CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50363 – skmsg: pass gfp argument to alloc_sk_msg()
https://notcve.org/view.php?id=CVE-2022-50363
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: skmsg: pass gfp argument to alloc_sk_msg() syzbot found that alloc_sk_msg() could be called from a non sleepable context. sk_psock_verdict_recv() uses rcu_read_lock() protection. We need the callers to pass a gfp_t argument to avoid issues. syzbot report was: BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3613, name: syz-executor414 preempt_count: 0, ... • https://git.kernel.org/stable/c/43312915b5ba20741617dd2119e835205fa8580c • CWE-767: Access to Critical Private Variable via Public Method •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50362 – dmaengine: hisilicon: Add multi-thread support for a DMA channel
https://notcve.org/view.php?id=CVE-2022-50362
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: hisilicon: Add multi-thread support for a DMA channel When we get a DMA channel and try to use it in multiple threads it will cause oops and hanging the system. % echo 100 > /sys/module/dmatest/parameters/threads_per_chan % echo 100 > /sys/module/dmatest/parameters/iterations % echo 1 > /sys/module/dmatest/parameters/run [383493.327077] Unable to handle kernel paging request at virtual address dead000000000108 [383493.335103] Mem... • https://git.kernel.org/stable/c/e9f08b65250d73ab70e79e194813f52b8d306784 •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50361 – wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init()
https://notcve.org/view.php?id=CVE-2022-50361
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init() Fault injection test reports this issue: kernel BUG at net/core/dev.c:10731! invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI Call Trace:
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-50360 – drm/msm/dp: fix aux-bus EP lifetime
https://notcve.org/view.php?id=CVE-2022-50360
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix aux-bus EP lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is deferred. This can lead resource leaks or failure to bind the aggregate device when binding is later retried and a second attempt to allocate the resources is made. For the DP aux-bus, an attempt to populate the bus... • https://git.kernel.org/stable/c/c3bf8e21b38a89418f2e22173b229aaad2306815 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50359 – media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
https://notcve.org/view.php?id=CVE-2022-50359
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cx88: Fix a null-ptr-deref bug in buffer_prepare() When the driver calls cx88_risc_buffer() to prepare the buffer, the function call may fail, resulting in a empty buffer and null-ptr-deref later in buffer_queue(). The following log can reveal it: [ 41.822762] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 41.824488] KASAN: null-ptr-deref in range [0x0000000000000000... • https://git.kernel.org/stable/c/c76d04d2079a4b7369ce9a0e859c0f3f2250bcc1 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50358 – brcmfmac: return error when getting invalid max_flowrings from dongle
https://notcve.org/view.php?id=CVE-2022-50358
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid max_flowrings from dongle When firmware hit trap at initialization, host will read abnormal max_flowrings number from dongle, and it will cause kernel panic when doing iowrite to initialize dongle ring. To detect this error at early stage, we directly return error when getting invalid max_flowrings(>256). This update provides the initial livepatch for this kernel update. This update does not conta... • https://git.kernel.org/stable/c/3cc9299036bdb647408e11e41de3eb1ff6d428cd •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50357 – usb: dwc3: core: fix some leaks in probe
https://notcve.org/view.php?id=CVE-2022-50357
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: fix some leaks in probe The dwc3_get_properties() function calls: dwc->usb_psy = power_supply_get_by_name(usb_psy_name); so there is some additional clean up required on these error paths. This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. • https://git.kernel.org/stable/c/6f0764b5adea18d70c3fab32d5f940678bcbd865 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50356 – net: sched: sfb: fix null pointer access issue when sfb_init() fails
https://notcve.org/view.php?id=CVE-2022-50356
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfb_init() fails When the default qdisc is sfb, if the qdisc of dev_queue fails to be inited during mqprio_init(), sfb_reset() is invoked to clear resources. In this case, the q->qdisc is NULL, and it will cause gpf issue. The process is as follows: qdisc_create_dflt() sfb_init() tcf_block_get() --->failed, q->qdisc is NULL ... qdisc_put() ... sfb_reset() qdisc_reset(q->qdisc) --->q->qdisc... • https://git.kernel.org/stable/c/e13e02a3c68d899169c78d9a18689bd73491d59a • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50355 – staging: vt6655: fix some erroneous memory clean-up loops
https://notcve.org/view.php?id=CVE-2022-50355
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix some erroneous memory clean-up loops In some initialization functions of this driver, memory is allocated with 'i' acting as an index variable and increasing from 0. The commit in "Fixes" introduces some clean-up codes in case of allocation failure, which free memory in reverse order with 'i' decreasing to 0. However, there are some problems: - The case i=0 is left out. Thus memory is leaked. - In case memory allocation... • https://git.kernel.org/stable/c/5341ee0adb17d12a96dc5344e0d267cd12b52135 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50354 – drm/amdkfd: Fix kfd_process_device_init_vm error handling
https://notcve.org/view.php?id=CVE-2022-50354
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd_process_device_init_vm error handling Should only destroy the ib_mem and let process cleanup worker to free the outstanding BOs. Reset the pointer in pdd->qpd structure, to avoid NULL pointer access in process destroy worker. BUG: kernel NULL pointer dereference, address: 0000000000000010 Call Trace: amdgpu_amdkfd_gpuvm_unmap_gtt_bo_from_kernel+0x46/0xb0 [amdgpu] kfd_process_device_destroy_cwsr_dgpu+0x40/0x70 [amdgpu] kf... • https://git.kernel.org/stable/c/68df0f195a689bbb0f92bfeadee6edd90c79c31f •