CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53655 – rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed
https://notcve.org/view.php?id=CVE-2023-53655
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed Registering a kprobe on __rcu_irq_enter_check_tick() can cause kernel stack overflow as shown below. This issue can be reproduced by enabling CONFIG_NO_HZ_FULL and booting the kernel with argument "nohz_full=", and then giving the following commands at the shell prompt: # cd /sys/kernel/tracing/ # echo 'p:mp1 __rcu_irq_enter_check_tick' >> kprobe_events # echo 1 >... • https://git.kernel.org/stable/c/aaf2bc50df1f4bfc6857fc601fc7b21d5a18c6a1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50555 – tipc: fix a null-ptr-deref in tipc_topsrv_accept
https://notcve.org/view.php?id=CVE-2022-50555
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix a null-ptr-deref in tipc_topsrv_accept syzbot found a crash in tipc_topsrv_accept: KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] Workqueue: tipc_rcv tipc_topsrv_accept RIP: 0010:kernel_accept+0x22d/0x350 net/socket.c:3487 Call Trace:
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50554 – blk-mq: avoid double ->queue_rq() because of early timeout
https://notcve.org/view.php?id=CVE-2022-50554
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double ->queue_rq() because of early timeout David Jeffery found one double ->queue_rq() issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault in vCPU pthread, then block IO req could be timed out before queuing the request to hardware but after calling blk_mq_start_request() during ->queue_rq(), then timeout handler may handle it by requeue, then ... • https://git.kernel.org/stable/c/7a73c54a3750895888ab586896736c9434e062a1 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50553 – tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
https://notcve.org/view.php?id=CVE-2022-50553
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' When generate a synthetic event with many params and then create a trace action for it [1], kernel panic happened [2]. It is because that in trace_action_create() 'data->n_params' is up to SYNTH_FIELDS_MAX (current value is 64), and array 'data->var_ref_idx' keeps indices into array 'hist_data->var_refs' for each synthetic event param, but the length of 'data->var_ref_idx' is... • https://git.kernel.org/stable/c/38b67e60b6b582e81f9db1b2e7176cbbfbd3e574 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50552 – blk-mq: use quiesced elevator switch when reinitializing queues
https://notcve.org/view.php?id=CVE-2022-50552
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents requests from allocating and doesn't stop the hctx work from running. The work may get an elevator pointer that's being torn down, and can result in use-after-free errors and kernel panics (example below). Use the qui... • https://git.kernel.org/stable/c/63a681bcc32a43528ce0f690569f7f48e59c3963 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-50551 – wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
https://notcve.org/view.php?id=CVE-2022-50551
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() This patch fixes a shift-out-of-bounds in brcmfmac that occurs in BIT(chiprev) when a 'chiprev' provided by the device is too large. It should also not be equal to or greater than BITS_PER_TYPE(u32) as we do bitwise AND with a u32 variable and BIT(chiprev). The patch adds a check that makes the function return NULL if that is the case. Note that the NULL case is l... • https://git.kernel.org/stable/c/1db036d13e10809943c2dce553e2fa7fc9c6cd80 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50550 – blk-iolatency: Fix memory leak on add_disk() failures
https://notcve.org/view.php?id=CVE-2022-50550
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix memory leak on add_disk() failures When a gendisk is successfully initialized but add_disk() fails such as when a loop device has invalid number of minor device numbers specified, blkcg_init_disk() is called during init and then blkcg_exit_disk() during error handling. Unfortunately, iolatency gets initialized in the former but doesn't get cleaned up in the latter. This is because, in non-error cases, the cleanup is perfo... • https://git.kernel.org/stable/c/d70675121546c35feaceebf7ed9caed8716640f3 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50549 – dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
https://notcve.org/view.php?id=CVE-2022-50549
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata Following concurrent processes: P1(drop cache) P2(kworker) drop_caches_sysctl_handler drop_slab shrink_slab down_read(&shrinker_rwsem) - LOCK A do_shrink_slab super_cache_scan prune_icache_sb dispose_list evict ext4_evict_inode ext4_clear_inode ext4_discard_preallocations ext4_mb_load_buddy_gfp ext4_mb_init_cache ext4_read_block_bitmap_nowait ext4_read_bh_nowait submi... • https://git.kernel.org/stable/c/e49e582965b3694f07a106adc83ddb44aa4f0890 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50548 – media: i2c: hi846: Fix memory leak in hi846_parse_dt()
https://notcve.org/view.php?id=CVE-2022-50548
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: i2c: hi846: Fix memory leak in hi846_parse_dt() If any of the checks related to the supported link frequencies fail, then the V4L2 fwnode resources don't get released before returning, which leads to a memleak. Fix this by properly freeing the V4L2 fwnode data in a designated label. In the Linux kernel, the following vulnerability has been resolved: media: i2c: hi846: Fix memory leak in hi846_parse_dt() If any of the checks related t... • https://git.kernel.org/stable/c/e8c0882685f9152f0d729664a12bcbe749cb7736 •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50547 – media: solo6x10: fix possible memory leak in solo_sysfs_init()
https://notcve.org/view.php?id=CVE-2022-50547
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: fix possible memory leak in solo_sysfs_init() If device_register() returns error in solo_sysfs_init(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). In the Linux kernel, the following vulnerability has been resolved: media: so... • https://git.kernel.org/stable/c/dcae5dacbce518513abf7776cb450b7bd95d722b •