CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50676 – net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
https://notcve.org/view.php?id=CVE-2022-50676
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() syzbot is reporting lockdep warning at rds_tcp_reset_callbacks() [1], for commit ac3615e7f3cffe2a ("RDS: TCP: Reduce code duplication in rds_tcp_reset_callbacks()") added cancel_delayed_work_sync() into a section protected by lock_sock() without realizing that rds_send_xmit() might call lock_sock(). We don't need to protect cancel_delayed_work_sync() using lo... • https://git.kernel.org/stable/c/ac3615e7f3cffe2a1a6b25172dfd09e138593d82 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50673 – ext4: fix use-after-free in ext4_orphan_cleanup
https://notcve.org/view.php?id=CVE-2022-50673
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0 Read of size 8 at addr ffff88814b13f378 by task mount/710 CPU: 1 PID: 710 Comm: mount Not tainted 6.1.0-rc3-next #370 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50672 – mailbox: zynq-ipi: fix error handling while device_register() fails
https://notcve.org/view.php?id=CVE-2022-50672
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while device_register() fails If device_register() fails, it has two issues: 1. The name allocated by dev_set_name() is leaked. 2. The parent of device is not NULL, device_unregister() is called in zynqmp_ipi_free_mboxes(), it will lead a kernel crash because of removing not added device. Call put_device() to give up the reference, so the name is freed in kobject_cleanup(). Add device registered check i... • https://git.kernel.org/stable/c/4981b82ba2ff87df6a711fcd7a233c615df5fc79 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50671 – RDMA/rxe: Fix "kernel NULL pointer dereference" error
https://notcve.org/view.php?id=CVE-2022-50671
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxe_queue_init in the function rxe_qp_init_req fails, both qp->req.task.func and qp->req.task.arg are not initialized. Because of creation of qp fails, the function rxe_create_qp will call rxe_qp_do_cleanup to handle allocated resource. Before calling __rxe_do_task, both qp->req.task.func and qp->req.task.arg should be checked. In the Linux kernel, the following vulnerability has be... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50670 – mmc: omap_hsmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50670
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: omap_hsmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). Fix this by checking the return value and goto error path wihch wi... • https://git.kernel.org/stable/c/a45c6cb816474cefe56059fce422a9bdcd77e0dc •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50669 – misc: ocxl: fix possible name leak in ocxl_file_register_afu()
https://notcve.org/view.php?id=CVE-2022-50669
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible name leak in ocxl_file_register_afu() If device_register() returns error in ocxl_file_register_afu(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(), and info is freed in info_release(). In the Linux kernel, the followin... • https://git.kernel.org/stable/c/75ca758adbafc81804c39b2c200ecdc819a6c042 •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50668 – ext4: fix deadlock due to mbcache entry corruption
https://notcve.org/view.php?id=CVE-2022-50668
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock due to mbcache entry corruption When manipulating xattr blocks, we can deadlock infinitely looping inside ext4_xattr_block_set() where we constantly keep finding xattr block for reuse in mbcache but we are unable to reuse it because its reference count is too big. This happens because cache entry for the xattr block is marked as reusable (e_reusable set) although its reference count is too big. When this inconsistency hap... • https://git.kernel.org/stable/c/6048c64b26097a0ffbd966866b599f990e674e9b •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50666 – RDMA/siw: Fix QP destroy to wait for all references dropped.
https://notcve.org/view.php?id=CVE-2022-50666
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix QP destroy to wait for all references dropped. Delay QP destroy completion until all siw references to QP are dropped. The calling RDMA core will free QP structure after successful return from siw_qp_destroy() call, so siw must not hold any remaining reference to the QP upon return. A use-after-free was encountered in xfstest generic/460, while testing NFSoRDMA. Here, after a TCP connection drop by peer, the triggered siw_cm_w... • https://git.kernel.org/stable/c/303ae1cdfdf7280ff4cfbbe65563b5ff15bb025b •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50664 – media: dvb-frontends: fix leak of memory fw
https://notcve.org/view.php?id=CVE-2022-50664
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: fix leak of memory fw • https://git.kernel.org/stable/c/55f51efdb696ff6e9d2056377d05268a97f3d4e4 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50662 – RDMA/hns: fix memory leak in hns_roce_alloc_mr()
https://notcve.org/view.php?id=CVE-2022-50662
09 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: fix memory leak in hns_roce_alloc_mr() When hns_roce_mr_enable() failed in hns_roce_alloc_mr(), mr_key is not released. Compiled test only. In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: fix memory leak in hns_roce_alloc_mr() When hns_roce_mr_enable() failed in hns_roce_alloc_mr(), mr_key is not released. Compiled test only. • https://git.kernel.org/stable/c/9b2cf76c9f052987ae5c4ad450ebebdc7c5d7b87 •