CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50827 – scsi: lpfc: Fix memory leak in lpfc_create_port()
https://notcve.org/view.php?id=CVE-2022-50827
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfc_create_port() Commit 5e633302ace1 ("scsi: lpfc: vmid: Add support for VMID in mailbox command") introduced allocations for the VMID resources in lpfc_create_port() after the call to scsi_host_alloc(). Upon failure on the VMID allocations, the new code would branch to the 'out' label, which returns NULL without unwinding anything, thus skipping the call to scsi_host_put(). Fix the problem by creating a sep... • https://git.kernel.org/stable/c/5e633302ace1f61f8ea5a3ce21e19a4d79126cca •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50826 – ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection()
https://notcve.org/view.php?id=CVE-2022-50826
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() Calling v4l2_subdev_get_try_crop() and v4l2_subdev_get_try_compose() with a subdev state of NULL leads to a NULL pointer dereference. This can currently happen in imgu_subdev_set_selection() when the state passed in is NULL, as this method first gets pointers to both the "try" and "active" states and only then decides which to use. The same issue has been addressed for i... • https://git.kernel.org/stable/c/0d346d2a6f54f06f36b224fd27cd6eafe8c83be9 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50824 – tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
https://notcve.org/view.php?id=CVE-2022-50824
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak In check_acpi_tpm2(), we get the TPM2 table just to make sure the table is there, not used after the init, so the acpi_put_table() should be added to release the ACPI memory. • https://git.kernel.org/stable/c/4cb586a188d468e05649575f0689dd2bf8c122e6 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50823 – clk: tegra: Fix refcount leak in tegra114_clock_init
https://notcve.org/view.php?id=CVE-2022-50823
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: tegra: Fix refcount leak in tegra114_clock_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. • https://git.kernel.org/stable/c/2cb5efefd6f7d3e7df9a7430b910a80515821256 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50822 – RDMA/restrack: Release MR restrack when delete
https://notcve.org/view.php?id=CVE-2022-50822
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Release MR restrack when delete The MR restrack also needs to be released when delete it, otherwise it cause memory leak as the task struct won't be released. • https://git.kernel.org/stable/c/13ef5539def732dc7b9c58c320d97a0a95b52634 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50821 – SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
https://notcve.org/view.php?id=CVE-2022-50821
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails • https://git.kernel.org/stable/c/030d794bf49855f5e2a9e8dfbfad34211d1eb08b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50820 – perf/arm_dmc620: Fix hotplug callback leak in dmc620_pmu_init()
https://notcve.org/view.php?id=CVE-2022-50820
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/arm_dmc620: Fix hotplug callback leak in dmc620_pmu_init() dmc620_pmu_init() won't remove the callback added by cpuhp_setup_state_multi() when platform_driver_register() failed. Remove the callback by cpuhp_remove_multi_state() in fail path. Similar to the handling of arm_ccn_init() in commit 26242b330093 ("bus: arm-ccn: Prevent hotplug callback leak") • https://git.kernel.org/stable/c/53c218da220c3619b5befec4674ffa35d590092a •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50819 – udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
https://notcve.org/view.php?id=CVE-2022-50819
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set ubuf->sg = NULL if the creation of sg table fails When userspace tries to map the dmabuf and if for some reason (e.g. OOM) the creation of the sg table fails, ubuf->sg needs to be set to NULL. Otherwise, when the userspace subsequently closes the dmabuf fd, we'd try to erroneously free the invalid sg table from release_udmabuf resulting in the following crash reported by syzbot: general protection fault, probably for non-canoni... • https://git.kernel.org/stable/c/284562e1f34874e267d4f499362c3816f8f6bc3f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50817 – net: hsr: avoid possible NULL deref in skb_clone()
https://notcve.org/view.php?id=CVE-2022-50817
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skb_clone() syzbot got a crash [1] in skb_clone(), caused by a bug in hsr_get_untagged_frame(). When/if create_stripped_skb_hsr() returns NULL, we must not attempt to call skb_clone(). While we are at it, replace a WARN_ONCE() by netdev_warn_once(). [1] general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000... • https://git.kernel.org/stable/c/f266a683a4804dc499efc6c2206ef68efed029d0 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50816 – ipv6: ensure sane device mtu in tunnels
https://notcve.org/view.php?id=CVE-2022-50816
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report [1] with no reproducer hints at a bug in ip6_gre tunnel (dev:ip6gretap0) Since ipv6 mcast code makes sure to read dev->mtu once and applies a sanity check on it (see commit b9b312a7a451 "ipv6: mcast: better catch silly mtu values"), a remaining possibility is that a layer is able to set dev->mtu to an underflowed value (high order bit set). This could happen indeed in ip6gre_tnl_... • https://git.kernel.org/stable/c/c12b395a46646bab69089ce7016ac78177f6001f •