CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50717 – nvmet-tcp: add bounds check on Transfer Tag
https://notcve.org/view.php?id=CVE-2022-50717
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(), add a bounds check to avoid out-of-bounds access. In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(), add a bounds check to avoid out-of-bounds access. The SUSE Linux Enterprise 15 SP5 RT kernel w... • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50716 – wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
https://notcve.org/view.php?id=CVE-2022-50716
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out syzkaller reported use-after-free with the stack trace like below [1]: [ 38.960489][ C3] ================================================================== [ 38.963216][ C3] BUG: KASAN: use-after-free in ar5523_cmd_tx_cb+0x220/0x240 [ 38.964950][ C3] Read of size 8 at addr ffff888048e03450 by task swapper/3/0 [ 38.966363][ C3] [ 38.967053][ C3] CPU: 3 PID: 0 Comm: swapper/3 Not tain... • https://git.kernel.org/stable/c/b7d572e1871df06a96a1c9591c71c5494ff6b624 •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-50715 – md/raid1: stop mdx_raid1 thread when raid1 array run failed
https://notcve.org/view.php?id=CVE-2022-50715
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid1: stop mdx_raid1 thread when raid1 array run failed fail run raid1 array when we assemble array with the inactive disk only, but the mdx_raid1 thread were not stop, Even if the associated resources have been released. it will caused a NULL dereference when we do poweroff. This causes the following Oops: [ 287.587787] BUG: kernel NULL pointer dereference, address: 0000000000000070 [ 287.594762] #PF: supervisor read access in kernel m... • https://git.kernel.org/stable/c/5bad5054ecd83c866502f0370edfc9aa55dc9aa7 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50714 – wifi: mt76: mt7921e: fix rmmod crash in driver reload test
https://notcve.org/view.php?id=CVE-2022-50714
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix rmmod crash in driver reload test In insmod/rmmod stress test, the following crash dump shows up immediately. The problem is caused by missing mt76_dev in mt7921_pci_remove(). We should make sure the drvdata is ready before probe() finished. [168.862789] ================================================================== [168.862797] BUG: KASAN: user-memory-access in try_to_grab_pending+0x59/0x480 [168.862805] Write ... • https://git.kernel.org/stable/c/1c71e03afe4b457a15e50de40006b927dfc00755 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50713 – clk: visconti: Fix memory leak in visconti_register_pll()
https://notcve.org/view.php?id=CVE-2022-50713
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: visconti: Fix memory leak in visconti_register_pll() @pll->rate_table has allocated memory by kmemdup(), if clk_hw_register() fails, it should be freed, otherwise it will cause memory leak issue, this patch fixes it. In the Linux kernel, the following vulnerability has been resolved: clk: visconti: Fix memory leak in visconti_register_pll() @pll->rate_table has allocated memory by kmemdup(), if clk_hw_register() fails, it should be fre... • https://git.kernel.org/stable/c/b4cbe606dc3674b25cb661e7cd1a1c6ddaaafaaa •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50712 – devlink: hold region lock when flushing snapshots
https://notcve.org/view.php?id=CVE-2022-50712
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: devlink: hold region lock when flushing snapshots Netdevsim triggers a splat on reload, when it destroys regions with snapshots pending: WARNING: CPU: 1 PID: 787 at net/core/devlink.c:6291 devlink_region_snapshot_del+0x12e/0x140 CPU: 1 PID: 787 Comm: devlink Not tainted 6.1.0-07460-g7ae9888d6e1c #580 RIP: 0010:devlink_region_snapshot_del+0x12e/0x140 Call Trace:
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68749 – accel/ivpu: Fix race condition when unbinding BOs
https://notcve.org/view.php?id=CVE-2025-68749
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpu_gem_bo_free() removes the BO from the BOs list before it gets unmapped. Then file_priv_unbind() triggers a warning in drm_mm_takedown() during context teardown. Protect the unmapping sequence with bo_list_lock to ensure the BO is always fully unmapped when removed from the list. This ensures the BO is either fully u... • https://git.kernel.org/stable/c/48aea7f2a2efae6a1bd201061c71a81b3f3b7e55 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-68746 – spi: tegra210-quad: Fix timeout handling
https://notcve.org/view.php?id=CVE-2025-68746
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on (typically CPU 0) is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached. While handling the timeouts, any pending transfers are cleaned up and the message that they correspond to is marked as failed, which leaves the curr_xfer field pointing at stale memory. To avoid this, clear curr_xfe... • https://git.kernel.org/stable/c/921fc1838fb036f690b8ba52e6a6d3644b475cbb •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68745 – scsi: qla2xxx: Clear cmds after chip reset
https://notcve.org/view.php?id=CVE-2025-68745
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Clear cmds after chip reset Commit aefed3e5548f ("scsi: qla2xxx: target: Fix offline port handling and host reset handling") caused two problems: 1. Commands sent to FW, after chip reset got stuck and never freed as FW is not going to respond to them anymore. 2. BUG_ON(cmd->sg_mapped) in qlt_free_cmd(). Commit 26f9ce53817a ("scsi: qla2xxx: Fix missed DMA unmap for aborted commands") attempted to fix this, but introduced anoth... • https://git.kernel.org/stable/c/aefed3e5548f28e5fecafda6604fcbc65484dbaa •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68744 – bpf: Free special fields when update [lru_,]percpu_hash maps
https://notcve.org/view.php?id=CVE-2025-68744
24 Dec 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update [lru_,]percpu_hash maps As [lru_,]percpu_hash maps support BPF_KPTR_{REF,PERCPU}, missing calls to 'bpf_obj_free_fields()' in 'pcpu_copy_value()' could cause the memory referenced by BPF_KPTR_{REF,PERCPU} fields to be held until the map gets freed. Fix this by calling 'bpf_obj_free_fields()' after 'copy_map_value[,_long]()' in 'pcpu_copy_value()'. In the Linux kernel, the following vulnerability has been... • https://git.kernel.org/stable/c/65334e64a493c6a0976de7ad56bf8b7a9ff04b4a •