CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-50337 – ocxl: fix pci device refcount leak when calling get_function_0()
https://notcve.org/view.php?id=CVE-2022-50337
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ocxl: fix pci device refcount leak when calling get_function_0() get_function_0() calls pci_get_domain_bus_and_slot(), as comment says, it returns a pci device with refcount increment, so after using it, pci_dev_put() needs be called. Get the device reference when get_function_0() is not called, so pci_dev_put() can be called in the error path and callers unconditionally. And add comment above get_dvsec_vendor0() to tell callers to call pci... • https://git.kernel.org/stable/c/87db7579ebd5ded337056eb765542eb2608f16e3 •
CVSS: 7.1EPSS: %CPEs: 4EXPL: 0CVE-2022-50336 – fs/ntfs3: Add null pointer check to attr_load_runs_vcn
https://notcve.org/view.php?id=CVE-2022-50336
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check to attr_load_runs_vcn Some metadata files are handled before MFT. This adds a null pointer check for some corner cases that could lead to NPD while reading these metadata files for a malformed NTFS image. [ 240.190827] BUG: kernel NULL pointer dereference, address: 0000000000000158 [ 240.191583] #PF: supervisor read access in kernel mode [ 240.191956] #PF: error_code(0x0000) - not-present page [ 240.192391] ... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2022-50335 – 9p: set req refcount to zero to avoid uninitialized usage
https://notcve.org/view.php?id=CVE-2022-50335
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the refcount will be zero if it is reused, but if the request is newly allocated from slab, it is not fully initialized before being added to idr. If the p9_read_work got a response before the refcount initiated. It will use a uninitialized req, which will result in a bad request data struct. Here is the logs from syzbot. Corrupted memory at 0xffff888... • https://git.kernel.org/stable/c/728356dedeff8ef999cb436c71333ef4ac51a81c •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2022-50334 – hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
https://notcve.org/view.php?id=CVE-2022-50334
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() Syzkaller reports a null-ptr-deref bug as follows: ====================================================== KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:hugetlbfs_parse_param+0x1dd/0x8e0 fs/hugetlbfs/inode.c:1380 [...] Call Trace:
CVSS: 7.1EPSS: %CPEs: 9EXPL: 0CVE-2022-50333 – fs: jfs: fix shift-out-of-bounds in dbDiscardAG
https://notcve.org/view.php?id=CVE-2022-50333
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding the dbMount. As syzbot feeding rubbish into the bmap descriptor. In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding the dbMount. As syzbot feeding rubbish into the bmap de... • https://git.kernel.org/stable/c/f8d4d0bac603616e2fa4a3907e81ed13f8f3c380 •
CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2022-50332 – video/aperture: Call sysfb_disable() before removing PCI devices
https://notcve.org/view.php?id=CVE-2022-50332
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: video/aperture: Call sysfb_disable() before removing PCI devices Call sysfb_disable() from aperture_remove_conflicting_pci_devices() before removing PCI devices. Without, simpledrm can still bind to simple-framebuffer devices after the hardware driver has taken over the hardware. Both drivers interfere with each other and results are undefined. Reported modesetting errors [1] are shown below. ---- snap ---- rcu: INFO: rcu_sched detected exp... • https://git.kernel.org/stable/c/cfecfc98a78d97a49807531b5b224459bda877de •
CVSS: 6.2EPSS: %CPEs: 3EXPL: 0CVE-2022-50331 – wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new()
https://notcve.org/view.php?id=CVE-2022-50331
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() Inject fault while probing module, if device_register() fails, but the refcount of kobject is not decreased to 0, the name allocated in dev_set_name() is leaked. Fix this by calling put_device(), so that name can be freed in callback function kobject_cleanup(). unreferenced object 0xffff88810152ad20 (size 8): comm "modprobe", pid 252, jiffies 4294849206 (age 22.713s) hex dump (fir... • https://git.kernel.org/stable/c/f36a111a74e71edbba27d4c0cf3d7bbccc172108 •
CVSS: 9.4EPSS: %CPEs: 8EXPL: 0CVE-2022-50330 – crypto: cavium - prevent integer overflow loading firmware
https://notcve.org/view.php?id=CVE-2022-50330
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "ntohl(ucode->code_length) * 2" multiplication can hav... • https://git.kernel.org/stable/c/9e2c7d99941d000a36f68a3594cec27a1bbea274 •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2022-50329 – block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq
https://notcve.org/view.php?id=CVE-2022-50329
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq Commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") will access 'bic->bfqq' in bic_set_bfqq(), however, bfq_exit_icq_bfqq() can free bfqq first, and then call bic_set_bfqq(), which will cause uaf. Fix the problem by moving bfq_exit_bfqq() behind bic_set_bfqq(). In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bfq_exit_icq_bf... • https://git.kernel.org/stable/c/094f3d9314d67691cb21ba091c1b528f6e3c4893 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2022-50328 – jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
https://notcve.org/view.php?id=CVE-2022-50328
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2_fc_wait_bufs In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count which may lead to use-after-free. So judge buffer if uptodate before put buffer head reference count. In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2_fc_wait_bufs In 'jbd2_fc_wait_bufs' use 'bh' after put buffer head reference count which may lead to use-... • https://git.kernel.org/stable/c/1d4d16daec2a6689b6d3fbfc7d2078643adc6619 •