CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50185 – drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
https://notcve.org/view.php?id=CVE-2022-50185
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() The last case label can write two buffers 'mc_reg_address[j]' and 'mc_data[j]' with 'j' offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE since there are no checks for this value in both case labels after the last 'j++'. Instead of changing '>' to '>=' there, add the bounds check at the start of the second 'case' (the first one already has it). Also, remove redunda... • https://git.kernel.org/stable/c/69e0b57a91adca2e3eb56ed4db39ab90f3ae1043 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50184 – drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init
https://notcve.org/view.php?id=CVE-2022-50184
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init of_graph_get_remote_node() returns remote device nodepointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init of_graph_get_remote_node() returns remote device node... • https://git.kernel.org/stable/c/1c5439a716122cd86530d261cd1bf7ba43b3cdd8 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50183 – drm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init
https://notcve.org/view.php?id=CVE-2022-50183
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init of_graph_get_remote_node() returns remote device nodepointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init of_graph_get_remote_node() returns remote device node... • https://git.kernel.org/stable/c/318ba02cd8a8bacd20a4fe29edff3c0931d17ded •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50182 – media: imx-jpeg: Align upwards buffer size
https://notcve.org/view.php?id=CVE-2022-50182
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Align upwards buffer size The hardware can support any image size WxH, with arbitrary W (image width) and H (image height) dimensions. Align upwards buffer size for both encoder and decoder. and leave the picture resolution unchanged. For decoder, the risk of memory out of bounds can be avoided. For both encoder and decoder, the driver will lift the limitation of resolution alignment. For example, the decoder can support jp... • https://git.kernel.org/stable/c/2db16c6ed72ce644d5639b3ed15e5817442db4ba •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50181 – virtio-gpu: fix a missing check to avoid NULL dereference
https://notcve.org/view.php?id=CVE-2022-50181
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset() and it will lead to a NULL dereference by a lately use of it (i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check. [ kraxel: minor codestyle fixup ] In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside ... • https://git.kernel.org/stable/c/62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50179 – ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
https://notcve.org/view.php?id=CVE-2022-50179
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem was in incorrect htc_handle->drv_priv initialization. Probable call trace which can trigger use-after-free: ath9k_htc_probe_device() /* htc_handle->drv_priv = priv; */ ath9k_htc_wait_for_target() <--- Failed ieee80211_free_hw() <--- priv pointer is freed
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50178 – wifi: rtw89: 8852a: rfk: fix div 0 exception
https://notcve.org/view.php?id=CVE-2022-50178
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: 8852a: rfk: fix div 0 exception The DPK is a kind of RF calibration whose algorithm is to fine tune parameters and calibrate, and check the result. If the result isn't good enough, it could adjust parameters and try again. This issue is to read and show the result, but it could be a negative calibration result that causes divisor 0 and core dump. So, fix it by phy_div() that does division only if divisor isn't zero; otherwise, ... • https://git.kernel.org/stable/c/e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50177 – rcutorture: Fix ksoftirqd boosting timing and iteration
https://notcve.org/view.php?id=CVE-2022-50177
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: rcutorture: Fix ksoftirqd boosting timing and iteration The RCU priority boosting can fail in two situations: 1) If (nr_cpus= > maxcpus=), which means if the total number of CPUs is higher than those brought online at boot, then torture_onoff() may later bring up CPUs that weren't online on boot. Now since rcutorture initialization only boosts the ksoftirqds of the CPUs that have been set online on boot, the CPUs later set online by torture... • https://git.kernel.org/stable/c/ea6d962e80b61996aeacb443661cc3adcb605315 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50176 – drm/mcde: Fix refcount leak in mcde_dsi_bind
https://notcve.org/view.php?id=CVE-2022-50176
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/mcde: Fix refcount leak in mcde_dsi_bind Every iteration of for_each_available_child_of_node() decrements the reference counter of the previous node. There is no decrement when break out from the loop and results in refcount leak. Add missing of_node_put() to fix this. In the Linux kernel, the following vulnerability has been resolved: drm/mcde: Fix refcount leak in mcde_dsi_bind Every iteration of for_each_available_child_of_node() dec... • https://git.kernel.org/stable/c/5fc537bfd00033a3f813330175f7f12c25957ebf •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50175 – media: tw686x: Fix memory leak in tw686x_video_init
https://notcve.org/view.php?id=CVE-2022-50175
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: tw686x: Fix memory leak in tw686x_video_init video_device_alloc() allocates memory for vdev, when video_register_device() fails, it doesn't release the memory and leads to memory leak, call video_device_release() to fix this. In the Linux kernel, the following vulnerability has been resolved: media: tw686x: Fix memory leak in tw686x_video_init video_device_alloc() allocates memory for vdev, when video_register_device() fails, it does... • https://git.kernel.org/stable/c/704a84ccdbf19fdce9adfda0b936dfdcac52fa49 •