CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50545 – r6040: Fix kmemleak in probe and remove
https://notcve.org/view.php?id=CVE-2022-50545
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: r6040: Fix kmemleak in probe and remove There is a memory leaks reported by kmemleak: unreferenced object 0xffff888116111000 (size 2048): comm "modprobe", pid 817, jiffies 4294759745 (age 76.502s) hex dump (first 32 bytes): 00 c4 0a 04 81 88 ff ff 08 10 11 16 81 88 ff ff ................ 08 10 11 16 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace: [
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50544 – usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
https://notcve.org/view.php?id=CVE-2022-50544
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() xhci_alloc_stream_info() allocates stream context array for stream_info ->stream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs, stream_info->stream_ctx_array is not released, which will lead to a memory leak. We can fix it by releasing the stream_info->stream_ctx_array with xhci_free_stream_ctx() on the error path to avoid the potential memory leak. In t... • https://git.kernel.org/stable/c/7fc6bab3413e6a42bb1264ff7c9149808c93a4c7 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50542 – media: si470x: Fix use-after-free in si470x_int_in_callback()
https://notcve.org/view.php?id=CVE-2022-50542
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470x_int_in_callback() syzbot reported use-after-free in si470x_int_in_callback() [1]. This indicates that urb->context, which contains struct si470x_device object, is freed when si470x_int_in_callback() is called. The cause of this issue is that si470x_int_in_callback() is called for freed urb. si470x_usb_driver_probe() calls si470x_start_usb(), which then calls usb_submit_urb() and si470x_start(). If... • https://git.kernel.org/stable/c/146bd005ebb01ae190c22af050cb98623958c373 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50541 – dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow
https://notcve.org/view.php?id=CVE-2022-50541
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow UDMA_CHAN_RT_*BCNT_REG stores the real-time channel bytecount statistics. These registers are 32-bit hardware counters and the driver uses these counters to monitor the operational progress status for a channel, when transferring more than 4GB of data it was observed that these counters overflow and completion calculation of a operation gets affected and the transf... • https://git.kernel.org/stable/c/d68da10b0cceb4177b653833e794b2923a4ffbd7 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50539 – ARM: OMAP2+: omap4-common: Fix refcount leak bug
https://notcve.org/view.php?id=CVE-2022-50539
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_... • https://git.kernel.org/stable/c/1d9452ae3bdb830f9309cf10a2f65977999cb14e •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50538 – vme: Fix error not catched in fake_init()
https://notcve.org/view.php?id=CVE-2022-50538
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: vme: Fix error not catched in fake_init() In fake_init(), __root_device_register() is possible to fail but it's ignored, which can cause unregistering vme_root fail when exit. general protection fault, probably for non-canonical address 0xdffffc000000008c KASAN: null-ptr-deref in range [0x0000000000000460-0x0000000000000467] RIP: 0010:root_device_unregister+0x26/0x60 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50537 – firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe()
https://notcve.org/view.php?id=CVE-2022-50537
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() In rpi_firmware_probe(), if mbox_request_channel() fails, the 'fw' will not be freed through rpi_firmware_delete(), fix this leak by calling kfree() in the error path. In the Linux kernel, the following vulnerability has been resolved: firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() In rpi_firmware_probe(), if mbox_request_channel() fails, the 'f... • https://git.kernel.org/stable/c/60831f5ae6c713afceb6d29f40899ed112f36059 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50536 – bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data
https://notcve.org/view.php?id=CVE-2022-50536
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data In tcp_bpf_send_verdict() redirection, the eval variable is assigned to __SK_REDIRECT after the apply_bytes data is sent, if msg has more_data, sock_put() will be called multiple times. We should reset the eval variable to __SK_NONE every time more_data starts. This causes: IPv4: Attempt to release TCP socket in state 1 00000000b4c925d7 ------------[ cut here ]-----------... • https://git.kernel.org/stable/c/5f0bfe21c853917aae4bc5a70fe57ddb4054443e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50535 – drm/amd/display: Fix potential null-deref in dm_resume
https://notcve.org/view.php?id=CVE-2022-50535
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'aconnector->dc_link' could be null [How] Check if dc_link null at the beginning of the loop, so further checks can be dropped. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'a... • https://git.kernel.org/stable/c/fd79b61af2782f8875c78f50cdb8630ec43e2990 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-53654 – octeontx2-af: Add validation before accessing cgx and lmac
https://notcve.org/view.php?id=CVE-2023-53654
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation before accessing cgx and lmac with the addition of new MAC blocks like CN10K RPM and CN10KB RPM_USX, LMACs are noncontiguous and CGX blocks are also noncontiguous. But during RVU driver initialization, the driver is assuming they are contiguous and trying to access cgx or lmac with their id which is resulting in kernel panic. This patch fixes the issue by adding proper checks. [ 23.219150] pc : cgx_lmac_read+0x3... • https://git.kernel.org/stable/c/91c6945ea1f9059fea886630d0fd8070740e2aaf •