CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50419 – Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
https://notcve.org/view.php?id=CVE-2022-50419
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times device_add shall not be called multiple times as stated in its documentation: 'Do not call this routine or device_register() more than once for any device structure' Syzkaller reports a bug as follows [1]: ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:33! invalid opcode: 0000 [#1] PREEMPT SMP KASAN [...] Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50417 – drm/panfrost: Fix GEM handle creation ref-counting
https://notcve.org/view.php?id=CVE-2022-50417
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix GEM handle creation ref-counting panfrost_gem_create_with_handle() previously returned a BO but with the only reference being from the handle, which user space could in theory guess and release, causing a use-after-free. Additionally if the call to panfrost_gem_mapping_get() in panfrost_ioctl_create_bo() failed then a(nother) reference on the BO was dropped. The _create_with_handle() is a problematic pattern, so ditch it a... • https://git.kernel.org/stable/c/f3ba91228e8e917e5bd6c4b72bfe846933d17370 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50415 – parisc: led: Fix potential null-ptr-deref in start_task()
https://notcve.org/view.php?id=CVE-2022-50415
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: led: Fix potential null-ptr-deref in start_task() start_task() calls create_singlethread_workqueue() and not checked the ret value, which may return NULL. And a null-ptr-deref may happen: start_task() create_singlethread_workqueue() # failed, led_wq is NULL queue_delayed_work() queue_delayed_work_on() __queue_delayed_work() # warning here, but continue __queue_work() # access wq->flags, null-ptr-deref Check the ret value and return ... • https://git.kernel.org/stable/c/3499495205a676d85fcc2f3c28e35ec9b43c47e3 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50414 – scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
https://notcve.org/view.php?id=CVE-2022-50414
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails fcoe_init() calls fcoe_transport_attach(&fcoe_sw_transport), but when fcoe_if_init() fails, &fcoe_sw_transport is not detached and leaves freed &fcoe_sw_transport on fcoe_transports list. This causes panic when reinserting module. BUG: unable to handle page fault for address: fffffbfff82e2213 RIP: 0010:fcoe_transport_attach+0xe1/0x230 [libfcoe] Call Trace:
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50412 – drm: bridge: adv7511: unregister cec i2c device after cec adapter
https://notcve.org/view.php?id=CVE-2022-50412
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: unregister cec i2c device after cec adapter cec_unregister_adapter() assumes that the underlying adapter ops are callable. For example, if the CEC adapter currently has a valid physical address, then the unregistration procedure will invalidate the physical address by setting it to f.f.f.f. Whence the following kernel oops observed after removing the adv7511 module: Unable to handle kernel execution of user memory at v... • https://git.kernel.org/stable/c/3b1b975003e4a3da4b93ab032487a3ae4afca7b5 • CWE-825: Expired Pointer Dereference •
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50411 – ACPICA: Fix error code path in acpi_ds_call_control_method()
https://notcve.org/view.php?id=CVE-2022-50411
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpi_ds_call_control_method() A use-after-free in acpi_ps_parse_aml() after a failing invocaion of acpi_ds_call_control_method() is reported by KASAN [1] and code inspection reveals that next_walk_state pushed to the thread by acpi_ds_create_walk_state() is freed on errors, but it is not popped from the thread beforehand. Thus acpi_ds_get_current_walk_state() called by acpi_ps_parse_aml() subsequently returns ... • https://git.kernel.org/stable/c/38e251d356a01b61a86cb35213cafd7e8fe7090c •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50410 – NFSD: Protect against send buffer overflow in NFSv2 READ
https://notcve.org/view.php?id=CVE-2022-50410
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has conserved the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array of pages. This works because there are no cases where an operation needs a large RPC Call message and a large RPC Reply at the same time. Once an RPC Call has been received, svc_process() updates svc_rqst::rq_res to describe the pa... • https://git.kernel.org/stable/c/2007867c5874134f2271eb276398208070049dd3 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50409 – net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
https://notcve.org/view.php?id=CVE-2022-50409
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory Fixes the below NULL pointer dereference: [...] [ 14.471200] Call Trace: [ 14.471562]
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50408 – wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
https://notcve.org/view.php?id=CVE-2022-50408
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() > ret = brcmf_proto_tx_queue_data(drvr, ifp->ifidx, skb); may be schedule, and then complete before the line > ndev->stats.tx_bytes += skb->len; [ 46.912801] ================================================================== [ 46.920552] BUG: KASAN: use-after-free in brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac] [ 46.928673] Read of size 4 at addr ffffff803f5882e8 by task ... • https://git.kernel.org/stable/c/1613a7b24f1a7467cb727ba3ec77c9a808383560 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50407 – crypto: hisilicon/qm - increase the memory of local variables
https://notcve.org/view.php?id=CVE-2022-50407
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' is only 32 bytes. The sscanf does not check the dest memory length. So the 'val buffer' may stack overflow. • https://git.kernel.org/stable/c/263c9959c9376ec0217d6adc61222a53469eed3c •