CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50845 – ext4: fix inode leak in ext4_xattr_inode_create() on an error path
https://notcve.org/view.php?id=CVE-2022-50845
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4_xattr_inode_create() on an error path There is issue as follows when do setxattr with inject fault: [localhost]# fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 (12-Sep-2022) Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Unattached zero-length inode 15. Clear? no Unattached inode 15 Connect to /lost+found? no Pas... • https://git.kernel.org/stable/c/bd3b963b273e247e13979f98812a6e4979b5c1e4 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50844 – drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback
https://notcve.org/view.php?id=CVE-2022-50844
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. A proposed warning in c... • https://git.kernel.org/stable/c/8f4828d0a104d961d5eb850d0aef1530fc24e370 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50843 – dm clone: Fix UAF in clone_dtr()
https://notcve.org/view.php?id=CVE-2022-50843
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm clone: Fix UAF in clone_dtr() Dm_clone also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in clone_dtr(). • https://git.kernel.org/stable/c/7431b7835f554f8608b415a02cf3c3f086309e02 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50842 – drm/virtio: Check whether transferred 2D BO is shmem
https://notcve.org/view.php?id=CVE-2022-50842
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether transferred 2D BO is shmem Transferred 2D BO always must be a shmem BO. Add check for that to prevent NULL dereference if userspace passes a VRAM BO. • https://git.kernel.org/stable/c/f651c8b055423057d9f41525dfdc37b4796015d1 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50841 – fs/ntfs3: Add overflow check for attribute size
https://notcve.org/view.php?id=CVE-2022-50841
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size (e.g., 0xffffff7f) while parsing MFT attributes. This could lead to out-of-bound memory R/W if we try to access the next attribute derived by Add2Ptr(attr, asize) [ 32.963847] BUG: unable to handle page fault for address: ffff956a83c76067 [ 32.964301] #PF: supervisor read access in kernel mo... • https://git.kernel.org/stable/c/4342306f0f0d5ff4315a204d315c1b51b914fca5 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50840 – scsi: snic: Fix possible UAF in snic_tgt_create()
https://notcve.org/view.php?id=CVE-2022-50840
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snic_tgt_create() Smatch reports a warning as follows: drivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn: '&tgt->list' not removed from list If device_add() fails in snic_tgt_create(), tgt will be freed, but tgt->list will not be removed from snic->disc.tgt_list, then list traversal may cause UAF. Remove from snic->disc.tgt_list before free(). • https://git.kernel.org/stable/c/c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50839 – jbd2: fix potential buffer head reference count leak
https://notcve.org/view.php?id=CVE-2022-50839
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential buffer head reference count leak As in 'jbd2_fc_wait_bufs' if buffer isn't uptodate, will return -EIO without update 'journal->j_fc_off'. But 'jbd2_fc_release_bufs' will release buffer head from ‘j_fc_off - 1’ if 'bh' is NULL will terminal release which will lead to buffer head buffer head reference count leak. To solve above issue, update 'journal->j_fc_off' before return -EIO. • https://git.kernel.org/stable/c/ff780b91efe901b8eecd8114785abae5341820ad •
CVSS: -EPSS: 0%CPEs: 11EXPL: 0CVE-2022-50838 – net: stream: purge sk_error_queue in sk_stream_kill_queues()
https://notcve.org/view.php?id=CVE-2022-50838
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: stream: purge sk_error_queue in sk_stream_kill_queues() Changheon Lee reported TCP socket leaks, with a nice repro. It seems we leak TCP sockets with the following sequence: 1) SOF_TIMESTAMPING_TX_ACK is enabled on the socket. Each ACK will cook an skb put in error queue, from __skb_tstamp_tx(). __skb_tstamp_tx() is using skb_clone(), unless SOF_TIMESTAMPING_OPT_TSONLY was also requested. 2) If the application is also using MSG_ZEROCOP... • https://git.kernel.org/stable/c/7737b104c211fa843de268b897d601e070292a72 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50837 – net: dsa: tag_8021q: avoid leaking ctx on dsa_tag_8021q_register() error path
https://notcve.org/view.php?id=CVE-2022-50837
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: tag_8021q: avoid leaking ctx on dsa_tag_8021q_register() error path If dsa_tag_8021q_setup() fails, for example due to the inability of the device to install a VLAN, the tag_8021q context of the switch will leak. Make sure it is freed on the error path. • https://git.kernel.org/stable/c/328621f6131f667c5c328bb72d45442fd76efb81 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50836 – remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()
https://notcve.org/view.php?id=CVE-2022-50836
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() The kfree() should be called when of_irq_get_byname() fails or devm_request_threaded_irq() fails in qcom_add_sysmon_subdev(), otherwise there will be a memory leak, so add kfree() to fix it. • https://git.kernel.org/stable/c/027045a6e2b7cd81216e8a559534a30fb0782702 •