CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50311 – cxl: Fix refcount leak in cxl_calc_capp_routing
https://notcve.org/view.php?id=CVE-2022-50311
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: cxl: Fix refcount leak in cxl_calc_capp_routing of_get_next_parent() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. This function only calls of_node_put() in normal path, missing it in the error path. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: cxl: Fix refcount leak in cxl_calc_capp_routing of_get_next_paren... • https://git.kernel.org/stable/c/f24be42aab37c6d07c05126673138e06223a6399 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50310 – ip6mr: fix UAF issue in ip6mr_sk_done() when addrconf_init_net() failed
https://notcve.org/view.php?id=CVE-2022-50310
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ip6mr: fix UAF issue in ip6mr_sk_done() when addrconf_init_net() failed If the initialization fails in calling addrconf_init_net(), devconf_all is the pointer that has been released. Then ip6mr_sk_done() is called to release the net, accessing devconf->mc_forwarding directly causes invalid pointer access. The process is as follows: setup_net() ops_init() addrconf_init_net() all = kmemdup(...) ---> alloc "all" ... net->ipv6.devconf_all = all... • https://git.kernel.org/stable/c/7d9b1b578d67a14ae7a7a526ee115b233fa264c4 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50309 – media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
https://notcve.org/view.php?id=CVE-2022-50309
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init of_get_child_by_name() returns a node pointer with refcount incremented,... • https://git.kernel.org/stable/c/df3305156f989339529b3d6744b898d498fb1f7b •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50308 – ASoC: qcom: Add checks for devm_kcalloc
https://notcve.org/view.php?id=CVE-2022-50308
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference. In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Add checks for devm_kcalloc As the devm_kcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference. This update provides the initial livepatch for this kernel update. This upda... • https://git.kernel.org/stable/c/24caf8d9eb108c52e144bcc7af94bb1edcb70700 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50307 – s390/cio: fix out-of-bounds access on cio_ignore free
https://notcve.org/view.php?id=CVE-2022-50307
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix out-of-bounds access on cio_ignore free The channel-subsystem-driver scans for newly available devices whenever device-IDs are removed from the cio_ignore list using a command such as: echo free >/proc/cio_ignore Since an I/O device scan might interfer with running I/Os, commit 172da89ed0ea ("s390/cio: avoid excessive path-verification requests") introduced an optimization to exclude online devices from the scan. The newly add... • https://git.kernel.org/stable/c/172da89ed0eaf9d9348f5decb86ad04c624b39d1 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50306 – ext4: fix potential out of bound read in ext4_fc_replay_scan()
https://notcve.org/view.php?id=CVE-2022-50306
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential out of bound read in ext4_fc_replay_scan() For scan loop must ensure that at least EXT4_FC_TAG_BASE_LEN space. If remain space less than EXT4_FC_TAG_BASE_LEN which will lead to out of bound read when mounting corrupt file system image. ADD_RANGE/HEAD/TAIL is needed to add extra check when do journal scan, as this three tags will read data during scan, tag length couldn't less than data length which will read. In the Linu... • https://git.kernel.org/stable/c/8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50305 – ASoC: sof_es8336: fix possible use-after-free in sof_es8336_remove()
https://notcve.org/view.php?id=CVE-2022-50305
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: sof_es8336: fix possible use-after-free in sof_es8336_remove() sof_es8336_remove() calls cancel_delayed_work(). However, that function does not wait until the work function finishes. This means that the callback function may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling cancel_delayed_work_sync(), which ensures that the work is properly cancelled, no longer run... • https://git.kernel.org/stable/c/b60ee210a76cabdc2dd5396de299a1860b4945cd •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50304 – mtd: core: fix possible resource leak in init_mtd()
https://notcve.org/view.php?id=CVE-2022-50304
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: core: fix possible resource leak in init_mtd() I got the error report while inject fault in init_mtd(): sysfs: cannot create duplicate filename '/devices/virtual/bdi/mtd-0' Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50303 – drm/amdkfd: Fix double release compute pasid
https://notcve.org/view.php?id=CVE-2022-50303
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix double release compute pasid If kfd_process_device_init_vm returns failure after vm is converted to compute vm and vm->pasid set to compute pasid, KFD will not take pdd->drm_file reference. As a result, drm close file handler maybe called to release the compute pasid before KFD process destroy worker to release the same pasid and set vm->pasid to zero, this generates below WARNING backtrace and NULL pointer access. Add helpe... • https://git.kernel.org/stable/c/88f7f88159bcdff96b2a5d244b26c8ba99b5e773 • CWE-1341: Multiple Releases of Same Resource or Handle •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50302 – lockd: set other missing fields when unlocking files
https://notcve.org/view.php?id=CVE-2022-50302
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfs_lock_file() expects the struct file_lock to be fully initialised by the caller. Re-exported NFSv3 has been seen to Oops if the fl_file field is NULL. In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfs_lock_file() expects the struct file_lock to be fully initialised by the caller. Re-exported NFSv3 has been seen ... • https://git.kernel.org/stable/c/9c3eef773cf4a8a18f959234bbb4c0a55c31ab71 •