CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50344 – ext4: fix null-ptr-deref in ext4_write_info
https://notcve.org/view.php?id=CVE-2022-50344
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339 RIP: 0010:ext4_write_info+0x53/0x1b0 [...] Call Trace: dquot_writeback_dquots+0x341/0x9a0 ext4_sync_fs+0x19e/0x800 __sync_filesystem+0x83/0x100 sync_files... • https://git.kernel.org/stable/c/a1177825719ccef3f76ef39bbfd5ebb6087d53c7 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50343 – rapidio: fix possible name leaks when rio_add_device() fails
https://notcve.org/view.php?id=CVE-2022-50343
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leaks when rio_add_device() fails Patch series "rapidio: fix three possible memory leaks". This patchset fixes three name leaks in error handling. - patch #1 fixes two name leaks while rio_add_device() fails. - patch #2 fixes a name leak while rio_register_mport() fails. This patch (of 2): If rio_add_device() returns error, the name allocated by dev_set_name() need be freed. It should use put_device() to give up t... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50342 – floppy: Fix memory leak in do_floppy_init()
https://notcve.org/view.php?id=CVE-2022-50342
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: floppy: Fix memory leak in do_floppy_init() A memory leak was reported when floppy_alloc_disk() failed in do_floppy_init(). unreferenced object 0xffff888115ed25a0 (size 8): comm "modprobe", pid 727, jiffies 4295051278 (age 25.529s) hex dump (first 8 bytes): 00 ac 67 5b 81 88 ff ff ..g[.... backtrace: [<000000007f457abb>] __kmalloc_node+0x4c/0xc0 [<00000000a87bfa9e>] blk_mq_realloc_tag_set_tags.part.0+0x6f/0x180 [<000000006f02e8b1>] blk_mq_a... • https://git.kernel.org/stable/c/302cfee150291c6cd85b1ca197d062d0b423d09c • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50341 – cifs: fix oops during encryption
https://notcve.org/view.php?id=CVE-2022-50341
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR = 0x9600004f EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x0f: level 3 permission fault Data abort info: ISV = 0, ISS = 0x0000004f CM = 0, WnR = 1 swapper pgtable: 4k pages, 48-bit V... • https://git.kernel.org/stable/c/026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50340 – media: vimc: Fix wrong function called when vimc_init() fails
https://notcve.org/view.php?id=CVE-2022-50340
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: vimc: Fix wrong function called when vimc_init() fails In vimc_init(), when platform_driver_register(&vimc_pdrv) fails, platform_driver_unregister(&vimc_pdrv) is wrongly called rather than platform_device_unregister(&vimc_pdev), which causes kernel warning: Unexpected driver unregister! WARNING: CPU: 1 PID: 14517 at drivers/base/driver.c:270 driver_unregister+0x8f/0xb0 RIP: 0010:driver_unregister+0x8f/0xb0 Call Trace:
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50339 – Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()
https://notcve.org/view.php?id=CVE-2022-50339
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() syzbot is again reporting attempt to cancel uninitialized work at mgmt_index_removed() [1], for setting of HCI_MGMT flag from mgmt_init_hdev() from hci_mgmt_cmd() from hci_sock_sendmsg() can race with testing of HCI_MGMT flag from mgmt_index_removed() from hci_sock_bind() due to lack of serialization via hci_dev_lock(). Since mgmt_init_hdev() is called with mgmt_chan_list_lock... • https://git.kernel.org/stable/c/3f2893d3c142986aa935821460cb3adb77044722 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39836 – efi: stmm: Fix incorrect buffer allocation method
https://notcve.org/view.php?id=CVE-2025-39836
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: efi: stmm: Fix incorrect buffer allocation method The communication buffer allocated by setup_mm_hdr() is later on passed to tee_shm_register_kernel_buf(). The latter expects those buffers to be contiguous pages, but setup_mm_hdr() just uses kmalloc(). That can cause various corruptions or BUGs, specifically since commit 9aec2fb0fd5e ("slab: allocate frozen pages"), though it was broken before as well. Fix this by using alloc_pages_exact() ... • https://git.kernel.org/stable/c/c44b6be62e8dd4ee0a308c36a70620613e6fc55f • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39835 – xfs: do not propagate ENODATA disk errors into xattr code
https://notcve.org/view.php?id=CVE-2025-39835
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code; namely, that the requested attribute name could not be found. However, a medium error from disk may also return ENODATA. At best, this medium error may escape to userspace as "attribute not found" when in fact it's an IO (disk) error. At worst, we may oops in xfs_attr_leaf_get() when we do: error = xfs_attr_leaf... • https://git.kernel.org/stable/c/07120f1abdff80f3d1351f733661abe28d609535 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39833 – mISDN: hfcpci: Fix warning when deleting uninitialized timer
https://notcve.org/view.php?id=CVE-2025-39833
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mISDN: hfcpci: Fix warning when deleting uninitialized timer With CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads to the following splat: [ 250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0 [ 250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0 [ 250.218775] Modules linked in: hfcpci(-) mISDN_core [ 250.219537] CPU: 0 U... • https://git.kernel.org/stable/c/87c5fa1bb42624254a2013cbbc3b170d6017f5d6 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39832 – net/mlx5: Fix lockdep assertion on sync reset unload event
https://notcve.org/view.php?id=CVE-2025-39832
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix lockdep assertion on sync reset unload event Fix lockdep assertion triggered during sync reset unload event. When the sync reset flow is initiated using the devlink reload fw_activate option, the PF already holds the devlink lock while handling unload event. In this case, delegate sync reset unload event handling back to the devlink callback process to avoid double-locking and resolve the lockdep warning. Kernel log: WARNING: ... • https://git.kernel.org/stable/c/7a9770f1bfeaeddf5afabd3244e2c4c4966be37d • CWE-667: Improper Locking •