CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50431 – ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
https://notcve.org/view.php?id=CVE-2022-50431
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() dev_set_name() in soundbus_add_one() allocates memory for name, it need be freed when of_device_register() fails, call soundbus_dev_put() to give up the reference that hold in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hit to 0. And other resources are also freed in i2sbus_release_dev(), so it can return 0 directly. In the Linux kernel, ... • https://git.kernel.org/stable/c/f3d9478b2ce468c3115b02ecae7e975990697f15 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50430 – mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
https://notcve.org/view.php?id=CVE-2022-50430
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING vub300_enable_sdio_irq() works with mutex and need TASK_RUNNING here. Ensure that we mark current as TASK_RUNNING for sleepable context. [ 77.554641] do not call blocking ops when !TASK_RUNNING; state=1 set at [
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50427 – ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
https://notcve.org/view.php?id=CVE-2022-50427
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should call put_device() to give up reference, or the name allocated in dev_set_name() is leaked. In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should call put_device() to give u... • https://git.kernel.org/stable/c/0ca06a00e206b963587ac471e6d1c52bf33b9a18 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-50423 – ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
https://notcve.org/view.php?id=CVE-2022-50423
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() There is an use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpi_ut_remove_reference+0x3b/0x82 Read of size 1 at addr ffff888112afc460 by task modprobe/2111 CPU: 0 PID: 2111 Comm: modprobe Not tainted 6.1.0-rc7-dirty Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50422 – scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
https://notcve.org/view.php?id=CVE-2022-50422
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() When executing SMP task failed, the smp_execute_task_sg() calls del_timer() to delete "slow_task->timer". However, if the timer handler sas_task_internal_timedout() is running, the del_timer() in smp_execute_task_sg() will not stop it and a UAF will happen. The process is shown below: (thread 1) | (thread 2) smp_execute_task_sg() | sas_task_internal_timedout() ... | del_timer() |... • https://git.kernel.org/stable/c/2908d778ab3e244900c310974e1fc1c69066e450 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39927 – ceph: fix race condition validating r_parent before applying state
https://notcve.org/view.php?id=CVE-2025-39927
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating r_parent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent operations (e.g. rename) cause r_parent to become stale between request initiation and reply processing, which could lead to applying state changes to incorrect directory inodes. [ idryomov: folded a kerneldoc fixup ... • https://git.kernel.org/stable/c/9030aaf9bf0a1eee47a154c316c789e959638b0f • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 6.6EPSS: 0%CPEs: 11EXPL: 0CVE-2025-39923 – dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
https://notcve.org/view.php?id=CVE-2025-39923
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees When we don't have a clock specified in the device tree, we have no way to ensure the BAM is on. This is often the case for remotely-controlled or remotely-powered BAM instances. In this case, we need to read num-channels from the DT to have all the necessary information to complete probing. However, at the moment invalid device trees without clock and without num-channels... • https://git.kernel.org/stable/c/48d163b1aa6e7f650c0b7a4f9c61c387a6def868 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39920 – pcmcia: Add error handling for add_interval() in do_validate_mem()
https://notcve.org/view.php?id=CVE-2025-39920
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: pcmcia: Add error handling for add_interval() in do_validate_mem() In the do_validate_mem(), the call to add_interval() does not handle errors. If kmalloc() fails in add_interval(), it could result in a null pointer being inserted into the linked list, leading to illegal memory access when sub_interval() is called next. This patch adds an error handling for the add_interval(). If add_interval() returns an error, the function will return ear... • https://git.kernel.org/stable/c/7b4884ca8853a638df0eb5d251d80d67777b8b1a •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39911 – i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
https://notcve.org/view.php?id=CVE-2025-39911
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path If request_irq() in i40e_vsi_request_irq_msix() fails in an iteration later than the first, the error path wants to free the IRQs requested so far. However, it uses the wrong dev_id argument for free_irq(), so it does not free the IRQs correctly and instead triggers the warning: Trying to free already-free IRQ 173 WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+... • https://git.kernel.org/stable/c/493fb30011b3ab5173cef96f1d1ce126da051792 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39902 – mm/slub: avoid accessing metadata when pointer is invalid in object_err()
https://notcve.org/view.php?id=CVE-2025-39902
01 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in object_err() object_err() reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempting to access object metadata can lead to a crash since it does not point to a valid object. One known path to the crash is when alloc_consistency_checks() determines the pointer to the allocated object is invalid beca... • https://git.kernel.org/stable/c/81819f0fc8285a2a5a921c019e3e3d7b6169d225 •