CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50192 – spi: tegra20-slink: fix UAF in tegra_slink_remove()
https://notcve.org/view.php?id=CVE-2022-50192
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: tegra20-slink: fix UAF in tegra_slink_remove() After calling spi_unregister_master(), the refcount of master will be decrease to 0, and it will be freed in spi_controller_release(), the device data also will be freed, so it will lead a UAF when using 'tspi'. To fix this, get the master before unregister and put it when finish using it. In the Linux kernel, the following vulnerability has been resolved: spi: tegra20-slink: fix UAF in te... • https://git.kernel.org/stable/c/26c863418221344b1cfb8e6c11116b2b81144281 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50191 – regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
https://notcve.org/view.php?id=CVE-2022-50191
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in of_get_regulation_constraints() We should call the of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount. In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in of_get_regulation_constraints() We should call the of_node_put() for the reference returned by of_get_child_by_name() which has increased the re... • https://git.kernel.org/stable/c/40e20d68bb3fb1ce2704c886d597918988d3321d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50190 – spi: Fix simplification of devm_spi_register_controller
https://notcve.org/view.php?id=CVE-2022-50190
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: Fix simplification of devm_spi_register_controller This reverts commit 59ebbe40fb51 ("spi: simplify devm_spi_register_controller"). If devm_add_action() fails in devm_add_action_or_reset(), devm_spi_unregister() will be called, it decreases the refcount of 'ctlr->dev' to 0, then it will cause uaf in the drivers that calling spi_put_controller() in error path. In the Linux kernel, the following vulnerability has been resolved: spi: Fix ... • https://git.kernel.org/stable/c/59ebbe40fb51e307032ae7f63b2749fad2d4635a •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50189 – tools/power turbostat: Fix file pointer leak
https://notcve.org/view.php?id=CVE-2022-50189
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix file pointer leak Currently if a fscanf fails then an early return leaks an open file pointer. Fix this by fclosing the file before the return. Detected using static analysis with cppcheck: tools/power/x86/turbostat/turbostat.c:2039:3: error: Resource leak: fp [resourceLeak] In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix file pointer leak Currently if a fscanf fails ... • https://git.kernel.org/stable/c/eae97e053fe306edbbe60c934031edf9a8affd3f •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50188 – drm/meson: Fix refcount leak in meson_encoder_hdmi_init
https://notcve.org/view.php?id=CVE-2022-50188
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount leak in meson_encoder_hdmi_init of_find_device_by_node() takes reference, we should use put_device() to release it when not need anymore. Add missing put_device() in error path to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount leak in meson_encoder_hdmi_init of_find_device_by_node() takes reference, we should use put_device() to release it when not nee... • https://git.kernel.org/stable/c/0af5e0b41110e2da872030395231ab19c45be931 •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50187 – ath11k: fix netdev open race
https://notcve.org/view.php?id=CVE-2022-50187
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: fix netdev open race Make sure to allocate resources needed before registering the device. This specifically avoids having a racing open() trigger a BUG_ON() in mod_timer() when ath11k_mac_op_start() is called before the mon_reap_timer as been set up. I did not see this issue with next-20220310, but I hit it on every probe with next-20220511. Perhaps some timing changed in between. Here's the backtrace: [ 51.346947] kernel BUG at ke... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50186 – ath11k: fix missing skb drop on htc_tx_completion error
https://notcve.org/view.php?id=CVE-2022-50186
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ath11k: fix missing skb drop on htc_tx_completion error On htc_tx_completion error the skb is not dropped. This is wrong since the completion_handler logic expect the skb to be consumed anyway even when an error is triggered. Not freeing the skb on error is a memory leak since the skb won't be freed anywere else. Correctly free the packet on eid >= ATH11K_HTC_EP_COUNT before returning. Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAH... • https://git.kernel.org/stable/c/f951380a6022440335f668f85296096ba13071ba •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50185 – drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
https://notcve.org/view.php?id=CVE-2022-50185
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() The last case label can write two buffers 'mc_reg_address[j]' and 'mc_data[j]' with 'j' offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE since there are no checks for this value in both case labels after the last 'j++'. Instead of changing '>' to '>=' there, add the bounds check at the start of the second 'case' (the first one already has it). Also, remove redunda... • https://git.kernel.org/stable/c/69e0b57a91adca2e3eb56ed4db39ab90f3ae1043 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50184 – drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init
https://notcve.org/view.php?id=CVE-2022-50184
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init of_graph_get_remote_node() returns remote device nodepointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init of_graph_get_remote_node() returns remote device node... • https://git.kernel.org/stable/c/1c5439a716122cd86530d261cd1bf7ba43b3cdd8 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50183 – drm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init
https://notcve.org/view.php?id=CVE-2022-50183
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init of_graph_get_remote_node() returns remote device nodepointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init of_graph_get_remote_node() returns remote device node... • https://git.kernel.org/stable/c/318ba02cd8a8bacd20a4fe29edff3c0931d17ded •