CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50156 – HID: cp2112: prevent a buffer overflow in cp2112_xfer()
https://notcve.org/view.php?id=CVE-2022-50156
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: cp2112: prevent a buffer overflow in cp2112_xfer() Smatch warnings: drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'data->block[1]' too small (33 vs 255) drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'buf' too small (64 vs 255) The 'read_length' variable is provided by 'data->block[0]' which comes from user and it(read_length) can take a value between 0-255. Add an upper bound to 'read_length' variable to p... • https://git.kernel.org/stable/c/542134c0375b5ca2b1d18490c02b8a20bfdd8d74 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50153 – usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
https://notcve.org/view.php?id=CVE-2022-50153
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node... • https://git.kernel.org/stable/c/796bcae7361c28cf825780f6f1aac9dd3411394e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50152 – usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
https://notcve.org/view.php?id=CVE-2022-50152
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node... • https://git.kernel.org/stable/c/73108aa90cbfc663649885a06fe5c1235307de1c •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50146 – PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
https://notcve.org/view.php?id=CVE-2022-50146
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors If dw_pcie_ep_init() fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory leak. Add a cleanup-on-error path to fix these leaks. [bhelgaas: commit log] In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors... • https://git.kernel.org/stable/c/2fd0c9d966cc11bb5f73556dd788d12f501d8755 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50144 – soundwire: revisit driver bind/unbind and callbacks
https://notcve.org/view.php?id=CVE-2022-50144
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: soundwire: revisit driver bind/unbind and callbacks In the SoundWire probe, we store a pointer from the driver ops into the 'slave' structure. This can lead to kernel oopses when unbinding codec drivers, e.g. with the following sequence to remove machine driver and codec driver. /sbin/modprobe -r snd_soc_sof_sdw /sbin/modprobe -r snd_soc_rt711 The full details can be found in the BugLink below, for reference the two following examples show ... • https://git.kernel.org/stable/c/56d4fe31af77f684bed62fb8201e6327e6ddf4e6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50141 – mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
https://notcve.org/view.php?id=CVE-2022-50141
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. of_node_put() checks null pointer. In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch of_find_matching_nod... • https://git.kernel.org/stable/c/ea35645a3c66a74af92d3bbb4eb131220fc3e58a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50140 – memstick/ms_block: Fix a memory leak
https://notcve.org/view.php?id=CVE-2022-50140
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: memstick/ms_block: Fix a memory leak 'erased_blocks_bitmap' is never freed. As it is allocated at the same time as 'used_blocks_bitmap', it is likely that it should be freed also at the same time. Add the corresponding bitmap_free() in msb_data_clear(). In the Linux kernel, the following vulnerability has been resolved: memstick/ms_block: Fix a memory leak 'erased_blocks_bitmap' is never freed. As it is allocated at the same time as 'used_b... • https://git.kernel.org/stable/c/0ab30494bc4f3bc1ea4659b7c5d97c5218554a63 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50138 – RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()
https://notcve.org/view.php?id=CVE-2022-50138
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() __qedr_alloc_mr() allocates a memory chunk for "mr->info.pbl_table" with init_mr_info(). When rdma_alloc_tid() and rdma_register_tid() fail, "mr" is released while "mr->info.pbl_table" is not released, which will lead to a memory leak. We should release the "mr->info.pbl_table" with qedr_free_pbl() when error occurs to fix the memory leak. In the Linux kernel, the following vulnerabi... • https://git.kernel.org/stable/c/e0290cce6ac02f8e5ec501f25f6f6900f384550c •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50134 – RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
https://notcve.org/view.php?id=CVE-2022-50134
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() setup_base_ctxt() allocates a memory chunk for uctxt->groups with hfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groups is not released, which will lead to a memory leak. We should release the uctxt->groups with hfi1_free_ctxt_rcv_groups() when init_user_ctxt() fails. In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memor... • https://git.kernel.org/stable/c/e87473bc1b6c2cb08f1b760cfc8cd012822241a6 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50129 – RDMA/srpt: Fix a use-after-free
https://notcve.org/view.php?id=CVE-2022-50129
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srpt_port from regular members into pointers. Allocate the LIO port data structures from inside srpt_make_tport() and free these from inside srpt_make_tport(). Keep struct srpt_device as long as either an RDMA port or a LIO target port is associated with it. This patch decouples the lifetime of struct srpt_port (controlled by the RDMA core) and struct srpt_port_id (co... • https://git.kernel.org/stable/c/a42d985bd5b234da8b61347a78dc3057bf7bb94d •