CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50191 – regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
https://notcve.org/view.php?id=CVE-2022-50191
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in of_get_regulation_constraints() We should call the of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount. In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in of_get_regulation_constraints() We should call the of_node_put() for the reference returned by of_get_child_by_name() which has increased the re... • https://git.kernel.org/stable/c/40e20d68bb3fb1ce2704c886d597918988d3321d •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50185 – drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
https://notcve.org/view.php?id=CVE-2022-50185
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() The last case label can write two buffers 'mc_reg_address[j]' and 'mc_data[j]' with 'j' offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE since there are no checks for this value in both case labels after the last 'j++'. Instead of changing '>' to '>=' there, add the bounds check at the start of the second 'case' (the first one already has it). Also, remove redunda... • https://git.kernel.org/stable/c/69e0b57a91adca2e3eb56ed4db39ab90f3ae1043 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50181 – virtio-gpu: fix a missing check to avoid NULL dereference
https://notcve.org/view.php?id=CVE-2022-50181
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset() and it will lead to a NULL dereference by a lately use of it (i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check. [ kraxel: minor codestyle fixup ] In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside ... • https://git.kernel.org/stable/c/62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50179 – ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
https://notcve.org/view.php?id=CVE-2022-50179
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem was in incorrect htc_handle->drv_priv initialization. Probable call trace which can trigger use-after-free: ath9k_htc_probe_device() /* htc_handle->drv_priv = priv; */ ath9k_htc_wait_for_target() <--- Failed ieee80211_free_hw() <--- priv pointer is freed
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50175 – media: tw686x: Fix memory leak in tw686x_video_init
https://notcve.org/view.php?id=CVE-2022-50175
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: tw686x: Fix memory leak in tw686x_video_init video_device_alloc() allocates memory for vdev, when video_register_device() fails, it doesn't release the memory and leads to memory leak, call video_device_release() to fix this. In the Linux kernel, the following vulnerability has been resolved: media: tw686x: Fix memory leak in tw686x_video_init video_device_alloc() allocates memory for vdev, when video_register_device() fails, it does... • https://git.kernel.org/stable/c/704a84ccdbf19fdce9adfda0b936dfdcac52fa49 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50174 – net: hinic: avoid kernel hung in hinic_get_stats64()
https://notcve.org/view.php?id=CVE-2022-50174
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: hinic: avoid kernel hung in hinic_get_stats64() When using hinic device as a bond slave device, and reading device stats of master bond device, the kernel may hung. The kernel panic calltrace as follows: Kernel panic - not syncing: softlockup: hung tasks Call trace: native_queued_spin_lock_slowpath+0x1ec/0x31c dev_get_stats+0x60/0xcc dev_seq_printf_stats+0x40/0x120 dev_seq_show+0x1c/0x40 seq_read_iter+0x3c8/0x4dc seq_read+0xe0/0x130 pr... • https://git.kernel.org/stable/c/edd384f682cc2981420628b769a1929db680f02f •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50169 – wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
https://notcve.org/view.php?id=CVE-2022-50169
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a single byte is initialized. However, we need to initialize the whole buffer to prevent information leaks. Just use memdup_user(). In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a ... • https://git.kernel.org/stable/c/ff974e4083341383d3dd4079e52ed30f57f376f0 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50166 – Bluetooth: When HCI work queue is drained, only queue chained work
https://notcve.org/view.php?id=CVE-2022-50166
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 ("Bluetooth: Call drain_workqueue() before resetting state"). There is another delayed work, which will queue command to this drained workqueue. Which results in the following error report: Bluetooth: hci2: command 0x040f tx timeout WARNING: CPU: 1 PID: 18374 at k... • https://git.kernel.org/stable/c/76727c02c1e14a2b561b806fa1d08acc1619ad27 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50165 – wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
https://notcve.org/view.php?id=CVE-2022-50165
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` Commit 7a4836560a61 changes simple_write_to_buffer() with memdup_user() but it forgets to change the value to be returned that came from simple_write_to_buffer() call. It results in the following warning: warning: variable 'rc' is uninitialized when used here [-Wuninitialized] return rc; ^~ Remove rc variable and just return the passed in length if the memdup_u... • https://git.kernel.org/stable/c/ff974e4083341383d3dd4079e52ed30f57f376f0 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50163 – ax25: fix incorrect dev_tracker usage
https://notcve.org/view.php?id=CVE-2022-50163
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect dev_tracker usage While investigating a separate rose issue [1], and enabling CONFIG_NET_DEV_REFCNT_TRACKER=y, Bernard reported an orthogonal ax25 issue [2] An ax25_dev can be used by one (or many) struct ax25_cb. We thus need different dev_tracker, one per struct ax25_cb. After this patch is applied, we are able to focus on rose. [1] https://lore.kernel.org/netdev/fb7544a1-f42e-9254-18cc-c9b071f4ca70@free.fr/ [2] [ 205.... • https://git.kernel.org/stable/c/feef318c855a361a1eccd880f33e88c460eb63b4 •