CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50176 – drm/mcde: Fix refcount leak in mcde_dsi_bind
https://notcve.org/view.php?id=CVE-2022-50176
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/mcde: Fix refcount leak in mcde_dsi_bind Every iteration of for_each_available_child_of_node() decrements the reference counter of the previous node. There is no decrement when break out from the loop and results in refcount leak. Add missing of_node_put() to fix this. In the Linux kernel, the following vulnerability has been resolved: drm/mcde: Fix refcount leak in mcde_dsi_bind Every iteration of for_each_available_child_of_node() dec... • https://git.kernel.org/stable/c/5fc537bfd00033a3f813330175f7f12c25957ebf •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50175 – media: tw686x: Fix memory leak in tw686x_video_init
https://notcve.org/view.php?id=CVE-2022-50175
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: tw686x: Fix memory leak in tw686x_video_init video_device_alloc() allocates memory for vdev, when video_register_device() fails, it doesn't release the memory and leads to memory leak, call video_device_release() to fix this. In the Linux kernel, the following vulnerability has been resolved: media: tw686x: Fix memory leak in tw686x_video_init video_device_alloc() allocates memory for vdev, when video_register_device() fails, it does... • https://git.kernel.org/stable/c/704a84ccdbf19fdce9adfda0b936dfdcac52fa49 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50174 – net: hinic: avoid kernel hung in hinic_get_stats64()
https://notcve.org/view.php?id=CVE-2022-50174
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: hinic: avoid kernel hung in hinic_get_stats64() When using hinic device as a bond slave device, and reading device stats of master bond device, the kernel may hung. The kernel panic calltrace as follows: Kernel panic - not syncing: softlockup: hung tasks Call trace: native_queued_spin_lock_slowpath+0x1ec/0x31c dev_get_stats+0x60/0xcc dev_seq_printf_stats+0x40/0x120 dev_seq_show+0x1c/0x40 seq_read_iter+0x3c8/0x4dc seq_read+0xe0/0x130 pr... • https://git.kernel.org/stable/c/edd384f682cc2981420628b769a1929db680f02f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50173 – drm/msm/mdp5: Fix global state lock backoff
https://notcve.org/view.php?id=CVE-2022-50173
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case. Otherwise, we could have hit contention yet still returned 0. Fixes an issue that the new CONFIG_DRM_DEBUG_MODESET_LOCK stuff flagged in CI: WARNING: CPU: 0 PID: 282 at drivers/gpu/drm/drm_modeset_lock.c:296 drm_modeset_lock+0xf8/0x154 Modules linked in: CPU: 0 PID: 282 Comm: kms_cursor_lega Tainted: G W 5.19.0-rc2-15930-g875cc8bc53... • https://git.kernel.org/stable/c/776f5c58bfe16cf322d71eeed3c5dda1eeac7e6b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50172 – mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
https://notcve.org/view.php?id=CVE-2022-50172
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg Free the skb if mt76u_bulk_msg fails in __mt76x02u_mcu_send_msg routine. • https://git.kernel.org/stable/c/4c89ff2c74e39b60f1f6e650721f6f92f007ea5b •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50169 – wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
https://notcve.org/view.php?id=CVE-2022-50169
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a single byte is initialized. However, we need to initialize the whole buffer to prevent information leaks. Just use memdup_user(). In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a ... • https://git.kernel.org/stable/c/ff974e4083341383d3dd4079e52ed30f57f376f0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50167 – bpf: fix potential 32-bit overflow when accessing ARRAY map element
https://notcve.org/view.php?id=CVE-2022-50167
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elem_size are u32. Fix this everywhere by forcing 64-bit multiplication. Extract this formula into separate small helper and use it consistently in various places. Speculative-preventing formula utilizing index_mask trick is left as is, but explicit u64 casts are added in bo... • https://git.kernel.org/stable/c/c85d69135a9175c50a823d04d62d932312d037b3 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50166 – Bluetooth: When HCI work queue is drained, only queue chained work
https://notcve.org/view.php?id=CVE-2022-50166
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 ("Bluetooth: Call drain_workqueue() before resetting state"). There is another delayed work, which will queue command to this drained workqueue. Which results in the following error report: Bluetooth: hci2: command 0x040f tx timeout WARNING: CPU: 1 PID: 18374 at k... • https://git.kernel.org/stable/c/76727c02c1e14a2b561b806fa1d08acc1619ad27 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50165 – wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
https://notcve.org/view.php?id=CVE-2022-50165
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` Commit 7a4836560a61 changes simple_write_to_buffer() with memdup_user() but it forgets to change the value to be returned that came from simple_write_to_buffer() call. It results in the following warning: warning: variable 'rc' is uninitialized when used here [-Wuninitialized] return rc; ^~ Remove rc variable and just return the passed in length if the memdup_u... • https://git.kernel.org/stable/c/ff974e4083341383d3dd4079e52ed30f57f376f0 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50164 – wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
https://notcve.org/view.php?id=CVE-2022-50164
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue After successfull station association, if station queues are disabled for some reason, the related lists are not emptied. So if some new element is added to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old one and produce a BUG like this: [ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1... • https://git.kernel.org/stable/c/cfbc6c4c5b91c7725ef14465b98ac347d31f2334 •