CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50179 – ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
https://notcve.org/view.php?id=CVE-2022-50179
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem was in incorrect htc_handle->drv_priv initialization. Probable call trace which can trigger use-after-free: ath9k_htc_probe_device() /* htc_handle->drv_priv = priv; */ ath9k_htc_wait_for_target() <--- Failed ieee80211_free_hw() <--- priv pointer is freed
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50169 – wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
https://notcve.org/view.php?id=CVE-2022-50169
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a single byte is initialized. However, we need to initialize the whole buffer to prevent information leaks. Just use memdup_user(). In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a ... • https://git.kernel.org/stable/c/ff974e4083341383d3dd4079e52ed30f57f376f0 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50165 – wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
https://notcve.org/view.php?id=CVE-2022-50165
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` Commit 7a4836560a61 changes simple_write_to_buffer() with memdup_user() but it forgets to change the value to be returned that came from simple_write_to_buffer() call. It results in the following warning: warning: variable 'rc' is uninitialized when used here [-Wuninitialized] return rc; ^~ Remove rc variable and just return the passed in length if the memdup_u... • https://git.kernel.org/stable/c/ff974e4083341383d3dd4079e52ed30f57f376f0 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50162 – wifi: libertas: Fix possible refcount leak in if_usb_probe()
https://notcve.org/view.php?id=CVE-2022-50162
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in if_usb_probe() usb_get_dev will be called before lbs_get_firmware_async which means that usb_put_dev need to be called when lbs_get_firmware_async fails. In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in if_usb_probe() usb_get_dev will be called before lbs_get_firmware_async which means that usb_put_dev need to be called when lbs_ge... • https://git.kernel.org/stable/c/ce84bb69f50e6f6cfeabc9b965365290f4184417 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50153 – usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
https://notcve.org/view.php?id=CVE-2022-50153
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node... • https://git.kernel.org/stable/c/796bcae7361c28cf825780f6f1aac9dd3411394e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50152 – usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
https://notcve.org/view.php?id=CVE-2022-50152
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node... • https://git.kernel.org/stable/c/73108aa90cbfc663649885a06fe5c1235307de1c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50140 – memstick/ms_block: Fix a memory leak
https://notcve.org/view.php?id=CVE-2022-50140
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: memstick/ms_block: Fix a memory leak 'erased_blocks_bitmap' is never freed. As it is allocated at the same time as 'used_blocks_bitmap', it is likely that it should be freed also at the same time. Add the corresponding bitmap_free() in msb_data_clear(). In the Linux kernel, the following vulnerability has been resolved: memstick/ms_block: Fix a memory leak 'erased_blocks_bitmap' is never freed. As it is allocated at the same time as 'used_b... • https://git.kernel.org/stable/c/0ab30494bc4f3bc1ea4659b7c5d97c5218554a63 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50129 – RDMA/srpt: Fix a use-after-free
https://notcve.org/view.php?id=CVE-2022-50129
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srpt_port from regular members into pointers. Allocate the LIO port data structures from inside srpt_make_tport() and free these from inside srpt_make_tport(). Keep struct srpt_device as long as either an RDMA port or a LIO target port is associated with it. This patch decouples the lifetime of struct srpt_port (controlled by the RDMA core) and struct srpt_port_id (co... • https://git.kernel.org/stable/c/a42d985bd5b234da8b61347a78dc3057bf7bb94d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50126 – jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
https://notcve.org/view.php?id=CVE-2022-50126
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted Following process will fail assertion 'jh->b_frozen_data == NULL' in jbd2_journal_dirty_metadata(): jbd2_journal_commit_transaction unlink(dir/a) jh->b_transaction = trans1 jh->b_jlist = BJ_Metadata journal->j_running_transaction = NULL trans1->t_state = T_COMMIT unlink(dir/b) handle->h_trans = trans2 do_get_write_access jh->b_modified = 0 jh->b_frozen_data = froze... • https://git.kernel.org/stable/c/470decc613ab2048b619a01028072d932d9086ee •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50116 – tty: n_gsm: fix deadlock and link starvation in outgoing data path
https://notcve.org/view.php?id=CVE-2022-50116
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. That means that the upper and the lower layer are hard coupled in the code. Due to this deadlocks can happen as seen below while transmitting data, especially during ldisc congestion. Furthermore, the data channels starve the control c... • https://git.kernel.org/stable/c/e1eaea46bb4020b38a141b84f88565d4603f8dd0 •