CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50418 – wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register()
https://notcve.org/view.php?id=CVE-2022-50418
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() mhi_alloc_controller() allocates a memory space for mhi_ctrl. When gets some error, mhi_ctrl should be freed with mhi_free_controller(). But when ath11k_mhi_read_addr_from_dt() fails, the function returns without calling mhi_free_controller(), which will lead to a memory leak. We can fix it by calling mhi_free_controller() when ath11k_mhi_read_addr_from_dt() fails. In the... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50417 – drm/panfrost: Fix GEM handle creation ref-counting
https://notcve.org/view.php?id=CVE-2022-50417
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix GEM handle creation ref-counting panfrost_gem_create_with_handle() previously returned a BO but with the only reference being from the handle, which user space could in theory guess and release, causing a use-after-free. Additionally if the call to panfrost_gem_mapping_get() in panfrost_ioctl_create_bo() failed then a(nother) reference on the BO was dropped. The _create_with_handle() is a problematic pattern, so ditch it a... • https://git.kernel.org/stable/c/f3ba91228e8e917e5bd6c4b72bfe846933d17370 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50416 – irqchip/wpcm450: Fix memory leak in wpcm450_aic_of_init()
https://notcve.org/view.php?id=CVE-2022-50416
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/wpcm450: Fix memory leak in wpcm450_aic_of_init() If of_iomap() failed, 'aic' should be freed before return. Otherwise there is a memory leak. In the Linux kernel, the following vulnerability has been resolved: irqchip/wpcm450: Fix memory leak in wpcm450_aic_of_init() If of_iomap() failed, 'aic' should be freed before return. Otherwise there is a memory leak. • https://git.kernel.org/stable/c/fead4dd496631707549f414b4059afb86ea8fb80 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50415 – parisc: led: Fix potential null-ptr-deref in start_task()
https://notcve.org/view.php?id=CVE-2022-50415
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: led: Fix potential null-ptr-deref in start_task() start_task() calls create_singlethread_workqueue() and not checked the ret value, which may return NULL. And a null-ptr-deref may happen: start_task() create_singlethread_workqueue() # failed, led_wq is NULL queue_delayed_work() queue_delayed_work_on() __queue_delayed_work() # warning here, but continue __queue_work() # access wq->flags, null-ptr-deref Check the ret value and return ... • https://git.kernel.org/stable/c/3499495205a676d85fcc2f3c28e35ec9b43c47e3 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50414 – scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
https://notcve.org/view.php?id=CVE-2022-50414
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails fcoe_init() calls fcoe_transport_attach(&fcoe_sw_transport), but when fcoe_if_init() fails, &fcoe_sw_transport is not detached and leaves freed &fcoe_sw_transport on fcoe_transports list. This causes panic when reinserting module. BUG: unable to handle page fault for address: fffffbfff82e2213 RIP: 0010:fcoe_transport_attach+0xe1/0x230 [libfcoe] Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50413 – wifi: mac80211: fix use-after-free
https://notcve.org/view.php?id=CVE-2022-50413
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free We've already freed the assoc_data at this point, so need to use another copy of the AP (MLD) address instead. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free We've already freed the assoc_data at this point, so need to use another copy of the AP (MLD) address instead. • https://git.kernel.org/stable/c/81151ce462e533551f3284bfdb8e0f461c9220e6 •
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50412 – drm: bridge: adv7511: unregister cec i2c device after cec adapter
https://notcve.org/view.php?id=CVE-2022-50412
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: unregister cec i2c device after cec adapter cec_unregister_adapter() assumes that the underlying adapter ops are callable. For example, if the CEC adapter currently has a valid physical address, then the unregistration procedure will invalidate the physical address by setting it to f.f.f.f. Whence the following kernel oops observed after removing the adv7511 module: Unable to handle kernel execution of user memory at v... • https://git.kernel.org/stable/c/3b1b975003e4a3da4b93ab032487a3ae4afca7b5 • CWE-825: Expired Pointer Dereference •
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50411 – ACPICA: Fix error code path in acpi_ds_call_control_method()
https://notcve.org/view.php?id=CVE-2022-50411
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpi_ds_call_control_method() A use-after-free in acpi_ps_parse_aml() after a failing invocaion of acpi_ds_call_control_method() is reported by KASAN [1] and code inspection reveals that next_walk_state pushed to the thread by acpi_ds_create_walk_state() is freed on errors, but it is not popped from the thread beforehand. Thus acpi_ds_get_current_walk_state() called by acpi_ps_parse_aml() subsequently returns ... • https://git.kernel.org/stable/c/38e251d356a01b61a86cb35213cafd7e8fe7090c •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50410 – NFSD: Protect against send buffer overflow in NFSv2 READ
https://notcve.org/view.php?id=CVE-2022-50410
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has conserved the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array of pages. This works because there are no cases where an operation needs a large RPC Call message and a large RPC Reply at the same time. Once an RPC Call has been received, svc_process() updates svc_rqst::rq_res to describe the pa... • https://git.kernel.org/stable/c/2007867c5874134f2271eb276398208070049dd3 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50409 – net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
https://notcve.org/view.php?id=CVE-2022-50409
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory Fixes the below NULL pointer dereference: [...] [ 14.471200] Call Trace: [ 14.471562]