CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50725 – media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init()
https://notcve.org/view.php?id=CVE-2022-50725
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() KASAN reports a use-after-free: BUG: KASAN: use-after-free in dvb_dmxdev_release+0x4d5/0x5d0 [dvb_core] Call Trace: ... dvb_dmxdev_release+0x4d5/0x5d0 [dvb_core] vidtv_bridge_probe+0x7bf/0xa40 [dvb_vidtv_bridge] platform_probe+0xb6/0x170 ... Allocated by task 1238: ... dvb_register_device+0x1a7/0xa70 [dvb_core] dvb_dmxdev_init+0x2af/0x4a0 [dvb_core] vidtv_bridge_probe+0x766/0xa40 [... • https://git.kernel.org/stable/c/f90cf6079bf67988f8b1ad1ade70fc89d0080905 •
CVSS: 5.6EPSS: 0%CPEs: 11EXPL: 0CVE-2022-50724 – regulator: core: fix resource leak in regulator_register()
https://notcve.org/view.php?id=CVE-2022-50724
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix resource leak in regulator_register() I got some resource leak reports while doing fault injection test: OF: ERROR: memory leak, expected refcount 1 instead of 100, of_node_get()/of_node_put() unbalanced - destroy cset entry: attach overlay node /i2c/pmic@64/regulators/buck1 unreferenced object 0xffff88810deea000 (size 512): comm "490-i2c-rt5190a", pid 253, jiffies 4294859840 (age 5061.046s) hex dump (first 32 bytes): 0... • https://git.kernel.org/stable/c/0120ec32a7774b5061ced1a9a7ff833edd8b4cb6 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50723 – bnxt_en: fix memory leak in bnxt_nvm_test()
https://notcve.org/view.php?id=CVE-2022-50723
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix memory leak in bnxt_nvm_test() Free the kzalloc'ed buffer before returning in the success path. • https://git.kernel.org/stable/c/5b6ff128fdf60b08c67b9b50addadc8fb8da4410 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50722 – media: ipu3-imgu: Fix NULL pointer dereference in active selection access
https://notcve.org/view.php?id=CVE-2022-50722
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: media: ipu3-imgu: Fix NULL pointer dereference in active selection access What the IMGU driver did was that it first acquired the pointers to active and try V4L2 subdev state, and only then figured out which one to use. The problem with that approach and a later patch (see Fixes: tag) is that as sd_state argument to v4l2_subdev_get_try_crop() et al is NULL, there is now an attempt to dereference that. Fix this. Also rewrap lines a little. I... • https://git.kernel.org/stable/c/0d346d2a6f54f06f36b224fd27cd6eafe8c83be9 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50721 – dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg
https://notcve.org/view.php?id=CVE-2022-50721
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg The calling convention for pre_slave_sg is to return NULL on error and provide an error log to the system. Qcom-adm instead provide error pointer when an error occur. This indirectly cause kernel panic for example for the nandc driver that checks only if the pointer returned by device_prep_slave_sg is not NULL. Returning an error pointer makes nandc think the device_prep_sl... • https://git.kernel.org/stable/c/5c9f8c2dbdbe53818bcde6aa6695e1331e5f841f •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50720 – x86/apic: Don't disable x2APIC if locked
https://notcve.org/view.php?id=CVE-2022-50720
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC (or xAPIC), and Extended APIC (or x2APIC). X2APIC mode is mostly compatible with legacy APIC, but it disables the memory-mapped APIC interface in favor of one that uses MSRs. The APIC mode is controlled by the EXT bit in the APIC MSR. The MMIO/xAPIC interface has some problems, most notably the APIC LEAK [1]. This bug allows an attacker to use the APIC MMIO in... • https://git.kernel.org/stable/c/fb209bd891645bb87b9618b724f0b4928e0df3de •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50719 – ALSA: line6: fix stack overflow in line6_midi_transmit
https://notcve.org/view.php?id=CVE-2022-50719
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fix stack overflow in line6_midi_transmit Correctly calculate available space including the size of the chunk buffer. This fixes a buffer overflow when multiple MIDI sysex messages are sent to a PODxt device. In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fix stack overflow in line6_midi_transmit Correctly calculate available space including the size of the chunk buffer. This fixes a buffer ove... • https://git.kernel.org/stable/c/f2459201c72e8f8553644505eed19954d4c3a023 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50718 – drm/amdgpu: fix pci device refcount leak
https://notcve.org/view.php?id=CVE-2022-50718
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix pci device refcount leak As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). So before returning from amdgpu_device_resume|suspend_display_audio(), pci_dev_put() is called to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix pci dev... • https://git.kernel.org/stable/c/3f12acc8d6d4b2e62fab8f652d7075a859d80b42 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50717 – nvmet-tcp: add bounds check on Transfer Tag
https://notcve.org/view.php?id=CVE-2022-50717
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(), add a bounds check to avoid out-of-bounds access. In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(), add a bounds check to avoid out-of-bounds access. • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50716 – wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
https://notcve.org/view.php?id=CVE-2022-50716
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out syzkaller reported use-after-free with the stack trace like below [1]: [ 38.960489][ C3] ================================================================== [ 38.963216][ C3] BUG: KASAN: use-after-free in ar5523_cmd_tx_cb+0x220/0x240 [ 38.964950][ C3] Read of size 8 at addr ffff888048e03450 by task swapper/3/0 [ 38.966363][ C3] [ 38.967053][ C3] CPU: 3 PID: 0 Comm: swapper/3 Not tain... • https://git.kernel.org/stable/c/b7d572e1871df06a96a1c9591c71c5494ff6b624 •