CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50185 – drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
https://notcve.org/view.php?id=CVE-2022-50185
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() The last case label can write two buffers 'mc_reg_address[j]' and 'mc_data[j]' with 'j' offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE since there are no checks for this value in both case labels after the last 'j++'. Instead of changing '>' to '>=' there, add the bounds check at the start of the second 'case' (the first one already has it). Also, remove redunda... • https://git.kernel.org/stable/c/69e0b57a91adca2e3eb56ed4db39ab90f3ae1043 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50181 – virtio-gpu: fix a missing check to avoid NULL dereference
https://notcve.org/view.php?id=CVE-2022-50181
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset() and it will lead to a NULL dereference by a lately use of it (i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check. [ kraxel: minor codestyle fixup ] In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside ... • https://git.kernel.org/stable/c/62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50179 – ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
https://notcve.org/view.php?id=CVE-2022-50179
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem was in incorrect htc_handle->drv_priv initialization. Probable call trace which can trigger use-after-free: ath9k_htc_probe_device() /* htc_handle->drv_priv = priv; */ ath9k_htc_wait_for_target() <--- Failed ieee80211_free_hw() <--- priv pointer is freed
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50175 – media: tw686x: Fix memory leak in tw686x_video_init
https://notcve.org/view.php?id=CVE-2022-50175
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: tw686x: Fix memory leak in tw686x_video_init video_device_alloc() allocates memory for vdev, when video_register_device() fails, it doesn't release the memory and leads to memory leak, call video_device_release() to fix this. In the Linux kernel, the following vulnerability has been resolved: media: tw686x: Fix memory leak in tw686x_video_init video_device_alloc() allocates memory for vdev, when video_register_device() fails, it does... • https://git.kernel.org/stable/c/704a84ccdbf19fdce9adfda0b936dfdcac52fa49 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50169 – wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
https://notcve.org/view.php?id=CVE-2022-50169
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a single byte is initialized. However, we need to initialize the whole buffer to prevent information leaks. Just use memdup_user(). In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a ... • https://git.kernel.org/stable/c/ff974e4083341383d3dd4079e52ed30f57f376f0 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50166 – Bluetooth: When HCI work queue is drained, only queue chained work
https://notcve.org/view.php?id=CVE-2022-50166
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 ("Bluetooth: Call drain_workqueue() before resetting state"). There is another delayed work, which will queue command to this drained workqueue. Which results in the following error report: Bluetooth: hci2: command 0x040f tx timeout WARNING: CPU: 1 PID: 18374 at k... • https://git.kernel.org/stable/c/76727c02c1e14a2b561b806fa1d08acc1619ad27 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50165 – wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
https://notcve.org/view.php?id=CVE-2022-50165
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` Commit 7a4836560a61 changes simple_write_to_buffer() with memdup_user() but it forgets to change the value to be returned that came from simple_write_to_buffer() call. It results in the following warning: warning: variable 'rc' is uninitialized when used here [-Wuninitialized] return rc; ^~ Remove rc variable and just return the passed in length if the memdup_u... • https://git.kernel.org/stable/c/ff974e4083341383d3dd4079e52ed30f57f376f0 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50162 – wifi: libertas: Fix possible refcount leak in if_usb_probe()
https://notcve.org/view.php?id=CVE-2022-50162
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in if_usb_probe() usb_get_dev will be called before lbs_get_firmware_async which means that usb_put_dev need to be called when lbs_get_firmware_async fails. In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in if_usb_probe() usb_get_dev will be called before lbs_get_firmware_async which means that usb_put_dev need to be called when lbs_ge... • https://git.kernel.org/stable/c/ce84bb69f50e6f6cfeabc9b965365290f4184417 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50161 – mtd: maps: Fix refcount leak in of_flash_probe_versatile
https://notcve.org/view.php?id=CVE-2022-50161
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in of_flash_probe_versatile of_find_matching_node_and_match() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in of_flash_probe_versatile of_find_matching_node_and_match() returns a node pointer with refcount ... • https://git.kernel.org/stable/c/b0afd44bc192ff4c0e90a5fc1724350bcfc32b33 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50160 – mtd: maps: Fix refcount leak in ap_flash_init
https://notcve.org/view.php?id=CVE-2022-50160
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in ap_flash_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in ap_flash_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() o... • https://git.kernel.org/stable/c/b0afd44bc192ff4c0e90a5fc1724350bcfc32b33 •