CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50769 – mmc: mxcmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50769
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: mxcmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash because of deleting not added device in the remove path. So fix this by checking the return value and goto error path which will call mmc_free_host(). In the Linux kernel, the following vulnerability has been resolved: mmc: mxcmmc: f... • https://git.kernel.org/stable/c/d96be879ff469759af6d7fcebdb66237c18da6f8 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50767 – fbdev: smscufx: Fix several use-after-free bugs
https://notcve.org/view.php?id=CVE-2022-50767
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: Fix several use-after-free bugs Several types of UAFs can occur when physically removing a USB device. Adds ufx_ops_destroy() function to .fb_destroy of fb_ops, and in this function, there is kref_put() that finally calls ufx_free(). This fix prevents multiple UAFs. In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: Fix several use-after-free bugs Several types of UAFs can occur when physical... • https://git.kernel.org/stable/c/3c8a63e22a0802fd56380f6ab305b419f18eb6f5 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50764 – ipv6/sit: use DEV_STATS_INC() to avoid data-races
https://notcve.org/view.php?id=CVE-2022-50764
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: use DEV_STATS_INC() to avoid data-races syzbot/KCSAN reported that multiple cpus are updating dev->stats.tx_error concurrently. This is because sit tunnels are NETIF_F_LLTX, meaning their ndo_start_xmit() is not protected by a spinlock. While original KCSAN report was about tx path, rx path has the same issue. In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: use DEV_STATS_INC() to avoid data-races syzb... • https://git.kernel.org/stable/c/8df40d1033d64597dcf1efd4f7547e817f7a953b •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50761 – x86/xen: Fix memory leak in xen_init_lock_cpu()
https://notcve.org/view.php?id=CVE-2022-50761
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xen_init_lock_cpu() In xen_init_lock_cpu(), the @name has allocated new string by kasprintf(), if bind_ipi_to_irqhandler() fails, it should be freed, otherwise may lead to a memory leak issue, fix it. In the Linux kernel, the following vulnerability has been resolved: x86/xen: Fix memory leak in xen_init_lock_cpu() In xen_init_lock_cpu(), the @name has allocated new string by kasprintf(), if bind_ipi_to_irqhandle... • https://git.kernel.org/stable/c/2d9e1e2f58b5612aa4eab0ab54c84308a29dbd79 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50751 – configfs: fix possible memory leak in configfs_create_dir()
https://notcve.org/view.php?id=CVE-2022-50751
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: configfs: fix possible memory leak in configfs_create_dir() kmemleak reported memory leaks in configfs_create_dir(): unreferenced object 0xffff888009f6af00 (size 192): comm "modprobe", pid 3777, jiffies 4295537735 (age 233.784s) backtrace: kmem_cache_alloc (mm/slub.c:3250 mm/slub.c:3256 mm/slub.c:3263 mm/slub.c:3273) new_fragment (./include/linux/slab.h:600 fs/configfs/dir.c:163) configfs_register_subsystem (fs/configfs/dir.c:1857) basic_wr... • https://git.kernel.org/stable/c/7063fbf2261194f72ee75afca67b3b38b554b5fa •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50749 – acct: fix potential integer overflow in encode_comp_t()
https://notcve.org/view.php?id=CVE-2022-50749
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: acct: fix potential integer overflow in encode_comp_t() The integer overflow is descripted with following codes: > 317 static comp_t encode_comp_t(u64 value) > 318 { > 319 int exp, rnd; ...... > 341 exp <<= MANTSIZE; > 342 exp += value; > 343 return exp; > 344 } Currently comp_t is defined as type of '__u16', but the variable 'exp' is type of 'int', so overflow would happen when variable 'exp' in line 343 is greater than 65535. In the Linux... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50747 – hfs: Fix OOB Write in hfs_asc2mac
https://notcve.org/view.php?id=CVE-2022-50747
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hfs: Fix OOB Write in hfs_asc2mac Syzbot reported a OOB Write bug: loop0: detected capacity change from 0 to 64 ================================================================== BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0 fs/hfs/trans.c:133 Write of size 1 at addr ffff88801848314e by task syz-executor391/3632 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-54050 – ubifs: Fix memleak when insert_old_idx() failed
https://notcve.org/view.php?id=CVE-2023-54050
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memleak when insert_old_idx() failed Following process will cause a memleak for copied up znode: dirty_cow_znode zn = copy_znode(c, znode); err = insert_old_idx(c, zbr->lnum, zbr->offs); if (unlikely(err)) return ERR_PTR(err); // No one refers to zn. Fetch a reproducer in [Link]. Function copy_znode() is split into 2 parts: resource allocation and znode replacement, insert_old_idx() is split in similar way, so resource cleanup co... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50733 – usb: idmouse: fix an uninit-value in idmouse_open
https://notcve.org/view.php?id=CVE-2022-50733
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: idmouse: fix an uninit-value in idmouse_open In idmouse_create_image, if any ftip_command fails, it will go to the reset label. However, this leads to the data in bulk_in_buffer[HEADER..IMGSIZE] uninitialized. And the check for valid image incurs an uninitialized dereference. Fix this by moving the check before reset label since this check only be valid if the data after bulk_in_buffer[HEADER] has concrete data. Note that this is found... • https://git.kernel.org/stable/c/4244f72436ab77c3c29a6447af81734ab3925d85 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50732 – staging: rtl8192u: Fix use after free in ieee80211_rx()
https://notcve.org/view.php?id=CVE-2022-50732
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192u: Fix use after free in ieee80211_rx() We cannot dereference the "skb" pointer after calling ieee80211_monitor_rx(), because it is a use after free. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192u: Fix use after free in ieee80211_rx() We cannot dereference the "skb" pointer after calling ieee80211_monitor_rx(), because it is a use after free. The SUSE Linux Enterprise 15 SP5 RT kernel w... • https://git.kernel.org/stable/c/8fc8598e61f6f384f3eaf1d9b09500c12af47b37 •