CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50164 – wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
https://notcve.org/view.php?id=CVE-2022-50164
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue After successfull station association, if station queues are disabled for some reason, the related lists are not emptied. So if some new element is added to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old one and produce a BUG like this: [ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1... • https://git.kernel.org/stable/c/cfbc6c4c5b91c7725ef14465b98ac347d31f2334 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50163 – ax25: fix incorrect dev_tracker usage
https://notcve.org/view.php?id=CVE-2022-50163
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect dev_tracker usage While investigating a separate rose issue [1], and enabling CONFIG_NET_DEV_REFCNT_TRACKER=y, Bernard reported an orthogonal ax25 issue [2] An ax25_dev can be used by one (or many) struct ax25_cb. We thus need different dev_tracker, one per struct ax25_cb. After this patch is applied, we are able to focus on rose. [1] https://lore.kernel.org/netdev/fb7544a1-f42e-9254-18cc-c9b071f4ca70@free.fr/ [2] [ 205.... • https://git.kernel.org/stable/c/feef318c855a361a1eccd880f33e88c460eb63b4 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50162 – wifi: libertas: Fix possible refcount leak in if_usb_probe()
https://notcve.org/view.php?id=CVE-2022-50162
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in if_usb_probe() usb_get_dev will be called before lbs_get_firmware_async which means that usb_put_dev need to be called when lbs_get_firmware_async fails. In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in if_usb_probe() usb_get_dev will be called before lbs_get_firmware_async which means that usb_put_dev need to be called when lbs_ge... • https://git.kernel.org/stable/c/ce84bb69f50e6f6cfeabc9b965365290f4184417 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50161 – mtd: maps: Fix refcount leak in of_flash_probe_versatile
https://notcve.org/view.php?id=CVE-2022-50161
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in of_flash_probe_versatile of_find_matching_node_and_match() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in of_flash_probe_versatile of_find_matching_node_and_match() returns a node pointer with refcount ... • https://git.kernel.org/stable/c/b0afd44bc192ff4c0e90a5fc1724350bcfc32b33 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50160 – mtd: maps: Fix refcount leak in ap_flash_init
https://notcve.org/view.php?id=CVE-2022-50160
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in ap_flash_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in ap_flash_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() o... • https://git.kernel.org/stable/c/b0afd44bc192ff4c0e90a5fc1724350bcfc32b33 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50159 – of: check previous kernel's ima-kexec-buffer against memory bounds
https://notcve.org/view.php?id=CVE-2022-50159
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: of: check previous kernel's ima-kexec-buffer against memory bounds Presently ima_get_kexec_buffer() doesn't check if the previous kernel's ima-kexec-buffer lies outside the addressable memory range. This can result in a kernel panic if the new kernel is booted with 'mem=X' arg and the ima-kexec-buffer was allocated beyond that range by the previous kernel. The panic is usually of the form below: $ sudo kexec --initrd initrd vmlinux --append... • https://git.kernel.org/stable/c/467d27824920e866af148132f555d40ca1fb199e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50158 – mtd: partitions: Fix refcount leak in parse_redboot_of
https://notcve.org/view.php?id=CVE-2022-50158
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: partitions: Fix refcount leak in parse_redboot_of of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: mtd: partitions: Fix refcount leak in parse_redboot_of of_get_child_by_name() returns a node pointer with refcount incremented, we should use... • https://git.kernel.org/stable/c/6490ed7c4684caf9851a0b98e0ab17a8d693dada •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50157 – PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()
https://notcve.org/view.php?id=CVE-2022-50157
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() of_get_next_child() returns a node pointer with refcount incremented, so we should use of_node_put() on it when we don't need it anymore. mc_pcie_init_irq_domains() only calls of_node_put() in the normal path, missing it in some error paths. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: PCI: microchip: Fix ... • https://git.kernel.org/stable/c/6f15a9c9f94133bee0d861a4bf25e10aaa95219d •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50156 – HID: cp2112: prevent a buffer overflow in cp2112_xfer()
https://notcve.org/view.php?id=CVE-2022-50156
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: cp2112: prevent a buffer overflow in cp2112_xfer() Smatch warnings: drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'data->block[1]' too small (33 vs 255) drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'buf' too small (64 vs 255) The 'read_length' variable is provided by 'data->block[0]' which comes from user and it(read_length) can take a value between 0-255. Add an upper bound to 'read_length' variable to p... • https://git.kernel.org/stable/c/542134c0375b5ca2b1d18490c02b8a20bfdd8d74 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50155 – mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset
https://notcve.org/view.php?id=CVE-2022-50155
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset of_find_node_by_path() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset of_find_node_by_path() returns a node pointer with r... • https://git.kernel.org/stable/c/bb17230c61a6424b622e92006ec52ba23aa5a967 •