CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50098 – scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts
https://notcve.org/view.php?id=CVE-2022-50098
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts Ensure SRB is returned during I/O timeout error escalation. If that is not possible fail the escalation path. Following crash stack was seen: BUG: unable to handle kernel paging request at 0000002f56aa90f8 IP: qla_chk_edif_rx_sa_delete_pending+0x14/0x30 [qla2xxx] Call Trace: ? qla2x00_status_entry+0x19f/0x1c50 [qla2xxx] ? qla2x00_start_sp+0x116/0x1170 [qla2xxx] ? • https://git.kernel.org/stable/c/d74595278f4ab192af66d9e60a9087464638beee •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50097 – video: fbdev: s3fb: Check the size of screen before memset_io()
https://notcve.org/view.php?id=CVE-2022-50097
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memset_io() In the function s3fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000 [ 54.083742] #PF: supervisor write access in kernel mode [ 54.083744] #P... • https://git.kernel.org/stable/c/a268422de8bf1b4c0cb97987b6c329c9f6a3da4b •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50094 – spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
https://notcve.org/view.php?id=CVE-2022-50094
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions trace_spmi_write_begin() and trace_spmi_read_end() both call memcpy() with a length of "len + 1". This leads to one extra byte being read beyond the end of the specified buffer. Fix this out-of-bound memory access by using a length of "len" instead. Here is a KASAN log showing the issue: BUG: KASAN: stack-out-of-bounds in trace_event_raw_event_spmi_read_end+0x1d0/0x234 Rea... • https://git.kernel.org/stable/c/a9fce374815d8ab94a3e6259802a944e2cc21408 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50093 – iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
https://notcve.org/view.php?id=CVE-2022-50093
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) KASAN reports: [ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497) [ 4.676149][ T0] Read of size 8 at addr 1fffffff85115558 by task swapper/0/0 [ 4.683454][ T0] [ 4.685... • https://git.kernel.org/stable/c/ee34b32d8c2950f66038c8975747ef9aec855289 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50092 – dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
https://notcve.org/view.php?id=CVE-2022-50092
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80 Read of size 8 at addr ffff8881b9d50068 by task dmsetup/950 CPU: 7 PID: 950 Comm: dmsetup Tainted: G W 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50087 – firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
https://notcve.org/view.php?id=CVE-2022-50087
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails. In the Linux kernel, the following vulnerabili... • https://git.kernel.org/stable/c/5aa558232edc30468d1f35108826dd5b3ffe978f •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50086 – block: don't allow the same type rq_qos add more than once
https://notcve.org/view.php?id=CVE-2022-50086
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't allow the same type rq_qos add more than once In our test of iocost, we encountered some list add/del corruptions of inner_walk list in ioc_timer_fn. The reason can be described as follows: cpu 0 cpu 1 ioc_qos_write ioc_qos_write ioc = q_to_ioc(queue); if (!ioc) { ioc = kzalloc(); ioc = q_to_ioc(queue); if (!ioc) { ioc = kzalloc(); ... rq_qos_add(q, rqos); } ... rq_qos_add(q, rqos); ... } When the io.cost.qos file is written by... • https://git.kernel.org/stable/c/0b7f5d7a4d2a72ad9de04ab8ccba2a31904aa638 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50085 – dm raid: fix address sanitizer warning in raid_resume
https://notcve.org/view.php?id=CVE-2022-50085
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert-raid.sh. The reason for the warning is that mddev->raid_disks is greater than rs->raid_disks, so the loop touches one entry beyond the allocated length. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume... • https://git.kernel.org/stable/c/c2f075e729636a44e98d9722e3852c2fa6fa49b6 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50084 – dm raid: fix address sanitizer warning in raid_status
https://notcve.org/view.php?id=CVE-2022-50084
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid ================================================================== BUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid] Read of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319 CPU: 0 PID: ... • https://git.kernel.org/stable/c/1ae0ebfb576b72c2ef400917a5484ebe7892d80b •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50083 – ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
https://notcve.org/view.php?id=CVE-2022-50083
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure that the inode_size is not less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise, the end position may be greater than the start position, resulting in UAF. In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure t... • https://git.kernel.org/stable/c/214c68423fd632646c68f3ec8b3c2602cf8273f3 •