CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-50288 – qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
https://notcve.org/view.php?id=CVE-2022-50288
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure adapter->dcb would get silently freed inside qlcnic_dcb_enable() in case qlcnic_dcb_attach() would return an error, which always happens under OOM conditions. This would lead to use-after-free because both of the existing callers invoke qlcnic_dcb_get_info() on the obtained pointer, which is potentially freed at that point. Propagate errors from qlcnic_dcb_enable(), and ins... • https://git.kernel.org/stable/c/3c44bba1d270cb1620b4fe76786d0968118cb86b •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2022-50286 – ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
https://notcve.org/view.php?id=CVE-2022-50286
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline When converting files with inline data to extents, delayed allocations made on a file system created with both the bigalloc and inline options can result in invalid extent status cache content, incorrect reserved cluster counts, kernel memory leaks, and potential kernel panics. With bigalloc, the code that determines whether a block must be delayed allocated searches ... • https://git.kernel.org/stable/c/6f4200ec76a0d31200c308ec5a71c68df5417004 •
CVSS: 5.5EPSS: %CPEs: 11EXPL: 0CVE-2022-50282 – chardev: fix error handling in cdev_device_add()
https://notcve.org/view.php?id=CVE-2022-50282
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdev_device_add() While doing fault injection test, I got the following report: ------------[ cut here ]------------ kobject: '(null)' (0000000039956980): is not initialized, yet kobject_put() is being called. WARNING: CPU: 3 PID: 6306 at kobject_put+0x23d/0x4e0 CPU: 3 PID: 6306 Comm: 283 Tainted: G W 6.1.0-rc2-00005-g307c1086d7c9 #1253 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu... • https://git.kernel.org/stable/c/da97a80a657d1b1b50ef633e8ff5dbf0d417fc8d •
CVSS: 6.3EPSS: %CPEs: 10EXPL: 0CVE-2022-50280 – pnode: terminate at peers of source
https://notcve.org/view.php?id=CVE-2022-50280
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: pnode: terminate at peers of source The propagate_mnt() function handles mount propagation when creating mounts and propagates the source mount tree @source_mnt to all applicable nodes of the destination propagation mount tree headed by @dest_mnt. Unfortunately it contains a bug where it fails to terminate at peers of @source_mnt when looking up copies of the source mount that become masters for copies of the source mount tree mounted on to... • https://git.kernel.org/stable/c/f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 •
CVSS: 6.6EPSS: %CPEs: 7EXPL: 0CVE-2022-50279 – wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
https://notcve.org/view.php?id=CVE-2022-50279
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() There is a global-out-of-bounds reported by KASAN: BUG: KASAN: global-out-of-bounds in _rtl8812ae_eq_n_byte.part.0+0x3d/0x84 [rtl8821ae] Read of size 1 at addr ffffffffa0773c43 by task NetworkManager/411 CPU: 6 PID: 411 Comm: NetworkManager Tainted: G D 6.1.0-rc8+ #144 e15588508517267d37 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), Call Trace:
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2022-50278 – PNP: fix name memory leak in pnp_alloc_dev()
https://notcve.org/view.php?id=CVE-2022-50278
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: PNP: fix name memory leak in pnp_alloc_dev() After commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, move dev_set_name() after pnp_add_id() to avoid memory leak. In the Linux kernel, the following vulnerability has been resolved: PNP: fix name memory leak in pnp_alloc_dev() After commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array")... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e •
CVSS: 5.5EPSS: %CPEs: 11EXPL: 0CVE-2022-50275 – drm/radeon: Add the missed acpi_put_table() to fix memory leak
https://notcve.org/view.php?id=CVE-2022-50275
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Add the missed acpi_put_table() to fix memory leak When the radeon driver reads the bios information from ACPI table in radeon_acpi_vfct_bios(), it misses to call acpi_put_table() to release the ACPI memory after the init, so add acpi_put_table() properly to fix the memory leak. v2: fix text formatting (Alex) In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Add the missed acpi_put_table() to fix me... • https://git.kernel.org/stable/c/268ba0a99f89a84dc5eb312470896113d0709c74 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-50274 – media: dvbdev: adopts refcnt to avoid UAF
https://notcve.org/view.php?id=CVE-2022-50274
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: adopts refcnt to avoid UAF dvb_unregister_device() is known that prone to use-after-free. That is, the cleanup from dvb_unregister_device() releases the dvb_device even if there are pointers stored in file->private_data still refer to it. This patch adds a reference counter into struct dvb_device and delays its deallocation until no pointer refers to the object. In the Linux kernel, the following vulnerability has been resolv... • https://git.kernel.org/stable/c/ac521bbe3d00fa574e66a9361763f2b37725bc97 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-50273 – f2fs: fix to do sanity check on destination blkaddr during recovery
https://notcve.org/view.php?id=CVE-2022-50273
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on destination blkaddr during recovery As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=216456 loop5: detected capacity change from 0 to 131072 F2FS-fs (loop5): recover_inode: ino = 6, name = hln, inline = 1 F2FS-fs (loop5): recover_data: ino = 6 (i_size: recover) err = 0 F2FS-fs (loop5): recover_inode: ino = 6, name = hln, inline = 1 F2FS-fs (loop5): recover_data: ino = 6 (i_size... • https://git.kernel.org/stable/c/68b1e607559d3dc85f94b0d738d7c4e8029b0cfa •
CVSS: 5.5EPSS: %CPEs: 9EXPL: 0CVE-2022-50272 – media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
https://notcve.org/view.php?id=CVE-2022-50272
15 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() Wei Chen reports a kernel bug as blew: general protection fault, probably for non-canonical address KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] ... Call Trace: