CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50746 – erofs: validate the extent length for uncompressed pclusters
https://notcve.org/view.php?id=CVE-2022-50746
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: erofs: validate the extent length for uncompressed pclusters syzkaller reported a KASAN use-after-free: https://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2 The referenced fuzzed image actually has two issues: - m_pa == 0 as a non-inlined pcluster; - The logical length is longer than its physical length. The first issue has already been addressed. This patch addresses the second issue by checking the extent length validity. In the L... • https://git.kernel.org/stable/c/02827e1796b33f1794966f5c3101f8da2dfa9c1d •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50745 – staging: media: tegra-video: fix device_node use after free
https://notcve.org/view.php?id=CVE-2022-50745
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: media: tegra-video: fix device_node use after free At probe time this code path is followed: * tegra_csi_init * tegra_csi_channels_alloc * for_each_child_of_node(node, channel) -- iterates over channels * automatically gets 'channel' * tegra_csi_channel_alloc() * saves into chan->of_node a pointer to the channel OF node * automatically gets and puts 'channel' * now the node saved in chan->of_node has refcount 0, can disappear * teg... • https://git.kernel.org/stable/c/1ebaeb09830f36c1111b72a95420814225bd761c •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50744 – scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs
https://notcve.org/view.php?id=CVE-2022-50744
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs During I/O and simultaneous cat of /sys/kernel/debug/lpfc/fnX/rx_monitor, a hard lockup similar to the call trace below may occur. The spin_lock_bh in lpfc_rx_monitor_report is not protecting from timer interrupts as expected, so change the strength of the spin lock to _irq. Kernel panic - not syncing: Hard LOCKUP CPU: 3 PID: 110402 Comm: cat Kdump: loaded exception RIP: n... • https://git.kernel.org/stable/c/21d65b35169112af9b6f873c8eeab972e60107c2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50743 – erofs: Fix pcluster memleak when its block address is zero
https://notcve.org/view.php?id=CVE-2022-50743
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: erofs: Fix pcluster memleak when its block address is zero syzkaller reported a memleak: https://syzkaller.appspot.com/bug?id=62f37ff612f0021641eda5b17f056f1668aa9aed unreferenced object 0xffff88811009c7f8 (size 136): ... backtrace: [
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50742 – misc: ocxl: fix possible refcount leak in afu_ioctl()
https://notcve.org/view.php?id=CVE-2022-50742
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible refcount leak in afu_ioctl() eventfd_ctx_put need to be called to put the refcount that gotten by eventfd_ctx_fdget when ocxl_irq_set_handler fails. In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible refcount leak in afu_ioctl() eventfd_ctx_put need to be called to put the refcount that gotten by eventfd_ctx_fdget when ocxl_irq_set_handler fails. The SUSE Linux Enterprise 15... • https://git.kernel.org/stable/c/060146614643ddc5978c73ffac0329762b4651c9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50741 – media: imx-jpeg: Disable useless interrupt to avoid kernel panic
https://notcve.org/view.php?id=CVE-2022-50741
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Disable useless interrupt to avoid kernel panic There is a hardware bug that the interrupt STMBUF_HALF may be triggered after or when disable interrupt. It may led to unexpected kernel panic. And interrupt STMBUF_HALF and STMBUF_RTND have no other effect. So disable them and the unused interrupts. meanwhile clear the interrupt status when disable interrupt. In the Linux kernel, the following vulnerability has been resolved:... • https://git.kernel.org/stable/c/2db16c6ed72ce644d5639b3ed15e5817442db4ba •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-50740 – wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
https://notcve.org/view.php?id=CVE-2022-50740
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() Syzkaller reports a long-known leak of urbs in ath9k_hif_usb_dealloc_tx_urbs(). The cause of the leak is that usb_get_urb() is called but usb_free_urb() (or usb_put_urb()) is not called inside usb_kill_urb() as urb->dev or urb->ep fields have not been initialized and usb_kill_urb() returns immediately. The patch removes trying to kill urbs located in hif_dev->t... • https://git.kernel.org/stable/c/6f0706ef39fecc6bf56d67728fe0c94e26b43e9d •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50739 – fs/ntfs3: Add null pointer check for inode operations
https://notcve.org/view.php?id=CVE-2022-50739
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check for inode operations This adds a sanity check for the i_op pointer of the inode which is returned after reading Root directory MFT record. We should check the i_op is valid before trying to create the root dentry, otherwise we may encounter a NPD while mounting a image with a funny Root directory MFT record. [ 114.484325] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 114.484811] #PF: supe... • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50737 – fs/ntfs3: Validate index root when initialize NTFS security
https://notcve.org/view.php?id=CVE-2022-50737
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. [ 162.459513] BUG: KASAN: use-after-free in hdr_find_e.isra.0+0x10c/0x320 [ 162.460176] Read of size 2 at addr ffff8880037bca99 by task mount/243 [ 162.460851] [ 162.461252] CPU: 0 PID: 243 Comm: mount Not tainted 6.0.0-rc7 #42 [ 162.461744] Hardware name: QEMU ... • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-54077 – fs/ntfs3: Fix memory leak if ntfs_read_mft failed
https://notcve.org/view.php?id=CVE-2023-54077
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfs_read_mft failed Label ATTR_ROOT in ntfs_read_mft() sets is_root = true and ni->ni_flags |= NI_FLAG_DIR, then next attr will goto label ATTR_ALLOC and alloc ni->dir.alloc_run. However two states are not always consistent and can make memory leak. 1) attr_name in ATTR_ROOT does not fit the condition it will set is_root = true but NI_FLAG_DIR is not set. 2) next attr_name in ATTR_ALLOC fits the condition and a... • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •