CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50431 – ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
https://notcve.org/view.php?id=CVE-2022-50431
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() dev_set_name() in soundbus_add_one() allocates memory for name, it need be freed when of_device_register() fails, call soundbus_dev_put() to give up the reference that hold in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hit to 0. And other resources are also freed in i2sbus_release_dev(), so it can return 0 directly. In the Linux kernel, ... • https://git.kernel.org/stable/c/f3d9478b2ce468c3115b02ecae7e975990697f15 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50430 – mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
https://notcve.org/view.php?id=CVE-2022-50430
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING vub300_enable_sdio_irq() works with mutex and need TASK_RUNNING here. Ensure that we mark current as TASK_RUNNING for sleepable context. [ 77.554641] do not call blocking ops when !TASK_RUNNING; state=1 set at [
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50427 – ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
https://notcve.org/view.php?id=CVE-2022-50427
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should call put_device() to give up reference, or the name allocated in dev_set_name() is leaked. In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should call put_device() to give u... • https://git.kernel.org/stable/c/0ca06a00e206b963587ac471e6d1c52bf33b9a18 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50422 – scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
https://notcve.org/view.php?id=CVE-2022-50422
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() When executing SMP task failed, the smp_execute_task_sg() calls del_timer() to delete "slow_task->timer". However, if the timer handler sas_task_internal_timedout() is running, the del_timer() in smp_execute_task_sg() will not stop it and a UAF will happen. The process is shown below: (thread 1) | (thread 2) smp_execute_task_sg() | sas_task_internal_timedout() ... | del_timer() |... • https://git.kernel.org/stable/c/2908d778ab3e244900c310974e1fc1c69066e450 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39927 – ceph: fix race condition validating r_parent before applying state
https://notcve.org/view.php?id=CVE-2025-39927
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating r_parent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent operations (e.g. rename) cause r_parent to become stale between request initiation and reply processing, which could lead to applying state changes to incorrect directory inodes. [ idryomov: folded a kerneldoc fixup ... • https://git.kernel.org/stable/c/9030aaf9bf0a1eee47a154c316c789e959638b0f • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39920 – pcmcia: Add error handling for add_interval() in do_validate_mem()
https://notcve.org/view.php?id=CVE-2025-39920
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: pcmcia: Add error handling for add_interval() in do_validate_mem() In the do_validate_mem(), the call to add_interval() does not handle errors. If kmalloc() fails in add_interval(), it could result in a null pointer being inserted into the linked list, leading to illegal memory access when sub_interval() is called next. This patch adds an error handling for the add_interval(). If add_interval() returns an error, the function will return ear... • https://git.kernel.org/stable/c/7b4884ca8853a638df0eb5d251d80d67777b8b1a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39902 – mm/slub: avoid accessing metadata when pointer is invalid in object_err()
https://notcve.org/view.php?id=CVE-2025-39902
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in object_err() object_err() reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempting to access object metadata can lead to a crash since it does not point to a valid object. One known path to the crash is when alloc_consistency_checks() determines the pointer to the allocated object is invalid beca... • https://git.kernel.org/stable/c/81819f0fc8285a2a5a921c019e3e3d7b6169d225 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39885 – ocfs2: fix recursive semaphore deadlock in fiemap call
https://notcve.org/view.php?id=CVE-2025-39885
23 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to a recursive semaphore on a FS_IOC_FIEMAP of the extent list on a specially crafted mmap file. context_switch kernel/sched/core.c:5357 [inline] __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961 __schedule_loop kernel/sched/core.c:7043 [inline] schedule+0x165/0x360 kernel/sched/core.c:7058 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115 rws... • https://git.kernel.org/stable/c/00dc417fa3e763345b34ccb6034d72de76eea0a1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39848 – ax25: properly unshare skbs in ax25_kiss_rcv()
https://notcve.org/view.php?id=CVE-2025-39848
19 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains"). skb->dev becomes NULL and we crash in __netif_receive_skb_core(). Before above commit, different kind of bugs or corruptions could happen without a major crash. But the root cause is that ax25_kiss_rcv() can queue/mangle input skb without checking if this skb is shared or no... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39847 – ppp: fix memory leak in pad_compress_skb
https://notcve.org/view.php?id=CVE-2025-39847
19 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old skb. The caller does: skb = pad_compress_skb(ppp, skb); if (!skb) goto drop; drop: kfree_skb(skb); When pad_compress_skb() returns NULL, the reference to the old skb is lost and kfree_skb(skb) ends up doing nothing, leading to a memory leak. Align pad_compress_skb() semantics with realloc(): only free the old skb if... • https://git.kernel.org/stable/c/b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c •