CVSS: 5.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50554 – blk-mq: avoid double ->queue_rq() because of early timeout
https://notcve.org/view.php?id=CVE-2022-50554
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double ->queue_rq() because of early timeout David Jeffery found one double ->queue_rq() issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault in vCPU pthread, then block IO req could be timed out before queuing the request to hardware but after calling blk_mq_start_request() during ->queue_rq(), then timeout handler may handle it by requeue, then ... • https://git.kernel.org/stable/c/7a73c54a3750895888ab586896736c9434e062a1 • CWE-820: Missing Synchronization •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50552 – blk-mq: use quiesced elevator switch when reinitializing queues
https://notcve.org/view.php?id=CVE-2022-50552
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with the elevator switch when reinitializing hardware queues. The queue is merely frozen in this context, but that only prevents requests from allocating and doesn't stop the hctx work from running. The work may get an elevator pointer that's being torn down, and can result in use-after-free errors and kernel panics (example below). Use the qui... • https://git.kernel.org/stable/c/63a681bcc32a43528ce0f690569f7f48e59c3963 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-50551 – wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
https://notcve.org/view.php?id=CVE-2022-50551
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() This patch fixes a shift-out-of-bounds in brcmfmac that occurs in BIT(chiprev) when a 'chiprev' provided by the device is too large. It should also not be equal to or greater than BITS_PER_TYPE(u32) as we do bitwise AND with a u32 variable and BIT(chiprev). The patch adds a check that makes the function return NULL if that is the case. Note that the NULL case is l... • https://git.kernel.org/stable/c/1db036d13e10809943c2dce553e2fa7fc9c6cd80 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50544 – usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
https://notcve.org/view.php?id=CVE-2022-50544
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() xhci_alloc_stream_info() allocates stream context array for stream_info ->stream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs, stream_info->stream_ctx_array is not released, which will lead to a memory leak. We can fix it by releasing the stream_info->stream_ctx_array with xhci_free_stream_ctx() on the error path to avoid the potential memory leak. In t... • https://git.kernel.org/stable/c/7fc6bab3413e6a42bb1264ff7c9149808c93a4c7 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50542 – media: si470x: Fix use-after-free in si470x_int_in_callback()
https://notcve.org/view.php?id=CVE-2022-50542
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470x_int_in_callback() syzbot reported use-after-free in si470x_int_in_callback() [1]. This indicates that urb->context, which contains struct si470x_device object, is freed when si470x_int_in_callback() is called. The cause of this issue is that si470x_int_in_callback() is called for freed urb. si470x_usb_driver_probe() calls si470x_start_usb(), which then calls usb_submit_urb() and si470x_start(). If... • https://git.kernel.org/stable/c/146bd005ebb01ae190c22af050cb98623958c373 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50539 – ARM: OMAP2+: omap4-common: Fix refcount leak bug
https://notcve.org/view.php?id=CVE-2022-50539
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_... • https://git.kernel.org/stable/c/1d9452ae3bdb830f9309cf10a2f65977999cb14e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50535 – drm/amd/display: Fix potential null-deref in dm_resume
https://notcve.org/view.php?id=CVE-2022-50535
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'aconnector->dc_link' could be null [How] Check if dc_link null at the beginning of the loop, so further checks can be dropped. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'a... • https://git.kernel.org/stable/c/fd79b61af2782f8875c78f50cdb8630ec43e2990 • CWE-476: NULL Pointer Dereference •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53644 – media: radio-shark: Add endpoint checks
https://notcve.org/view.php?id=CVE-2023-53644
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: media: radio-shark: Add endpoint checks The syzbot fuzzer was able to provoke a WARNING from the radio-shark2 driver: ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 3271 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed2/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 3271 Comm: kworker/0:3 Not tainted 6.1.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Goo... • https://git.kernel.org/stable/c/3ed6a312ac1e7278f92b1b3d95377b335ae21e89 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-53627 – scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list
https://notcve.org/view.php?id=CVE-2023-53627
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list When freeing slots in function slot_complete_v3_hw(), it is possible that sas_dev.list is being traversed elsewhere, and it may trigger a NULL pointer exception, such as follows: ==>cq thread ==>scsi_eh_6 ==>scsi_error_handler() ==>sas_eh_handle_sas_errors() ==>sas_scsi_find_task() ==>lldd_abort_task() ==>slot_complete_v3_hw() ==>hisi_sas_abort_task() ==>hisi_sas_... • https://git.kernel.org/stable/c/6e2a40b3a332ea84079983be21c944de8ddbc4f3 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53622 – gfs2: Fix possible data races in gfs2_show_options()
https://notcve.org/view.php?id=CVE-2023-53622
07 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix possible data races in gfs2_show_options() Some fields such as gt_logd_secs of the struct gfs2_tune are accessed without holding the lock gt_spin in gfs2_show_options(): val = sdp->sd_tune.gt_logd_secs; if (val != 30) seq_printf(s, ",commit=%d", val); And thus can cause data races when gfs2_show_options() and other functions such as gfs2_reconfigure() are concurrently executed: spin_lock(>->gt_spin); gt->gt_logd_secs = newargs->... • https://git.kernel.org/stable/c/7e5bbeb7eb813bb2568e1d5d02587df943272e57 •