CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50437 – drm/msm/hdmi: fix memory corruption with too many bridges
https://notcve.org/view.php?id=CVE-2022-50437
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork: https://patchwork.freedesktop.org/patch/502670/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: fix memory corruption with too many bridges Add the missing sanity check on the bridg... • https://git.kernel.org/stable/c/a3376e3ec81c5dd0622cbc187db76d2824d31c1c •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50436 – ext4: don't set up encryption key during jbd2 transaction
https://notcve.org/view.php?id=CVE-2022-50436
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: don't set up encryption key during jbd2 transaction Commit a80f7fcf1867 ("ext4: fixup ext4_fc_track_* functions' signature") extended the scope of the transaction in ext4_unlink() too far, making it include the call to ext4_find_entry(). However, ext4_find_entry() can deadlock when called from within a transaction because it may need to set up the directory's encryption key. Fix this by restoring the transaction to its original scope.... • https://git.kernel.org/stable/c/a80f7fcf18672ae4971a6b713b58c0d389aa99fe •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50435 – ext4: avoid crash when inline data creation follows DIO write
https://notcve.org/view.php?id=CVE-2022-50435
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written to using direct IO, there is nothing to clear the EXT4_STATE_MAY_INLINE_DATA flag. Thus when inode gets truncated later to say 1 byte and written using normal write, we will try to store the data as inline data. This confuses the code later because the inode now has both normal block and inline data allocated and the confusion manifests for examp... • https://git.kernel.org/stable/c/3b31cc533665899965e351aae6cc3c3f3b9cc076 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50434 – blk-mq: fix possible memleak when register 'hctx' failed
https://notcve.org/view.php?id=CVE-2022-50434
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault injection test: unreferenced object 0xffff888132a9f400 (size 512): comm "insmod", pid 308021, jiffies 4324277909 (age 509.733s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 08 f4 a9 32 81 88 ff ff ...........2.... 08 f4 a9 32 81 88 ff ff 00 00 00 00 00 00 00 00 ...2............ backtrace: [<00000000e8952bb4>] kmalloc_node_trace+0x22/0xa0 [<... • https://git.kernel.org/stable/c/654870789c3c1b9763316ef1c71d7a449127b175 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50433 – efi: ssdt: Don't free memory if ACPI table was loaded successfully
https://notcve.org/view.php?id=CVE-2022-50433
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: efi: ssdt: Don't free memory if ACPI table was loaded successfully Amadeusz reports KASAN use-after-free errors introduced by commit 3881ee0b1edc ("efi: avoid efivars layer when loading SSDTs from variables"). The problem appears to be that the memory that holds the new ACPI table is now freed unconditionally, instead of only when the ACPI core reported a failure to load the table. So let's fix this, by omitting the kfree() on success. In t... • https://git.kernel.org/stable/c/3881ee0b1edce0ece72d24b7c74f46b73bd6dcba •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50432 – kernfs: fix use-after-free in __kernfs_remove
https://notcve.org/view.php?id=CVE-2022-50432
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: kernfs: fix use-after-free in __kernfs_remove Syzkaller managed to trigger concurrent calls to kernfs_remove_by_name_ns() for the same file resulting in a KASAN detected use-after-free. The race occurs when the root node is freed during kernfs_drain(). To prevent this acquire an additional reference for the root of the tree that is removed before calling __kernfs_remove(). Found by syzkaller with the following reproducer (slab_nomerge is re... • https://git.kernel.org/stable/c/4dfd6a477a1525773469feaf3c514b2c0fef76b5 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50431 – ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
https://notcve.org/view.php?id=CVE-2022-50431
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() dev_set_name() in soundbus_add_one() allocates memory for name, it need be freed when of_device_register() fails, call soundbus_dev_put() to give up the reference that hold in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hit to 0. And other resources are also freed in i2sbus_release_dev(), so it can return 0 directly. In the Linux kernel, ... • https://git.kernel.org/stable/c/f3d9478b2ce468c3115b02ecae7e975990697f15 •
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50430 – mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
https://notcve.org/view.php?id=CVE-2022-50430
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING vub300_enable_sdio_irq() works with mutex and need TASK_RUNNING here. Ensure that we mark current as TASK_RUNNING for sleepable context. [ 77.554641] do not call blocking ops when !TASK_RUNNING; state=1 set at [
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50429 – memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
https://notcve.org/view.php?id=CVE-2022-50429
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() We should add the of_node_put() when breaking out of for_each_child_of_node() as it will automatically increase and decrease the refcount. In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() We should add the of_node_put() when breaking out of for_each_child_of_node() as it will automatically incr... • https://git.kernel.org/stable/c/976897dd96db94c74209d0a0671d7a73aa02fab9 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50428 – ext4: fix off-by-one errors in fast-commit block filling
https://notcve.org/view.php?id=CVE-2022-50428
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one errors in fast-commit block filling Due to several different off-by-one errors, or perhaps due to a late change in design that wasn't fully reflected in the code that was actually merged, there are several very strange constraints on how fast-commit blocks are filled with tlv entries: - tlvs must start at least 10 bytes before the end of the block, even though the minimum tlv length is 8. Otherwise, the replay code will... • https://git.kernel.org/stable/c/aa75f4d3daaeb1389b9cce9d6b84401eaf228d4e •