CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50172 – mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
https://notcve.org/view.php?id=CVE-2022-50172
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg Free the skb if mt76u_bulk_msg fails in __mt76x02u_mcu_send_msg routine. • https://git.kernel.org/stable/c/4c89ff2c74e39b60f1f6e650721f6f92f007ea5b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50171 – crypto: hisilicon/sec - don't sleep when in softirq
https://notcve.org/view.php?id=CVE-2022-50171
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to deencrypt and decrypt packets during the softirq, it is not allowed to use mutex lock. The kernel will report the following error: BUG: scheduling while atomic: swapper/57/0/0x00000300 Call trace: dump_backtrace+0x0/0x1e4 show_stack+0x20/0x2c dump_stack+0xd8/0x140 __schedule_bug+0x68/0x80 __schedule+0x728/0x840 schedule+0x50/0xe0 schedule_preemp... • https://git.kernel.org/stable/c/416d82204df44ef727de6eafafeaa4d12fdc78dc •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50169 – wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
https://notcve.org/view.php?id=CVE-2022-50169
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a single byte is initialized. However, we need to initialize the whole buffer to prevent information leaks. Just use memdup_user(). In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a ... • https://git.kernel.org/stable/c/ff974e4083341383d3dd4079e52ed30f57f376f0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50167 – bpf: fix potential 32-bit overflow when accessing ARRAY map element
https://notcve.org/view.php?id=CVE-2022-50167
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elem_size are u32. Fix this everywhere by forcing 64-bit multiplication. Extract this formula into separate small helper and use it consistently in various places. Speculative-preventing formula utilizing index_mask trick is left as is, but explicit u64 casts are added in bo... • https://git.kernel.org/stable/c/c85d69135a9175c50a823d04d62d932312d037b3 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50166 – Bluetooth: When HCI work queue is drained, only queue chained work
https://notcve.org/view.php?id=CVE-2022-50166
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 ("Bluetooth: Call drain_workqueue() before resetting state"). There is another delayed work, which will queue command to this drained workqueue. Which results in the following error report: Bluetooth: hci2: command 0x040f tx timeout WARNING: CPU: 1 PID: 18374 at k... • https://git.kernel.org/stable/c/76727c02c1e14a2b561b806fa1d08acc1619ad27 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50165 – wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
https://notcve.org/view.php?id=CVE-2022-50165
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` Commit 7a4836560a61 changes simple_write_to_buffer() with memdup_user() but it forgets to change the value to be returned that came from simple_write_to_buffer() call. It results in the following warning: warning: variable 'rc' is uninitialized when used here [-Wuninitialized] return rc; ^~ Remove rc variable and just return the passed in length if the memdup_u... • https://git.kernel.org/stable/c/ff974e4083341383d3dd4079e52ed30f57f376f0 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50164 – wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
https://notcve.org/view.php?id=CVE-2022-50164
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue After successfull station association, if station queues are disabled for some reason, the related lists are not emptied. So if some new element is added to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old one and produce a BUG like this: [ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1... • https://git.kernel.org/stable/c/cfbc6c4c5b91c7725ef14465b98ac347d31f2334 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50163 – ax25: fix incorrect dev_tracker usage
https://notcve.org/view.php?id=CVE-2022-50163
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect dev_tracker usage While investigating a separate rose issue [1], and enabling CONFIG_NET_DEV_REFCNT_TRACKER=y, Bernard reported an orthogonal ax25 issue [2] An ax25_dev can be used by one (or many) struct ax25_cb. We thus need different dev_tracker, one per struct ax25_cb. After this patch is applied, we are able to focus on rose. [1] https://lore.kernel.org/netdev/fb7544a1-f42e-9254-18cc-c9b071f4ca70@free.fr/ [2] [ 205.... • https://git.kernel.org/stable/c/feef318c855a361a1eccd880f33e88c460eb63b4 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50162 – wifi: libertas: Fix possible refcount leak in if_usb_probe()
https://notcve.org/view.php?id=CVE-2022-50162
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in if_usb_probe() usb_get_dev will be called before lbs_get_firmware_async which means that usb_put_dev need to be called when lbs_get_firmware_async fails. In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in if_usb_probe() usb_get_dev will be called before lbs_get_firmware_async which means that usb_put_dev need to be called when lbs_ge... • https://git.kernel.org/stable/c/ce84bb69f50e6f6cfeabc9b965365290f4184417 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50161 – mtd: maps: Fix refcount leak in of_flash_probe_versatile
https://notcve.org/view.php?id=CVE-2022-50161
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in of_flash_probe_versatile of_find_matching_node_and_match() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in of_flash_probe_versatile of_find_matching_node_and_match() returns a node pointer with refcount ... • https://git.kernel.org/stable/c/b0afd44bc192ff4c0e90a5fc1724350bcfc32b33 •