/c/af76e6fdcf92f1a742b788d0dba5edd194267bf9 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50023 – dmaengine: dw-axi-dmac: ignore interrupt if no descriptor
https://notcve.org/view.php?id=CVE-2022-50023
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: ignore interrupt if no descriptor If the channel has no descriptor and the interrupt is raised then the kernel will OOPS. Check the result of vchan_next_desc() in the handler axi_chan_block_xfer_complete() to avoid the error happening. In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: ignore interrupt if no descriptor If the channel has no descriptor and the interrupt is rais... • https://git.kernel.org/stable/c/54aa6c49361b79f7f6b15fc63dfe9ea52c70bb03 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50022 – drivers:md:fix a potential use-after-free bug
https://notcve.org/view.php?id=CVE-2022-50022
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drivers:md:fix a potential use-after-free bug In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and may cause sh to be released. However, sh is subsequently used in lines 2886 "if (sh->batch_head && sh != sh->batch_head)". This may result in an use-after-free bug. It can be fixed by moving "raid5_release_stripe(sh);" to the bottom of the function. • https://git.kernel.org/stable/c/7470a4314b239e9a9580f248fdf4c9a92805490e •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50021 – ext4: block range must be validated before use in ext4_mb_clear_bb()
https://notcve.org/view.php?id=CVE-2022-50021
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: block range must be validated before use in ext4_mb_clear_bb() Block range to free is validated in ext4_free_blocks() using ext4_inode_block_valid() and then it's passed to ext4_mb_clear_bb(). However in some situations on bigalloc file system the range might be adjusted after the validation in ext4_free_blocks() which can lead to troubles on corrupted file systems such as one found by syzkaller that resulted in the following BUG kern... • https://git.kernel.org/stable/c/7550aade978371ac582f6d43b14c4cb89ca54463 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50020 – ext4: avoid resizing to a partial cluster size
https://notcve.org/view.php?id=CVE-2022-50020
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the filesystem to an unaligned cluster boundary. An online resize to a size that is not integral to cluster size results in the last iteration attempting to grow the fs by a negative amount, which trips a BUG_ON and leaves the fs with a corrupted in-memory superblock. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing ... • https://git.kernel.org/stable/c/53f62a4201be1cfc1e3c971e566888b182c3ffb0 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50019 – tty: serial: Fix refcount leak bug in ucc_uart.c
https://notcve.org/view.php?id=CVE-2022-50019
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: Fix refcount leak bug in ucc_uart.c In soc_info(), of_find_node_by_type() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: tty: serial: Fix refcount leak bug in ucc_uart.c In soc_info(), of_find_node_by_type() will return a node pointer with refcount incremented. We should use of_node_put() when it i... • https://git.kernel.org/stable/c/8245e7d1d7f75a9255ad1e8146752e5051d528b8 •