CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50570 – platform/chrome: fix memory corruption in ioctl
https://notcve.org/view.php?id=CVE-2022-50570
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/chrome: fix memory corruption in ioctl If "s_mem.bytes" is larger than the buffer size it leads to memory corruption. In the Linux kernel, the following vulnerability has been resolved: platform/chrome: fix memory corruption in ioctl If "s_mem.bytes" is larger than the buffer size it leads to memory corruption. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues. • https://git.kernel.org/stable/c/eda2e30c6684d67288edb841c6125d48c608a242 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50569 – xfrm: Update ipcomp_scratches with NULL when freed
https://notcve.org/view.php?id=CVE-2022-50569
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: Update ipcomp_scratches with NULL when freed Currently if ipcomp_alloc_scratches() fails to allocate memory ipcomp_scratches holds obsolete address. So when we try to free the percpu scratches using ipcomp_free_scratches() it tries to vfree non existent vm area. Described below: static void * __percpu *ipcomp_alloc_scratches(void) { ... scratches = alloc_percpu(void *); if (!scratches) return NULL; ipcomp_scratches does not know about... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50568 – usb: gadget: f_hid: fix f_hidg lifetime vs cdev
https://notcve.org/view.php?id=CVE-2022-50568
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: fix f_hidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct f_hidg, so there is a use-after-free if /dev/hidgN is held open while the gadget is deleted. This can readily be replicated with libusbgx's example programs (for conciseness - operating directly via configfs is equivalent): gadget-hid exec 3<> /dev/hidg0 gadget-vid-pid-remove exec 3<&- Pull the existing ... • https://git.kernel.org/stable/c/71adf118946957839a13aa4d1094183e05c6c094 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50567 – fs: jfs: fix shift-out-of-bounds in dbAllocAG
https://notcve.org/view.php?id=CVE-2022-50567
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbAllocAG Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The underlying bug is the missing check of bmp->db_agl2size. The field can be greater than 64 and trigger the shift-out-of-bounds. Fix this bug by adding a check of bmp->db_agl2size in dbMount since this field is used in many following functions. The upper bound for this field is L2MAXL2SIZE - L2MAXAG, thanks for the help of Dave Kl... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50566 – mtd: Fix device name leak when register device failed in add_mtd_device()
https://notcve.org/view.php?id=CVE-2022-50566
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: Fix device name leak when register device failed in add_mtd_device() There is a kmemleak when register device failed: unreferenced object 0xffff888101aab550 (size 8): comm "insmod", pid 3922, jiffies 4295277753 (age 925.408s) hex dump (first 8 bytes): 6d 74 64 30 00 88 ff ff mtd0.... backtrace: [<00000000bde26724>] __kmalloc_node_track_caller+0x4e/0x150 [<000000003c32b416>] kvasprintf+0xb0/0x130 [<000000001f7a8f15>] kobject_set_name_va... • https://git.kernel.org/stable/c/1f24b5a8ecbb2a3c7080f418974d40e3ffedb221 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50564 – s390/netiucv: Fix return type of netiucv_tx()
https://notcve.org/view.php?id=CVE-2022-50564
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/netiucv: Fix return type of netiucv_tx() With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. A proposed warning in clang aims to catch these at ... • https://git.kernel.org/stable/c/dc1f8bf68b311b1537cb65893430b6796118498a •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50563 – dm thin: Fix UAF in run_timer_softirq()
https://notcve.org/view.php?id=CVE-2022-50563
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in run_timer_softirq() When dm_resume() and dm_destroy() are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in __run_timers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50562 – tpm: acpi: Call acpi_put_table() to fix memory leak
https://notcve.org/view.php?id=CVE-2022-50562
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: acpi: Call acpi_put_table() to fix memory leak The start and length of the event log area are obtained from TPM2 or TCPA table, so we call acpi_get_table() to get the ACPI information, but the acpi_get_table() should be coupled with acpi_put_table() to release the ACPI memory, add the acpi_put_table() properly to fix the memory leak. While we are at it, remove the redundant empty line at the end of the tpm_read_log_acpi(). In the Linux... • https://git.kernel.org/stable/c/0bfb23746052168620c5b52f49d8a47c3bb022fa • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50560 – drm/meson: explicitly remove aggregate driver at module unload time
https://notcve.org/view.php?id=CVE-2022-50560
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: explicitly remove aggregate driver at module unload time Because component_master_del wasn't being called when unloading the meson_drm module, the aggregate device would linger forever in the global aggregate_devices list. That means when unloading and reloading the meson_dw_hdmi module, component_add would call into try_to_bring_up_aggregate_device and find the unbound meson_drm aggregate device. This would in turn dereference s... • https://git.kernel.org/stable/c/bbbe775ec5b5dace43a35886da9924837da09ddd •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50556 – drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
https://notcve.org/view.php?id=CVE-2022-50556
22 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref due to drmm_mode_config_init() drmm_mode_config_init() will call drm_mode_create_standard_properties() and won't check the ret value. When drm_mode_create_standard_properties() failed due to alloc, property will be a NULL pointer and may causes the null-ptr-deref. Fix the null-ptr-deref by adding the ret value check. Found null-ptr-deref while testing insert module bochs: general protection fault, probably ... • https://git.kernel.org/stable/c/6b4959f43a04e12d39c5700607727f2cbcfeac31 •