CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50349 – misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
https://notcve.org/view.php?id=CVE-2022-50349
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() If device_register() returns error in tifm_7xx1_switch_media(), name of kobject which is allocated in dev_set_name() called in device_add() is leaked. Never directly free @dev after calling device_register(), even if it returned an error! Always use put_device() to give up the reference initialized. This update provides the initial livepatch for this kernel update. This update... • https://git.kernel.org/stable/c/2428a8fe2261e901e058d9ea8b6ed7e1b4268b79 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50346 – ext4: init quota for 'old.inode' in 'ext4_rename'
https://notcve.org/view.php?id=CVE-2022-50346
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: init quota for 'old.inode' in 'ext4_rename' Syzbot found the following issue: ext4_parse_param: s_want_extra_isize=128 ext4_inode_info_init: s_want_extra_isize=32 ext4_rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828 new.inode=ffff88823869d7e8 new.dir=ffff888238699828 __ext4_mark_inode_dirty: inode=ffff888238699828 ea_isize=32 want_ea_size=128 __ext4_mark_inode_dirty: inode=ffff88823869a2c8 ea_isize=32 want_ea_size=128 ext4... • https://git.kernel.org/stable/c/6dd4ee7cab7e3a17c571aebd444f4344c8c4946e • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50344 – ext4: fix null-ptr-deref in ext4_write_info
https://notcve.org/view.php?id=CVE-2022-50344
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 PID: 1589 Comm: umount Not tainted 5.10.0-02219-dirty #339 RIP: 0010:ext4_write_info+0x53/0x1b0 [...] Call Trace: dquot_writeback_dquots+0x341/0x9a0 ext4_sync_fs+0x19e/0x800 __sync_filesystem+0x83/0x100 sync_files... • https://git.kernel.org/stable/c/a1177825719ccef3f76ef39bbfd5ebb6087d53c7 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50343 – rapidio: fix possible name leaks when rio_add_device() fails
https://notcve.org/view.php?id=CVE-2022-50343
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leaks when rio_add_device() fails Patch series "rapidio: fix three possible memory leaks". This patchset fixes three name leaks in error handling. - patch #1 fixes two name leaks while rio_add_device() fails. - patch #2 fixes a name leak while rio_register_mport() fails. This patch (of 2): If rio_add_device() returns error, the name allocated by dev_set_name() need be freed. It should use put_device() to give up t... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39833 – mISDN: hfcpci: Fix warning when deleting uninitialized timer
https://notcve.org/view.php?id=CVE-2025-39833
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mISDN: hfcpci: Fix warning when deleting uninitialized timer With CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads to the following splat: [ 250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0 [ 250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0 [ 250.218775] Modules linked in: hfcpci(-) mISDN_core [ 250.219537] CPU: 0 U... • https://git.kernel.org/stable/c/87c5fa1bb42624254a2013cbbc3b170d6017f5d6 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39829 – trace/fgraph: Fix the warning caused by missing unregister notifier
https://notcve.org/view.php?id=CVE-2025-39829
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning caused by missing unregister notifier This warning was triggered during testing on v6.16: notifier callback ftrace_suspend_notifier_call already registered WARNING: CPU: 2 PID: 86 at kernel/notifier.c:23 notifier_chain_register+0x44/0xb0 ... Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39828 – atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
https://notcve.org/view.php?id=CVE-2025-39828
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). syzbot reported the splat below. [0] When atmtcp_v_open() or atmtcp_v_close() is called via connect() or close(), atmtcp_send_control() is called to send an in-kernel special message. The message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length. Also, a pointer of struct atm_vcc is set to atmtcp_control.vcc. The notable thing is struct atmtcp_control is uAPI but has a space for... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39827 – net: rose: include node references in rose_neigh refcount
https://notcve.org/view.php?id=CVE-2025-39827
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: rose: include node references in rose_neigh refcount Current implementation maintains two separate reference counting mechanisms: the 'count' field in struct rose_neigh tracks references from rose_node structures, while the 'use' field (now refcount_t) tracks references from rose_sock. This patch merges these two reference counting systems using 'use' field for proper reference management. Specifically, this patch adds incrementing and... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39826 – net: rose: convert 'use' field to refcount_t
https://notcve.org/view.php?id=CVE-2025-39826
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: rose: convert 'use' field to refcount_t The 'use' field in struct rose_neigh is used as a reference counter but lacks atomicity. This can lead to race conditions where a rose_neigh structure is freed while still being referenced by other code paths. For example, when rose_neigh->use becomes zero during an ioctl operation via rose_rt_ioctl(), the structure may be removed while its timer is still active, potentially causing use-after-fre... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39813 – ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
https://notcve.org/view.php?id=CVE-2025-39813
16 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race condition. The issue occurs because: CPU0 (ftrace_dump) CPU1 (reader) echo z > /proc/sysrq-trigger !trace_empty(&iter) trace_iterator_reset(&iter) <- len = size = 0 cat /sys/kernel/tracing/trace_pipe trace_find_next_entry_inc(&iter) __f... • https://git.kernel.org/stable/c/d769041f865330034131525ee6a7f72eb4af2a24 •