CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50870 – powerpc/rtas: avoid device tree lookups in rtas_os_term()
https://notcve.org/view.php?id=CVE-2022-50870
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtas_os_term() rtas_os_term() is called during panic. Its behavior depends on a couple of conditions in the /rtas node of the device tree, the traversal of which entails locking and local IRQ state changes. If the kernel panics while devtree_lock is held, rtas_os_term() as currently written could hang. Instead of discovering the relevant characteristics at panic time, cache them in file-static vari... • https://git.kernel.org/stable/c/088186ded490ced80758200cf8f906ed741df306 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50869 – fs/ntfs3: Fix slab-out-of-bounds in r_page
https://notcve.org/view.php?id=CVE-2022-50869
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds in r_page When PAGE_SIZE is 64K, if read_log_page is called by log_read_rst for the first time, the size of *buffer would be equal to DefaultLogPageSize(4K).But for *buffer operations like memcpy, if the memory area size(n) which being assigned to buffer is larger than 4K (log->page_size(64K) or bytes(64K-page_off)), it will cause an out of boundary error. Call trace: [...] kasan_report+0x44/0x130 check_memo... • https://git.kernel.org/stable/c/b46acd6a6a627d876898e1c84d3f84902264b445 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50868 – hwrng: amd - Fix PCI device refcount leak
https://notcve.org/view.php?id=CVE-2022-50868
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak for_each_pci_dev() is implemented by pci_get_device(). The comment of pci_get_device() says that it will increase the reference count for the returned pci_dev and also decrease the reference count for the input pci_dev @from if it is not NULL. If we break for_each_pci_dev() loop with pdev not NULL, we need to call pci_dev_put() to decrease the reference count. Add the missing pci_dev_put() for the n... • https://git.kernel.org/stable/c/96d63c0297ccfd6d9059c614b3f5555d9441a2b3 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50867 – drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage
https://notcve.org/view.php?id=CVE-2022-50867
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage adreno_show_object() is a trap! It will re-allocate the pointer it is passed on first call, when the data is ascii85 encoded, using kvmalloc/ kvfree(). Which means the data *passed* to it must be kvmalloc'd, ie. we cannot use the state_kcalloc() helper. This partially reverts commit ec8f1813bf8d ("drm/msm/a6xx: Replace kcalloc() with kvzalloc()"), but adds the missing kvfree() to fix the mem... • https://git.kernel.org/stable/c/b859f9b009bbfbc236d9b076c64c59ccb41b8737 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50866 – ASoC: pxa: fix null-pointer dereference in filter()
https://notcve.org/view.php?id=CVE-2022-50866
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter() kasprintf() would return NULL pointer when kmalloc() fail to allocate. Need to check the return pointer before calling strcmp(). The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/7a824e214e25a49442fe868dac0af8a904b24f58 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50865 – tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
https://notcve.org/view.php?id=CVE-2022-50865
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and in tcp_add_backlog(), the variable limit is caculated by adding sk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value of int and overflow. This patch reduces the limit budget by halving the sndbuf to solve this issue since ACK packets are much smaller than the payload. An update for kernel-rt is now available ... • https://git.kernel.org/stable/c/c9c3321257e1b95be9b375f811fb250162af8d39 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50864 – nilfs2: fix shift-out-of-bounds due to too large exponent of block size
https://notcve.org/view.php?id=CVE-2022-50864
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field s_log_block_size of superblock data is corrupted and too large, init_nilfs() and load_nilfs() still can trigger a shift-out-of-bounds warning followed by a kernel panic (if panic_on_warn is set): shift exponent 38973 is too large for 32-bit type 'int' Call Trace:
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50863 – wifi: rtw89: free unused skb to prevent memory leak
https://notcve.org/view.php?id=CVE-2022-50863
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: free unused skb to prevent memory leak This avoid potential memory leak under power saving mode. • https://git.kernel.org/stable/c/fc5f311fce742d906294360e378c1df631d2d692 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50862 – bpf: prevent decl_tag from being referenced in func_proto
https://notcve.org/view.php?id=CVE-2022-50862
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: prevent decl_tag from being referenced in func_proto Syzkaller was able to hit the following issue: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 3609 at kernel/bpf/btf.c:1946 btf_type_id_size+0x2d5/0x9d0 kernel/bpf/btf.c:1946 Modules linked in: CPU: 0 PID: 3609 Comm: syz-executor361 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 R... • https://git.kernel.org/stable/c/bd16dee66ae4de3f1726c69ac901d2b7a53b0c86 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50861 – NFSD: Finish converting the NFSv2 GETACL result encoder
https://notcve.org/view.php?id=CVE-2022-50861
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Finish converting the NFSv2 GETACL result encoder The xdr_stream conversion inadvertently left some code that set the page_len of the send buffer. The XDR stream encoders should handle this automatically now. This oversight adds garbage past the end of the Reply message. Clients typically ignore the garbage, but NFSD does not need to send it, as it leaks stale memory contents onto the wire. The SUSE Linux Enterprise 15 SP5 RT kernel w... • https://git.kernel.org/stable/c/f8cba47344f794b54373189bec23195b51020faf •