CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50109 – video: fbdev: amba-clcd: Fix refcount leak bugs
https://notcve.org/view.php?id=CVE-2022-50109
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: amba-clcd: Fix refcount leak bugs In clcdfb_of_init_display(), we should call of_node_put() for the references returned by of_graph_get_next_endpoint() and of_graph_get_remote_port_parent() which have increased the refcount. Besides, we should call of_node_put() both in fail path or when the references are not used anymore. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: amba-clcd: Fix refcoun... • https://git.kernel.org/stable/c/d10715be03bd8bad59ddc50236cb140c3bd73c7b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50106 – powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
https://notcve.org/view.php?id=CVE-2022-50106
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address of_get_next_parent() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() in the error path to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address of_get_next_parent() returns a node pointer with... • https://git.kernel.org/stable/c/ce21b3c9648ae55181787bf25ee00cf91dfd5c91 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50105 – powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
https://notcve.org/view.php?id=CVE-2022-50105
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader of_find_node_by_path() returns remote device nodepointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader of_find_node_by_path() returns remote device nodepointer with refcount ... • https://git.kernel.org/stable/c/0afacde3df4c9980f505d9afd7cb0058389732ca •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50102 – video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
https://notcve.org/view.php?id=CVE-2022-50102
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Since the user can control the arguments of the ioctl() from the user space, under special arguments that may result in a divide-by-zero bug in: drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul); with hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0. and then in: drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par-... • https://git.kernel.org/stable/c/681e14730c73cc2c71af282c001de6bc71c22f00 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50101 – video: fbdev: vt8623fb: Check the size of screen before memset_io()
https://notcve.org/view.php?id=CVE-2022-50101
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vt8623fb: Check the size of screen before memset_io() In the function vt8623fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 583.339036] BUG: unable to handle page fault for address: ffffc90005000000 [ 583.339049] #PF: supervisor write access in kernel mode [ 583... • https://git.kernel.org/stable/c/558b7bd86c32978648cda5deb5c758d77ef0c165 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50099 – video: fbdev: arkfb: Check the size of screen before memset_io()
https://notcve.org/view.php?id=CVE-2022-50099
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memset_io() In the function arkfb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 659.399066] BUG: unable to handle page fault for address: ffffc90003000000 [ 659.399077] #PF: supervisor write access in kernel mode [ 659.39907... • https://git.kernel.org/stable/c/681e14730c73cc2c71af282c001de6bc71c22f00 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50097 – video: fbdev: s3fb: Check the size of screen before memset_io()
https://notcve.org/view.php?id=CVE-2022-50097
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memset_io() In the function s3fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000 [ 54.083742] #PF: supervisor write access in kernel mode [ 54.083744] #P... • https://git.kernel.org/stable/c/a268422de8bf1b4c0cb97987b6c329c9f6a3da4b •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50093 – iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
https://notcve.org/view.php?id=CVE-2022-50093
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) KASAN reports: [ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497) [ 4.676149][ T0] Read of size 8 at addr 1fffffff85115558 by task swapper/0/0 [ 4.683454][ T0] [ 4.685... • https://git.kernel.org/stable/c/ee34b32d8c2950f66038c8975747ef9aec855289 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50092 – dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
https://notcve.org/view.php?id=CVE-2022-50092
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80 Read of size 8 at addr ffff8881b9d50068 by task dmsetup/950 CPU: 7 PID: 950 Comm: dmsetup Tainted: G W 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50087 – firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
https://notcve.org/view.php?id=CVE-2022-50087
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails. In the Linux kernel, the following vulnerabili... • https://git.kernel.org/stable/c/5aa558232edc30468d1f35108826dd5b3ffe978f •