CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50393 – drm/amdgpu: SDMA update use unlocked iterator
https://notcve.org/view.php?id=CVE-2022-50393
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: SDMA update use unlocked iterator SDMA update page table may be called from unlocked context, this generate below warning. Use unlocked iterator to handle this case. WARNING: CPU: 0 PID: 1475 at drivers/dma-buf/dma-resv.c:483 dma_resv_iter_next Call Trace: dma_resv_iter_first+0x43/0xa0 amdgpu_vm_sdma_update+0x69/0x2d0 [amdgpu] amdgpu_vm_ptes_update+0x29c/0x870 [amdgpu] amdgpu_vm_update_range+0x2f6/0x6c0 [amdgpu] svm_range_unmap_... • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50389 – tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
https://notcve.org/view.php?id=CVE-2022-50389
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak In crb_acpi_add(), we get the TPM2 table to retrieve information like start method, and then assign them to the priv data, so the TPM2 table is not used after the init, should be freed, call acpi_put_table() to fix the memory leak. In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak In crb_acpi_ad... • https://git.kernel.org/stable/c/30fc8d138e9123f374a3c3867e7c7c5cd4004941 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50386 – Bluetooth: L2CAP: Fix user-after-free
https://notcve.org/view.php?id=CVE-2022-50386
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2cap_chan_hold_unless_zero() after calling __l2cap_get_chan_blah() to prevent the following trace: Bluetooth: l2cap_core.c:static void l2cap_chan_destroy(struct kref *kref) Bluetooth: chan 0000000023c4974d Bluetooth: parent 00000000ae861c08 ================================================================== BUG: KASAN: use-after-free in __mutex_waiter_is_first kernel/locking/mutex.c:191 [inlin... • https://git.kernel.org/stable/c/3df91ea20e744344100b10ae69a17211fcf5b207 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50385 – NFS: Fix an Oops in nfs_d_automount()
https://notcve.org/view.php?id=CVE-2022-50385
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfs_d_automount() When mounting from a NFSv4 referral, path->dentry can end up being a negative dentry, so derive the struct nfs_server from the dentry itself instead. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfs_d_automount() When mounting from a NFSv4 referral, path->dentry can end up being a negative dentry, so derive the struct nfs_server from the dentry itself instead. ... • https://git.kernel.org/stable/c/2b0143b5c986be1ce8408b3aadc4709e0a94429d • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50384 – staging: vme_user: Fix possible UAF in tsi148_dma_list_add
https://notcve.org/view.php?id=CVE-2022-50384
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: vme_user: Fix possible UAF in tsi148_dma_list_add Smatch report warning as follows: drivers/staging/vme_user/vme_tsi148.c:1757 tsi148_dma_list_add() warn: '&entry->list' not removed from list In tsi148_dma_list_add(), the error path "goto err_dma" will not remove entry->list from list->entries, but entry will be freed, then list traversal may cause UAF. Fix by removeing it from list->entries before free(). In the Linux kernel, the ... • https://git.kernel.org/stable/c/b2383c90a9d691201b9aee557776694cde86a935 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50381 – md: fix a crash in mempool_free
https://notcve.org/view.php?id=CVE-2022-50381
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md: fix a crash in mempool_free There's a crash in mempool_free when running the lvm test shell/lvchange-rebuild-raid.sh. The reason for the crash is this: * super_written calls atomic_dec_and_test(&mddev->pending_writes) and wake_up(&mddev->sb_wait). Then it calls rdev_dec_pending(rdev, mddev) and bio_put(bio). * so, the process that waited on sb_wait and that is woken up is racing with bio_put(bio). * if the process wins the race, it call... • https://git.kernel.org/stable/c/f8b58edf3acf0dcc186b8330939000ecf709368a • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50378 – drm/meson: reorder driver deinit sequence to fix use-after-free bug
https://notcve.org/view.php?id=CVE-2022-50378
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: reorder driver deinit sequence to fix use-after-free bug Unloading the driver triggers the following KASAN warning: [ +0.006275] ============================================================= [ +0.000029] BUG: KASAN: use-after-free in __list_del_entry_valid+0xe0/0x1a0 [ +0.000026] Read of size 8 at addr ffff000020c395e0 by task rmmod/2695 [ +0.000019] CPU: 5 PID: 2695 Comm: rmmod Tainted: G C O 5.19.0-rc6-lrmbkasan+ #1 [ +0.000013... • https://git.kernel.org/stable/c/bbbe775ec5b5dace43a35886da9924837da09ddd • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50376 – orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
https://notcve.org/view.php?id=CVE-2022-50376
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() When insert and remove the orangefs module, there are memory leaked as below: unreferenced object 0xffff88816b0cc000 (size 2048): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): 6e 6f 6e 65 0a 00 00 00 00 00 00 00 00 00 00 00 none............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmal... • https://git.kernel.org/stable/c/f7ab093f74bf638ed98fd1115f3efa17e308bb7f • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50375 – tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
https://notcve.org/view.php?id=CVE-2022-50375
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown lpuart_dma_shutdown tears down lpuart dma, but lpuart_flush_buffer can still occur which in turn tries to access dma apis if lpuart_dma_tx_use flag is true. At this point since dma is torn down, these dma apis can abort. Set lpuart_dma_tx_use and the corresponding rx flag lpuart_dma_rx_use to false in lpuart_dma_shutdown so that dmas are not accessed after they are ... • https://git.kernel.org/stable/c/6250cc30c4c4e25393ba247f71bdc04b6af3191b •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53368 – tracing: Fix race issue between cpu buffer write and swap
https://notcve.org/view.php?id=CVE-2023-53368
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race issue between cpu buffer write and swap Warning happened in rb_end_commit() at code: if (RB_WARN_ON(cpu_buffer, !local_read(&cpu_buffer->committing))) WARNING: CPU: 0 PID: 139 at kernel/trace/ring_buffer.c:3142 rb_commit+0x402/0x4a0 Call Trace: ring_buffer_unlock_commit+0x42/0x250 trace_buffer_unlock_commit_regs+0x3b/0x250 trace_event_buffer_commit+0xe5/0x440 trace_event_buffer_reserve+0x11c/0x150 trace_event_raw_event_sch... • https://git.kernel.org/stable/c/f1affcaaa861f27752a769f889bf1486ebd301fe • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •