CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-54205 – pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
https://notcve.org/view.php?id=CVE-2023-54205
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain of_irq_find_parent() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add missing of_node_put() to avoid refcount leak. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/d86f4d71e42a9fa1866f030074e54d7571d16ec1 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50846 – mmc: via-sdmmc: fix return value check of mmc_add_host()
https://notcve.org/view.php?id=CVE-2022-50846
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). Fix this by checking the return value and goto error path which wil... • https://git.kernel.org/stable/c/f0bf7f61b8405224bc52fc9a3ccd167a68126e00 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50845 – ext4: fix inode leak in ext4_xattr_inode_create() on an error path
https://notcve.org/view.php?id=CVE-2022-50845
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4_xattr_inode_create() on an error path There is issue as follows when do setxattr with inject fault: [localhost]# fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 (12-Sep-2022) Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Unattached zero-length inode 15. Clear? no Unattached inode 15 Connect to /lost+found? no Pas... • https://git.kernel.org/stable/c/bd3b963b273e247e13979f98812a6e4979b5c1e4 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50843 – dm clone: Fix UAF in clone_dtr()
https://notcve.org/view.php?id=CVE-2022-50843
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dm clone: Fix UAF in clone_dtr() Dm_clone also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in clone_dtr(). The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/7431b7835f554f8608b415a02cf3c3f086309e02 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50842 – drm/virtio: Check whether transferred 2D BO is shmem
https://notcve.org/view.php?id=CVE-2022-50842
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether transferred 2D BO is shmem Transferred 2D BO always must be a shmem BO. Add check for that to prevent NULL dereference if userspace passes a VRAM BO. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/f651c8b055423057d9f41525dfdc37b4796015d1 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50840 – scsi: snic: Fix possible UAF in snic_tgt_create()
https://notcve.org/view.php?id=CVE-2022-50840
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snic_tgt_create() Smatch reports a warning as follows: drivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn: '&tgt->list' not removed from list If device_add() fails in snic_tgt_create(), tgt will be freed, but tgt->list will not be removed from snic->disc.tgt_list, then list traversal may cause UAF. Remove from snic->disc.tgt_list before free(). The SUSE Linux Enterprise 15 SP5 RT kernel was updated to f... • https://git.kernel.org/stable/c/c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50839 – jbd2: fix potential buffer head reference count leak
https://notcve.org/view.php?id=CVE-2022-50839
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential buffer head reference count leak As in 'jbd2_fc_wait_bufs' if buffer isn't uptodate, will return -EIO without update 'journal->j_fc_off'. But 'jbd2_fc_release_bufs' will release buffer head from ‘j_fc_off - 1’ if 'bh' is NULL will terminal release which will lead to buffer head buffer head reference count leak. To solve above issue, update 'journal->j_fc_off' before return -EIO. The SUSE Linux Enterprise 15 SP5 RT kernel... • https://git.kernel.org/stable/c/ff780b91efe901b8eecd8114785abae5341820ad •
CVSS: -EPSS: 0%CPEs: 11EXPL: 0CVE-2022-50838 – net: stream: purge sk_error_queue in sk_stream_kill_queues()
https://notcve.org/view.php?id=CVE-2022-50838
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: net: stream: purge sk_error_queue in sk_stream_kill_queues() Changheon Lee reported TCP socket leaks, with a nice repro. It seems we leak TCP sockets with the following sequence: 1) SOF_TIMESTAMPING_TX_ACK is enabled on the socket. Each ACK will cook an skb put in error queue, from __skb_tstamp_tx(). __skb_tstamp_tx() is using skb_clone(), unless SOF_TIMESTAMPING_OPT_TSONLY was also requested. 2) If the application is also using MSG_ZEROCOP... • https://git.kernel.org/stable/c/7737b104c211fa843de268b897d601e070292a72 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50836 – remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()
https://notcve.org/view.php?id=CVE-2022-50836
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() The kfree() should be called when of_irq_get_byname() fails or devm_request_threaded_irq() fails in qcom_add_sysmon_subdev(), otherwise there will be a memory leak, so add kfree() to fix it. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/027045a6e2b7cd81216e8a559534a30fb0782702 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50835 – jbd2: add miss release buffer head in fc_do_one_pass()
https://notcve.org/view.php?id=CVE-2022-50835
30 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: add miss release buffer head in fc_do_one_pass() In fc_do_one_pass() miss release buffer head after use which will lead to reference count leak. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/5b849b5f96b47d82b5a432d8b91a8ad260e1de46 •