CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50331 – wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new()
https://notcve.org/view.php?id=CVE-2022-50331
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() Inject fault while probing module, if device_register() fails, but the refcount of kobject is not decreased to 0, the name allocated in dev_set_name() is leaked. Fix this by calling put_device(), so that name can be freed in callback function kobject_cleanup(). unreferenced object 0xffff88810152ad20 (size 8): comm "modprobe", pid 252, jiffies 4294849206 (age 22.713s) hex dump (fir... • https://git.kernel.org/stable/c/f36a111a74e71edbba27d4c0cf3d7bbccc172108 •
CVSS: 9.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50330 – crypto: cavium - prevent integer overflow loading firmware
https://notcve.org/view.php?id=CVE-2022-50330
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "ntohl(ucode->code_length) * 2" multiplication can hav... • https://git.kernel.org/stable/c/9e2c7d99941d000a36f68a3594cec27a1bbea274 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50329 – block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq
https://notcve.org/view.php?id=CVE-2022-50329
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq Commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") will access 'bic->bfqq' in bic_set_bfqq(), however, bfq_exit_icq_bfqq() can free bfqq first, and then call bic_set_bfqq(), which will cause uaf. Fix the problem by moving bfq_exit_bfqq() behind bic_set_bfqq(). In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bfq_exit_icq_bf... • https://git.kernel.org/stable/c/094f3d9314d67691cb21ba091c1b528f6e3c4893 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50328 – jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
https://notcve.org/view.php?id=CVE-2022-50328
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2_fc_wait_bufs In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count which may lead to use-after-free. So judge buffer if uptodate before put buffer head reference count. In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2_fc_wait_bufs In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count which may lead to use-... • https://git.kernel.org/stable/c/ff780b91efe901b8eecd8114785abae5341820ad •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50327 – ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
https://notcve.org/view.php?id=CVE-2022-50327
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could be NULL, which would cause a NULL pointer dereference to occur in acpi_device_hid(). [ rjw: Subject and changelog edits, added empty line after if () ] In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could ... • https://git.kernel.org/stable/c/a36a7fecfe6071732075ad5aa31196adce13181b • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50326 – media: airspy: fix memory leak in airspy probe
https://notcve.org/view.php?id=CVE-2022-50326
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: airspy: fix memory leak in airspy probe The commit ca9dc8d06ab6 ("media: airspy: respect the DMA coherency rules") moves variable buf from stack to heap, however, it only frees buf in the error handling code, missing deallocation in the success path. Fix this by freeing buf in the success path since this variable does not have any references in other code. In the Linux kernel, the following vulnerability has been resolved: media: air... • https://git.kernel.org/stable/c/ca9dc8d06ab64543a6a31adac5003349c5671218 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50325 – ASoC: Intel: avs: Fix potential RX buffer overflow
https://notcve.org/view.php?id=CVE-2022-50325
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix potential RX buffer overflow If an event caused firmware to return invalid RX size for LARGE_CONFIG_GET, memcpy_fromio() could end up copying too many bytes. Fix by utilizing min_t(). In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix potential RX buffer overflow If an event caused firmware to return invalid RX size for LARGE_CONFIG_GET, memcpy_fromio() could end up copying too ma... • https://git.kernel.org/stable/c/f14a1c5a9f830025dc8638303ddefd5f731ae4bc • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50324 – mtd: maps: pxa2xx-flash: fix memory leak in probe
https://notcve.org/view.php?id=CVE-2022-50324
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: maps: pxa2xx-flash: fix memory leak in probe Free 'info' upon remapping error to avoid a memory leak. [<miquel.raynal@bootlin.com>: Reword the commit log] This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/e644f7d6289456657996df4192de76c5d0a9f9c7 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50323 – net: do not sense pfmemalloc status in skb_append_pagefrags()
https://notcve.org/view.php?id=CVE-2022-50323
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: do not sense pfmemalloc status in skb_append_pagefrags() skb_append_pagefrags() is used by af_unix and udp sendpage() implementation so far. In commit 326140063946 ("tcp: TX zerocopy should not sense pfmemalloc status") we explained why we should not sense pfmemalloc status for pages owned by user space. We should also use skb_fill_page_desc_noacc() in skb_append_pagefrags() to avoid following KCSAN report: BUG: KCSAN: data-race in lru... • https://git.kernel.org/stable/c/8527c9a6bf8e54fef0a8d3d7d8874a48c725c915 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50322 – rtc: msc313: Fix function prototype mismatch in msc313_rtc_probe()
https://notcve.org/view.php?id=CVE-2022-50322
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rtc: msc313: Fix function prototype mismatch in msc313_rtc_probe() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. msc313_rtc_probe() was passing... • https://git.kernel.org/stable/c/be7d9c9161b9c76edeff15e79edc2f256568fe05 •