CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50300 – btrfs: fix extent map use-after-free when handling missing device in read_one_chunk
https://notcve.org/view.php?id=CVE-2022-50300
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when handling missing device in read_one_chunk Store the error code before freeing the extent_map. Though it's reference counted structure, in that function it's the first and last allocation so this would lead to a potential use-after-free. The error can happen eg. when chunk is stored on a missing device and the degraded mount option is missing. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216... • https://git.kernel.org/stable/c/adfb69af7d8cb6a3958f75aad1ef4bc96891d116 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50299 – md: Replace snprintf with scnprintf
https://notcve.org/view.php?id=CVE-2022-50299
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf() returns the number of characters generated from the given input, which could cause the expression “200 – len” to wrap around to a large positive number. Fix this by using scnprintf() instead, which returns the actual number of characters written into the buffe... • https://git.kernel.org/stable/c/766038846e875740cf4c20dfc5d5b292ba47360a • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50298 – slimbus: qcom-ngd: cleanup in probe error path
https://notcve.org/view.php?id=CVE-2022-50298
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd: cleanup in probe error path Add proper error path in probe() to cleanup resources previously acquired/allocated to fix warnings visible during probe deferral: notifier callback qcom_slim_ngd_ssr_notify already registered WARNING: CPU: 6 PID: 70 at kernel/notifier.c:28 notifier_chain_register+0x5c/0x90 Modules linked in: CPU: 6 PID: 70 Comm: kworker/u16:1 Not tainted 6.0.0-rc3-next-20220830 #380 Call trace: notifier_chain_... • https://git.kernel.org/stable/c/e1ae85e1830e167a63f94007e50e088b86aa0a16 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50297 – wifi: ath9k: verify the expected usb_endpoints are present
https://notcve.org/view.php?id=CVE-2022-50297
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usb_endpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. (In this case there was an interrupt endpoint where the driver expected a bulk endpoint.) The kernel needs to be able to handle such devices without getting an internal error. usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 3 PID: 500 at drivers/usb/core/urb.c:493 usb_submit_urb+0... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 • CWE-544: Missing Standardized Error Handling Mechanism •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50296 – UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
https://notcve.org/view.php?id=CVE-2022-50296
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50295 – io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd()
https://notcve.org/view.php?id=CVE-2022-50295
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd() Syzkaller produced the below call trace: BUG: KASAN: null-ptr-deref in io_msg_ring+0x3cb/0x9f0 Write of size 8 at addr 0000000000000070 by task repro/16399 CPU: 0 PID: 16399 Comm: repro Not tainted 6.1.0-rc1 #28 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50294 – wifi: libertas: fix memory leak in lbs_init_adapter()
https://notcve.org/view.php?id=CVE-2022-50294
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix memory leak in lbs_init_adapter() When kfifo_alloc() failed in lbs_init_adapter(), cmd buffer is not released. Add free memory to processing error path. In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix memory leak in lbs_init_adapter() When kfifo_alloc() failed in lbs_init_adapter(), cmd buffer is not released. Add free memory to processing error path. This update provides the initi... • https://git.kernel.org/stable/c/7919b89c8276d657976d4d4d6b7cb58ea1aa08c3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50293 – btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range
https://notcve.org/view.php?id=CVE-2022-50293
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range If we get -ENOMEM while dropping file extent items in a given range, at btrfs_drop_extents(), due to failure to allocate memory when attempting to increment the reference count for an extent or drop the reference count, we handle it with a BUG_ON(). This is excessive, instead we can simply abort the transaction and return the error to the caller. In fact most callers of... • https://git.kernel.org/stable/c/39279cc3d2704cfbf9c35dcb5bdd392159ae4625 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50292 – drm/msm/dp: fix bridge lifetime
https://notcve.org/view.php?id=CVE-2022-50292
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix bridge lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is deferred. This can lead resource leaks or failure to bind the aggregate device when binding is later retried and a second attempt to allocate the resources is made. For the DP bridges, previously allocated bridges will ... • https://git.kernel.org/stable/c/c3bf8e21b38a89418f2e22173b229aaad2306815 •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50291 – kcm: annotate data-races around kcm->rx_psock
https://notcve.org/view.php?id=CVE-2022-50291
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: kcm: annotate data-races around kcm->rx_psock kcm->rx_psock can be read locklessly in kcm_rfree(). Annotate the read and writes accordingly. We do the same for kcm->rx_wait in the following patch. syzbot reported: BUG: KCSAN: data-race in kcm_rfree / unreserve_rx_kcm write to 0xffff888123d827b8 of 8 bytes by task 2758 on cpu 1: unreserve_rx_kcm+0x72/0x1f0 net/kcm/kcmsock.c:313 kcm_rcv_strparser+0x2b5/0x3a0 net/kcm/kcmsock.c:373 __strp_recv+... • https://git.kernel.org/stable/c/ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 •