CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50755 – udf: Avoid double brelse() in udf_rename()
https://notcve.org/view.php?id=CVE-2022-50755
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: udf: Avoid double brelse() in udf_rename() syzbot reported a warning like below [1]: VFS: brelse: Trying to free free buffer WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 __brelse+0x67/0xa0 ... Call Trace: <TASK> invalidate_bh_lru+0x99/0x150 smp_call_function_many_cond+0xe2a/0x10c0 ? generic_remap_file_range_prep+0x50/0x50 ? __brelse+0xa0/0xa0 ? __mutex_lock+0x21c/0x12d0 ? smp_call_on_cpu+0x250/0x250 ? • https://git.kernel.org/stable/c/231473f6ddcef9c01993e0bfe36acc6f8e425c31 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50754 – apparmor: fix a memleak in multi_transaction_new()
https://notcve.org/view.php?id=CVE-2022-50754
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: apparmor: fix a memleak in multi_transaction_new() In multi_transaction_new(), the variable t is not freed or passed out on the failure of copy_from_user(t->data, buf, size), which could lead to a memleak. Fix this bug by adding a put_multi_transaction(t) in the error path. In the Linux kernel, the following vulnerability has been resolved: apparmor: fix a memleak in multi_transaction_new() In multi_transaction_new(), the variable t is not ... • https://git.kernel.org/stable/c/1dea3b41e84c5923173fe654dcb758a5cb4a46e5 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50753 – f2fs: fix to do sanity check on summary info
https://notcve.org/view.php?id=CVE-2022-50753
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on summary info As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216456 BUG: KASAN: use-after-free in recover_data+0x63ae/0x6ae0 [f2fs] Read of size 4 at addr ffff8881464dcd80 by task mount/1013 CPU: 3 PID: 1013 Comm: mount Tainted: G W 6.0.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 Call Trace: dump_stack_lvl+0x45/0x5e print_report.cold+0... • https://git.kernel.org/stable/c/b292dcab068e141d8a820b77cbcc88d98c610eb4 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50751 – configfs: fix possible memory leak in configfs_create_dir()
https://notcve.org/view.php?id=CVE-2022-50751
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: configfs: fix possible memory leak in configfs_create_dir() kmemleak reported memory leaks in configfs_create_dir(): unreferenced object 0xffff888009f6af00 (size 192): comm "modprobe", pid 3777, jiffies 4295537735 (age 233.784s) backtrace: kmem_cache_alloc (mm/slub.c:3250 mm/slub.c:3256 mm/slub.c:3263 mm/slub.c:3273) new_fragment (./include/linux/slab.h:600 fs/configfs/dir.c:163) configfs_register_subsystem (fs/configfs/dir.c:1857) basic_wr... • https://git.kernel.org/stable/c/7063fbf2261194f72ee75afca67b3b38b554b5fa •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50749 – acct: fix potential integer overflow in encode_comp_t()
https://notcve.org/view.php?id=CVE-2022-50749
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: acct: fix potential integer overflow in encode_comp_t() The integer overflow is descripted with following codes: > 317 static comp_t encode_comp_t(u64 value) > 318 { > 319 int exp, rnd; ...... > 341 exp <<= MANTSIZE; > 342 exp += value; > 343 return exp; > 344 } Currently comp_t is defined as type of '__u16', but the variable 'exp' is type of 'int', so overflow would happen when variable 'exp' in line 343 is greater than 65535. In the Linux... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50747 – hfs: Fix OOB Write in hfs_asc2mac
https://notcve.org/view.php?id=CVE-2022-50747
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hfs: Fix OOB Write in hfs_asc2mac Syzbot reported a OOB Write bug: loop0: detected capacity change from 0 to 64 ================================================================== BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0 fs/hfs/trans.c:133 Write of size 1 at addr ffff88801848314e by task syz-executor391/3632 Call Trace:
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50746 – erofs: validate the extent length for uncompressed pclusters
https://notcve.org/view.php?id=CVE-2022-50746
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: erofs: validate the extent length for uncompressed pclusters syzkaller reported a KASAN use-after-free: https://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2 The referenced fuzzed image actually has two issues: - m_pa == 0 as a non-inlined pcluster; - The logical length is longer than its physical length. The first issue has already been addressed. This patch addresses the second issue by checking the extent length validity. In the L... • https://git.kernel.org/stable/c/02827e1796b33f1794966f5c3101f8da2dfa9c1d •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-50740 – wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
https://notcve.org/view.php?id=CVE-2022-50740
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() Syzkaller reports a long-known leak of urbs in ath9k_hif_usb_dealloc_tx_urbs(). The cause of the leak is that usb_get_urb() is called but usb_free_urb() (or usb_put_urb()) is not called inside usb_kill_urb() as urb->dev or urb->ep fields have not been initialized and usb_kill_urb() returns immediately. The patch removes trying to kill urbs located in hif_dev->t... • https://git.kernel.org/stable/c/6f0706ef39fecc6bf56d67728fe0c94e26b43e9d •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-54069 – ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
https://notcve.org/view.php?id=CVE-2023-54069
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow When we calculate the end position of ext4_free_extent, this position may be exactly where ext4_lblk_t (i.e. uint) overflows. For example, if ac_g_ex.fe_logical is 4294965248 and ac_orig_goal_len is 2048, then the computed end is 0x100000000, which is 0. If ac->ac_o_ex.fe_logical is not the first case of adjusting the best extent, that is, new_bex_end > 0, the following BUG_ON will be ... • https://git.kernel.org/stable/c/8659c5f4ffaacbe932849b98462c3d635b4eacea •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-54067 – btrfs: fix race when deleting free space root from the dirty cow roots list
https://notcve.org/view.php?id=CVE-2023-54067
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting free space root from the dirty cow roots list When deleting the free space tree we are deleting the free space root from the list fs_info->dirty_cowonly_roots without taking the lock that protects it, which is struct btrfs_fs_info::trans_lock. This unsynchronized list manipulation may cause chaos if there's another concurrent manipulation of this list, such as when adding a root to it with ctree.c:add_root_to_d... • https://git.kernel.org/stable/c/a5ed91828518ab076209266c2bc510adabd078df •