CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50222 – tty: vt: initialize unicode screen buffer
https://notcve.org/view.php?id=CVE-2022-50222
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read immediately after resize operation. Initialize buffer using kzalloc(). ---------- #include
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50221 – drm/fb-helper: Fix out-of-bounds access
https://notcve.org/view.php?id=CVE-2022-50221
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fix out-of-bounds access Clip memory range to screen-buffer size to avoid out-of-bounds access in fbdev deferred I/O's damage handling. Fbdev's deferred I/O can only track pages. From the range of pages, the damage handler computes the clipping rectangle for the display update. If the fbdev screen buffer ends near the beginning of a page, that page could contain more scanlines. The damage handler would then track these non-ex... • https://git.kernel.org/stable/c/67b723f5b74254d27962b1b59bddfee1584575ff •
CVSS: 6.6EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50220 – usbnet: Fix linkwatch use-after-free on disconnect
https://notcve.org/view.php?id=CVE-2022-50220
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which may sleep. On disconnect, completion of the work was originally awaited in ->ndo_stop(). But in 2003, that was moved to ->disconnect() by historic commit "[PATCH] USB: usbnet, prevent exotic rtnl deadlock": https://git.kernel.org/tglx/history/c/0f138bbfd83c The change was made because back then, the kernel's workqueue impl... • https://git.kernel.org/stable/c/d2d6b530d89b0a912148018027386aa049f0a309 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50219 – bpf: Fix KASAN use-after-free Read in compute_effective_progs
https://notcve.org/view.php?id=CVE-2022-50219
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in compute_effective_progs Syzbot found a Use After Free bug in compute_effective_progs(). The reproducer creates a number of BPF links, and causes a fault injected alloc to fail, while calling bpf_link_detach on them. Link detach triggers the link to be freed by bpf_link_free(), which calls __cgroup_bpf_detach() and update_effective_progs(). If the memory allocation in this function fails, the function re... • https://git.kernel.org/stable/c/af6eea57437a830293eab56246b6025cc7d46ee7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50218 – iio: light: isl29028: Fix the warning in isl29028_remove()
https://notcve.org/view.php?id=CVE-2022-50218
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028_remove() The driver use the non-managed form of the register function in isl29028_remove(). To keep the release order as mirroring the ordering in probe, the driver should use non-managed form in probe, too. The following log reveals it: [ 32.374955] isl29028 0-0010: remove [ 32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KAS... • https://git.kernel.org/stable/c/2db5054ac28d4ab2eaa6c67e2d9f61fa5ba006b8 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50217 – fuse: write inode in fuse_release()
https://notcve.org/view.php?id=CVE-2022-50217
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: fuse: write inode in fuse_release() A race between write(2) and close(2) allows pages to be dirtied after fuse_flush -> write_inode_now(). If these pages are not flushed from fuse_release(), then there might not be a writable open file later. So any remaining dirty pages must be written back before the file is released. This is a partial revert of the blamed commit. In the Linux kernel, the following vulnerability has been resolved: fuse: w... • https://git.kernel.org/stable/c/36ea23374d1f7b6a9d96a2b61d38830fdf23e45d •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50215 – scsi: sg: Allow waiting for commands to complete on removed device
https://notcve.org/view.php?id=CVE-2022-50215
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before the removal. This is problematic for commands that use SG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel when userspace frees or reuses it after getting ENODEV, leading to corrupted userspace ... • https://git.kernel.org/stable/c/bbc118acf7baf9e93c5e1314d14f481301af4d0f •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50214 – coresight: Clear the connection field properly
https://notcve.org/view.php?id=CVE-2022-50214
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: coresight: Clear the connection field properly coresight devices track their connections (output connections) and hold a reference to the fwnode. When a device goes away, we walk through the devices on the coresight bus and make sure that the references are dropped. This happens both ways: a) For all output connections from the device, drop the reference to the target device via coresight_release_platform_data() b) Iterate over all the devi... • https://git.kernel.org/stable/c/37ea1ffddffa63c920ce826786fe610c78f57842 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50213 – netfilter: nf_tables: do not allow SET_ID to refer to another table
https://notcve.org/view.php?id=CVE-2022-50213
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set may be kept after the set is freed, leading to a potential use-after-free. When looking for sets by ID, use the table that was used for the lookup by name, and only return sets belonging to that same table. This fix... • https://git.kernel.org/stable/c/958bee14d0718ca7a5002c0f48a099d1d345812a •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50212 – netfilter: nf_tables: do not allow CHAIN_ID to refer to another table
https://notcve.org/view.php?id=CVE-2022-50212
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table When doing lookups for chains on the same batch by using its ID, a chain from a different table can be used. If a rule is added to a table but refers to a chain in a different table, it will be linked to the chain in table2, but would have expressions referring to objects in table1. Then, when table1 is removed, the rule will not be removed as its linked to a chain in tab... • https://git.kernel.org/stable/c/837830a4b439bfeb86c70b0115c280377c84714b •