CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50137 – RDMA/irdma: Fix a window for use-after-free
https://notcve.org/view.php?id=CVE-2022-50137
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a window for use-after-free During a destroy CQ an interrupt may cause processing of a CQE after CQ resources are freed by irdma_cq_free_rsrc(). Fix this by moving the call to irdma_cq_free_rsrc() after the irdma_sc_cleanup_ceqes(), which is called under the cq_lock. In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a window for use-after-free During a destroy CQ an interrupt may cause proce... • https://git.kernel.org/stable/c/b48c24c2d710cf34810c555dcef883a3d35a9c08 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50136 – RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
https://notcve.org/view.php?id=CVE-2022-50136
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event If siw_recv_mpa_rr returns -EAGAIN, it means that the MPA reply hasn't been received completely, and should not report IW_CM_EVENT_CONNECT_REPLY in this case. This may trigger a call trace in iw_cm. A simple way to trigger this: server: ib_send_lat client: ib_send_lat -R
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50134 – RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
https://notcve.org/view.php?id=CVE-2022-50134
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() setup_base_ctxt() allocates a memory chunk for uctxt->groups with hfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groups is not released, which will lead to a memory leak. We should release the uctxt->groups with hfi1_free_ctxt_rcv_groups() when init_user_ctxt() fails. In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memor... • https://git.kernel.org/stable/c/e87473bc1b6c2cb08f1b760cfc8cd012822241a6 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50132 – usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()
https://notcve.org/view.php?id=CVE-2022-50132
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() If 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid pointer and its dereference with priv_ep->cdns3_dev may cause panic. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), c... • https://git.kernel.org/stable/c/7733f6c32e36ff9d7adadf40001039bf219b1cbe •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50131 – HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()
https://notcve.org/view.php?id=CVE-2022-50131
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() Smatch Warning: drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() '&mcp->txbuf[5]' too small (59 vs 255) drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() 'buf' too small (34 vs 255) The 'len' variable can take a value between 0-255 as it can come from data->block[0] and it is user data. So add an bound check to prevent a buffer overflow in memcpy()... • https://git.kernel.org/stable/c/67a95c21463d066060b0f66d65a75d45bb386ffb •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50129 – RDMA/srpt: Fix a use-after-free
https://notcve.org/view.php?id=CVE-2022-50129
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srpt_port from regular members into pointers. Allocate the LIO port data structures from inside srpt_make_tport() and free these from inside srpt_make_tport(). Keep struct srpt_device as long as either an RDMA port or a LIO target port is associated with it. This patch decouples the lifetime of struct srpt_port (controlled by the RDMA core) and struct srpt_port_id (co... • https://git.kernel.org/stable/c/a42d985bd5b234da8b61347a78dc3057bf7bb94d •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50127 – RDMA/rxe: Fix error unwind in rxe_create_qp()
https://notcve.org/view.php?id=CVE-2022-50127
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxe_create_qp() In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, internally things like the spin locks are not setup until rxe_qp_init_req(). If an error occures before this point then the unwind will call rxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task() which will oops when trying to access the uninitialized spinlock. Move the spinlock initializations earlie... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50126 – jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
https://notcve.org/view.php?id=CVE-2022-50126
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted Following process will fail assertion 'jh->b_frozen_data == NULL' in jbd2_journal_dirty_metadata(): jbd2_journal_commit_transaction unlink(dir/a) jh->b_transaction = trans1 jh->b_jlist = BJ_Metadata journal->j_running_transaction = NULL trans1->t_state = T_COMMIT unlink(dir/b) handle->h_trans = trans2 do_get_write_access jh->b_modified = 0 jh->b_frozen_data = froze... • https://git.kernel.org/stable/c/470decc613ab2048b619a01028072d932d9086ee •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50125 – ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe
https://notcve.org/view.php?id=CVE-2022-50125
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe of_parse_phandle() returns a node pointer with refcount in... • https://git.kernel.org/stable/c/b6bc07d4360dbf766e551f18e43c67fff6784955 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50124 – ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
https://notcve.org/view.php?id=CVE-2022-50124
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe of_parse_phandle() returns a node pointer with refcount incremented,... • https://git.kernel.org/stable/c/f0ab0bf250da5a115d5675a686117f21984f0760 •