CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50174 – net: hinic: avoid kernel hung in hinic_get_stats64()
https://notcve.org/view.php?id=CVE-2022-50174
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: hinic: avoid kernel hung in hinic_get_stats64() When using hinic device as a bond slave device, and reading device stats of master bond device, the kernel may hung. The kernel panic calltrace as follows: Kernel panic - not syncing: softlockup: hung tasks Call trace: native_queued_spin_lock_slowpath+0x1ec/0x31c dev_get_stats+0x60/0xcc dev_seq_printf_stats+0x40/0x120 dev_seq_show+0x1c/0x40 seq_read_iter+0x3c8/0x4dc seq_read+0xe0/0x130 pr... • https://git.kernel.org/stable/c/edd384f682cc2981420628b769a1929db680f02f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50173 – drm/msm/mdp5: Fix global state lock backoff
https://notcve.org/view.php?id=CVE-2022-50173
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case. Otherwise, we could have hit contention yet still returned 0. Fixes an issue that the new CONFIG_DRM_DEBUG_MODESET_LOCK stuff flagged in CI: WARNING: CPU: 0 PID: 282 at drivers/gpu/drm/drm_modeset_lock.c:296 drm_modeset_lock+0xf8/0x154 Modules linked in: CPU: 0 PID: 282 Comm: kms_cursor_lega Tainted: G W 5.19.0-rc2-15930-g875cc8bc53... • https://git.kernel.org/stable/c/776f5c58bfe16cf322d71eeed3c5dda1eeac7e6b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50172 – mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
https://notcve.org/view.php?id=CVE-2022-50172
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg Free the skb if mt76u_bulk_msg fails in __mt76x02u_mcu_send_msg routine. • https://git.kernel.org/stable/c/4c89ff2c74e39b60f1f6e650721f6f92f007ea5b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50171 – crypto: hisilicon/sec - don't sleep when in softirq
https://notcve.org/view.php?id=CVE-2022-50171
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to deencrypt and decrypt packets during the softirq, it is not allowed to use mutex lock. The kernel will report the following error: BUG: scheduling while atomic: swapper/57/0/0x00000300 Call trace: dump_backtrace+0x0/0x1e4 show_stack+0x20/0x2c dump_stack+0xd8/0x140 __schedule_bug+0x68/0x80 __schedule+0x728/0x840 schedule+0x50/0xe0 schedule_preemp... • https://git.kernel.org/stable/c/416d82204df44ef727de6eafafeaa4d12fdc78dc •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50170 – kunit: executor: Fix a memory leak on failure in kunit_filter_tests
https://notcve.org/view.php?id=CVE-2022-50170
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: kunit: executor: Fix a memory leak on failure in kunit_filter_tests It's possible that memory allocation for 'filtered' will fail, but for the copy of the suite to succeed. In this case, the copy could be leaked. Properly free 'copy' in the error case for the allocation of 'filtered' failing. Note that there may also have been a similar issue in kunit_filter_subsuites, before it was removed in "kunit: flatten kunit_suite*** to kunit_suite**... • https://git.kernel.org/stable/c/bd8b222a0002872bb229f6c755672a093ef93ea4 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50169 – wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
https://notcve.org/view.php?id=CVE-2022-50169
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a single byte is initialized. However, we need to initialize the whole buffer to prevent information leaks. Just use memdup_user(). In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a ... • https://git.kernel.org/stable/c/ff974e4083341383d3dd4079e52ed30f57f376f0 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50168 – bpf, x86: fix freeing of not-finalized bpf_prog_pack
https://notcve.org/view.php?id=CVE-2022-50168
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, x86: fix freeing of not-finalized bpf_prog_pack syzbot reported a few issues with bpf_prog_pack [1], [2]. This only happens with multiple subprogs. In jit_subprogs(), we first call bpf_int_jit_compile() on each sub program. And then, we call it on each sub program again. jit_data is not freed in the first call of bpf_int_jit_compile(). Similarly we don't call bpf_jit_binary_pack_finalize() in the first call of bpf_int_jit_compile(). • https://git.kernel.org/stable/c/1022a5498f6f745c3b5fd3f050a5e11e7ca354f0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50167 – bpf: fix potential 32-bit overflow when accessing ARRAY map element
https://notcve.org/view.php?id=CVE-2022-50167
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elem_size are u32. Fix this everywhere by forcing 64-bit multiplication. Extract this formula into separate small helper and use it consistently in various places. Speculative-preventing formula utilizing index_mask trick is left as is, but explicit u64 casts are added in bo... • https://git.kernel.org/stable/c/c85d69135a9175c50a823d04d62d932312d037b3 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50166 – Bluetooth: When HCI work queue is drained, only queue chained work
https://notcve.org/view.php?id=CVE-2022-50166
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 ("Bluetooth: Call drain_workqueue() before resetting state"). There is another delayed work, which will queue command to this drained workqueue. Which results in the following error report: Bluetooth: hci2: command 0x040f tx timeout WARNING: CPU: 1 PID: 18374 at k... • https://git.kernel.org/stable/c/76727c02c1e14a2b561b806fa1d08acc1619ad27 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50165 – wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
https://notcve.org/view.php?id=CVE-2022-50165
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` Commit 7a4836560a61 changes simple_write_to_buffer() with memdup_user() but it forgets to change the value to be returned that came from simple_write_to_buffer() call. It results in the following warning: warning: variable 'rc' is uninitialized when used here [-Wuninitialized] return rc; ^~ Remove rc variable and just return the passed in length if the memdup_u... • https://git.kernel.org/stable/c/ff974e4083341383d3dd4079e52ed30f57f376f0 •