CVSS: 8.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50386 – Bluetooth: L2CAP: Fix user-after-free
https://notcve.org/view.php?id=CVE-2022-50386
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2cap_chan_hold_unless_zero() after calling __l2cap_get_chan_blah() to prevent the following trace: Bluetooth: l2cap_core.c:static void l2cap_chan_destroy(struct kref *kref) Bluetooth: chan 0000000023c4974d Bluetooth: parent 00000000ae861c08 ================================================================== BUG: KASAN: use-after-free in __mutex_waiter_is_first kernel/locking/mutex.c:191 [inlin... • https://git.kernel.org/stable/c/3df91ea20e744344100b10ae69a17211fcf5b207 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-50385 – NFS: Fix an Oops in nfs_d_automount()
https://notcve.org/view.php?id=CVE-2022-50385
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfs_d_automount() When mounting from a NFSv4 referral, path->dentry can end up being a negative dentry, so derive the struct nfs_server from the dentry itself instead. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfs_d_automount() When mounting from a NFSv4 referral, path->dentry can end up being a negative dentry, so derive the struct nfs_server from the dentry itself instead. ... • https://git.kernel.org/stable/c/2b0143b5c986be1ce8408b3aadc4709e0a94429d • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50384 – staging: vme_user: Fix possible UAF in tsi148_dma_list_add
https://notcve.org/view.php?id=CVE-2022-50384
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: vme_user: Fix possible UAF in tsi148_dma_list_add Smatch report warning as follows: drivers/staging/vme_user/vme_tsi148.c:1757 tsi148_dma_list_add() warn: '&entry->list' not removed from list In tsi148_dma_list_add(), the error path "goto err_dma" will not remove entry->list from list->entries, but entry will be freed, then list traversal may cause UAF. Fix by removeing it from list->entries before free(). In the Linux kernel, the ... • https://git.kernel.org/stable/c/b2383c90a9d691201b9aee557776694cde86a935 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50381 – md: fix a crash in mempool_free
https://notcve.org/view.php?id=CVE-2022-50381
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: md: fix a crash in mempool_free There's a crash in mempool_free when running the lvm test shell/lvchange-rebuild-raid.sh. The reason for the crash is this: * super_written calls atomic_dec_and_test(&mddev->pending_writes) and wake_up(&mddev->sb_wait). Then it calls rdev_dec_pending(rdev, mddev) and bio_put(bio). * so, the process that waited on sb_wait and that is woken up is racing with bio_put(bio). * if the process wins the race, it call... • https://git.kernel.org/stable/c/f8b58edf3acf0dcc186b8330939000ecf709368a • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-476: NULL Pointer Dereference •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50380 – mm: /proc/pid/smaps_rollup: fix no vma's null-deref
https://notcve.org/view.php?id=CVE-2022-50380
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smaps_rollup: fix no vma's null-deref Commit 258f669e7e88 ("mm: /proc/pid/smaps_rollup: convert to single value seq_file") introduced a null-deref if there are no vma's in the task in show_smaps_rollup. In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smaps_rollup: fix no vma's null-deref Commit 258f669e7e88 ("mm: /proc/pid/smaps_rollup: convert to single value seq_file") introduced a null-dere... • https://git.kernel.org/stable/c/258f669e7e88c18edbc23fe5ce00a476b924551f • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50379 – btrfs: fix race between quota enable and quota rescan ioctl
https://notcve.org/view.php?id=CVE-2022-50379
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota enable and quota rescan ioctl When enabling quotas, at btrfs_quota_enable(), after committing the transaction, we change fs_info->quota_root to point to the quota root we created and set BTRFS_FS_QUOTA_ENABLED at fs_info->flags. Then we try to start the qgroup rescan worker, first by initializing it with a call to qgroup_rescan_init() - however if that fails we end up freeing the quota root but we leave fs_info... • https://git.kernel.org/stable/c/5d23515be66904fa3b1b5d6bd72d2199cd2447ab • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50378 – drm/meson: reorder driver deinit sequence to fix use-after-free bug
https://notcve.org/view.php?id=CVE-2022-50378
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: reorder driver deinit sequence to fix use-after-free bug Unloading the driver triggers the following KASAN warning: [ +0.006275] ============================================================= [ +0.000029] BUG: KASAN: use-after-free in __list_del_entry_valid+0xe0/0x1a0 [ +0.000026] Read of size 8 at addr ffff000020c395e0 by task rmmod/2695 [ +0.000019] CPU: 5 PID: 2695 Comm: rmmod Tainted: G C O 5.19.0-rc6-lrmbkasan+ #1 [ +0.000013... • https://git.kernel.org/stable/c/bbbe775ec5b5dace43a35886da9924837da09ddd • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50376 – orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
https://notcve.org/view.php?id=CVE-2022-50376
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() When insert and remove the orangefs module, there are memory leaked as below: unreferenced object 0xffff88816b0cc000 (size 2048): comm "insmod", pid 783, jiffies 4294813439 (age 65.512s) hex dump (first 32 bytes): 6e 6f 6e 65 0a 00 00 00 00 00 00 00 00 00 00 00 none............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000031ab7788>] kmal... • https://git.kernel.org/stable/c/f7ab093f74bf638ed98fd1115f3efa17e308bb7f • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50375 – tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
https://notcve.org/view.php?id=CVE-2022-50375
18 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown lpuart_dma_shutdown tears down lpuart dma, but lpuart_flush_buffer can still occur which in turn tries to access dma apis if lpuart_dma_tx_use flag is true. At this point since dma is torn down, these dma apis can abort. Set lpuart_dma_tx_use and the corresponding rx flag lpuart_dma_rx_use to false in lpuart_dma_shutdown so that dmas are not accessed after they are ... • https://git.kernel.org/stable/c/6250cc30c4c4e25393ba247f71bdc04b6af3191b •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53368 – tracing: Fix race issue between cpu buffer write and swap
https://notcve.org/view.php?id=CVE-2023-53368
17 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race issue between cpu buffer write and swap Warning happened in rb_end_commit() at code: if (RB_WARN_ON(cpu_buffer, !local_read(&cpu_buffer->committing))) WARNING: CPU: 0 PID: 139 at kernel/trace/ring_buffer.c:3142 rb_commit+0x402/0x4a0 Call Trace: ring_buffer_unlock_commit+0x42/0x250 trace_buffer_unlock_commit_regs+0x3b/0x250 trace_event_buffer_commit+0xe5/0x440 trace_event_buffer_reserve+0x11c/0x150 trace_event_raw_event_sch... • https://git.kernel.org/stable/c/f1affcaaa861f27752a769f889bf1486ebd301fe • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •