CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50104 – powerpc/xive: Fix refcount leak in xive_get_max_prio
https://notcve.org/view.php?id=CVE-2022-50104
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xive_get_max_prio of_find_node_by_path() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xive_get_max_prio of_find_node_by_path() returns a node pointer with refcount incremented, we should use of_node_put() o... • https://git.kernel.org/stable/c/eac1e731b59ee3b5f5e641a7765c7ed41ed26226 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50103 – sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed
https://notcve.org/view.php?id=CVE-2022-50103
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed With cgroup v2, the cpuset's cpus_allowed mask can be empty indicating that the cpuset will just use the effective CPUs of its parent. So cpuset_can_attach() can call task_can_attach() with an empty mask. This can lead to cpumask_any_and() returns nr_cpu_ids causing the call to dl_bw_of() to crash due to percpu value access of an out of bound CPU value. For example: [80468... • https://git.kernel.org/stable/c/7f51412a415d87ea8598d14722fb31e4f5701257 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50102 – video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
https://notcve.org/view.php?id=CVE-2022-50102
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Since the user can control the arguments of the ioctl() from the user space, under special arguments that may result in a divide-by-zero bug in: drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul); with hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0. and then in: drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par-... • https://git.kernel.org/stable/c/681e14730c73cc2c71af282c001de6bc71c22f00 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50101 – video: fbdev: vt8623fb: Check the size of screen before memset_io()
https://notcve.org/view.php?id=CVE-2022-50101
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vt8623fb: Check the size of screen before memset_io() In the function vt8623fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 583.339036] BUG: unable to handle page fault for address: ffffc90005000000 [ 583.339049] #PF: supervisor write access in kernel mode [ 583... • https://git.kernel.org/stable/c/558b7bd86c32978648cda5deb5c758d77ef0c165 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50099 – video: fbdev: arkfb: Check the size of screen before memset_io()
https://notcve.org/view.php?id=CVE-2022-50099
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memset_io() In the function arkfb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 659.399066] BUG: unable to handle page fault for address: ffffc90003000000 [ 659.399077] #PF: supervisor write access in kernel mode [ 659.39907... • https://git.kernel.org/stable/c/681e14730c73cc2c71af282c001de6bc71c22f00 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50098 – scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts
https://notcve.org/view.php?id=CVE-2022-50098
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts Ensure SRB is returned during I/O timeout error escalation. If that is not possible fail the escalation path. Following crash stack was seen: BUG: unable to handle kernel paging request at 0000002f56aa90f8 IP: qla_chk_edif_rx_sa_delete_pending+0x14/0x30 [qla2xxx] Call Trace: ? qla2x00_status_entry+0x19f/0x1c50 [qla2xxx] ? qla2x00_start_sp+0x116/0x1170 [qla2xxx] ? • https://git.kernel.org/stable/c/d74595278f4ab192af66d9e60a9087464638beee •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50097 – video: fbdev: s3fb: Check the size of screen before memset_io()
https://notcve.org/view.php?id=CVE-2022-50097
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memset_io() In the function s3fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000 [ 54.083742] #PF: supervisor write access in kernel mode [ 54.083744] #P... • https://git.kernel.org/stable/c/a268422de8bf1b4c0cb97987b6c329c9f6a3da4b •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50094 – spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
https://notcve.org/view.php?id=CVE-2022-50094
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions trace_spmi_write_begin() and trace_spmi_read_end() both call memcpy() with a length of "len + 1". This leads to one extra byte being read beyond the end of the specified buffer. Fix this out-of-bound memory access by using a length of "len" instead. Here is a KASAN log showing the issue: BUG: KASAN: stack-out-of-bounds in trace_event_raw_event_spmi_read_end+0x1d0/0x234 Rea... • https://git.kernel.org/stable/c/a9fce374815d8ab94a3e6259802a944e2cc21408 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50093 – iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
https://notcve.org/view.php?id=CVE-2022-50093
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) KASAN reports: [ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497) [ 4.676149][ T0] Read of size 8 at addr 1fffffff85115558 by task swapper/0/0 [ 4.683454][ T0] [ 4.685... • https://git.kernel.org/stable/c/ee34b32d8c2950f66038c8975747ef9aec855289 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50092 – dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
https://notcve.org/view.php?id=CVE-2022-50092
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80 Read of size 8 at addr ffff8881b9d50068 by task dmsetup/950 CPU: 7 PID: 950 Comm: dmsetup Tainted: G W 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 Call Trace: