CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50351 – cifs: Fix xid leak in cifs_create()
https://notcve.org/view.php?id=CVE-2022-50351
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifs_create() If the cifs already shutdown, we should free the xid before return, otherwise, the xid will be leaked. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/087f757b0129850c99cc9116df4909dac1bce871 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50350 – scsi: target: iscsi: Fix a race condition between login_work and the login thread
https://notcve.org/view.php?id=CVE-2022-50350
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between login_work and the login thread In case a malicious initiator sends some random data immediately after a login PDU; the iscsi_target_sk_data_ready() callback will schedule the login_work and, at the same time, the negotiation may end without clearing the LOGIN_FLAGS_INITIAL_PDU flag (because no additional PDU exchanges are required to complete the login). The login has been completed but the... • https://git.kernel.org/stable/c/d381a8010a052813a88e20e089be4a58aad8b40a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50349 – misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
https://notcve.org/view.php?id=CVE-2022-50349
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() If device_register() returns error in tifm_7xx1_switch_media(), name of kobject which is allocated in dev_set_name() called in device_add() is leaked. Never directly free @dev after calling device_register(), even if it returned an error! Always use put_device() to give up the reference initialized. This update provides the initial livepatch for this kernel update. This update... • https://git.kernel.org/stable/c/2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50348 – nfsd: Fix a memory leak in an error handling path
https://notcve.org/view.php?id=CVE-2022-50348
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix a memory leak in an error handling path If this memdup_user() call fails, the memory allocated in a previous call a few lines above should be freed. Otherwise it leaks. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/6ee95d1c899186c0798cafd25998d436bcdb9618 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50347 – mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50347
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and calling mmc_free_host() in the error path, besides, led_classdev_unregister() and pm_runtime_disable() also need be called.... • https://git.kernel.org/stable/c/c7f6558d84afe60016b8103c0737df6e376a1c2d • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50346 – ext4: init quota for 'old.inode' in 'ext4_rename'
https://notcve.org/view.php?id=CVE-2022-50346
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: init quota for 'old.inode' in 'ext4_rename' Syzbot found the following issue: ext4_parse_param: s_want_extra_isize=128 ext4_inode_info_init: s_want_extra_isize=32 ext4_rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828 new.inode=ffff88823869d7e8 new.dir=ffff888238699828 __ext4_mark_inode_dirty: inode=ffff888238699828 ea_isize=32 want_ea_size=128 __ext4_mark_inode_dirty: inode=ffff88823869a2c8 ea_isize=32 want_ea_size=128 ext4... • https://git.kernel.org/stable/c/6dd4ee7cab7e3a17c571aebd444f4344c8c4946e • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50344 – ext4: fix null-ptr-deref in ext4_write_info
https://notcve.org/view.php?id=CVE-2022-50344
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339 RIP: 0010:ext4_write_info+0x53/0x1b0 [...] Call Trace: dquot_writeback_dquots+0x341/0x9a0 ext4_sync_fs+0x19e/0x800 __sync_filesystem+0x83/0x100 sync_files... • https://git.kernel.org/stable/c/a1177825719ccef3f76ef39bbfd5ebb6087d53c7 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50343 – rapidio: fix possible name leaks when rio_add_device() fails
https://notcve.org/view.php?id=CVE-2022-50343
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leaks when rio_add_device() fails Patch series "rapidio: fix three possible memory leaks". This patchset fixes three name leaks in error handling. - patch #1 fixes two name leaks while rio_add_device() fails. - patch #2 fixes a name leak while rio_register_mport() fails. This patch (of 2): If rio_add_device() returns error, the name allocated by dev_set_name() need be freed. It should use put_device() to give up t... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50342 – floppy: Fix memory leak in do_floppy_init()
https://notcve.org/view.php?id=CVE-2022-50342
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: floppy: Fix memory leak in do_floppy_init() A memory leak was reported when floppy_alloc_disk() failed in do_floppy_init(). unreferenced object 0xffff888115ed25a0 (size 8): comm "modprobe", pid 727, jiffies 4295051278 (age 25.529s) hex dump (first 8 bytes): 00 ac 67 5b 81 88 ff ff ..g[.... backtrace: [<000000007f457abb>] __kmalloc_node+0x4c/0xc0 [<00000000a87bfa9e>] blk_mq_realloc_tag_set_tags.part.0+0x6f/0x180 [<000000006f02e8b1>] blk_mq_a... • https://git.kernel.org/stable/c/302cfee150291c6cd85b1ca197d062d0b423d09c • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50341 – cifs: fix oops during encryption
https://notcve.org/view.php?id=CVE-2022-50341
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR = 0x9600004f EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x0f: level 3 permission fault Data abort info: ISV = 0, ISS = 0x0000004f CM = 0, WnR = 1 swapper pgtable: 4k pages, 48-bit V... • https://git.kernel.org/stable/c/026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •