CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-37798 – codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
https://notcve.org/view.php?id=CVE-2025-37798
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue(). • https://git.kernel.org/stable/c/76e3cc126bb223013a6b9a0e2a51238d1ef2e409 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49927 – nfs4: Fix kmemleak when allocate slot failed
https://notcve.org/view.php?id=CVE-2022-49927
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfs4: Fix kmemleak when allocate slot failed If one of the slot allocate failed, should cleanup all the other allocated slots, otherwise, the allocated slots will leak: unreferenced object 0xffff8881115aa100 (size 64): comm ""mount.nfs"", pid 679, jiffies 4294744957 (age 115.037s) hex dump (first 32 bytes): 00 cc 19 73 81 88 ff ff 00 a0 5a 11 81 88 ff ff ...s......Z..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backt... • https://git.kernel.org/stable/c/abf79bb341bf52f75f295b850abdf5f78f584311 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49923 – nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()
https://notcve.org/view.php?id=CVE-2022-49923
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() nxp_nci_send() will call nxp_nci_i2c_write(), and only free skb when nxp_nci_i2c_write() failed. However, even if the nxp_nci_i2c_write() run succeeds, the skb will not be freed in nxp_nci_i2c_write(). As the result, the skb will memleak. nxp_nci_send() should also free the skb when nxp_nci_i2c_write() succeeds. In the Linux kernel, the following vulnerability has been resolved: nfc:... • https://git.kernel.org/stable/c/dece45855a8b0d1dcf48eb01d0822070ded6a4c8 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49918 – ipvs: fix WARNING in __ip_vs_cleanup_batch()
https://notcve.org/view.php?id=CVE-2022-49918
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in __ip_vs_cleanup_batch() During the initialization of ip_vs_conn_net_init(), if file ip_vs_conn or ip_vs_conn_sync fails to be created, the initialization is successful by default. Therefore, the ip_vs_conn or ip_vs_conn_sync file doesn't be found during the remove. The following is the stack information: name 'ip_vs_conn_sync' WARNING: CPU: 3 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460 Modules linked i... • https://git.kernel.org/stable/c/61b1ab4583e275af216c8454b9256de680499b19 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49917 – ipvs: fix WARNING in ip_vs_app_net_cleanup()
https://notcve.org/view.php?id=CVE-2022-49917
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ip_vs_app_net_cleanup() During the initialization of ip_vs_app_net_init(), if file ip_vs_app fails to be created, the initialization is successful by default. Therefore, the ip_vs_app file doesn't be found during the remove in ip_vs_app_net_cleanup(). It will cause WRNING. The following is the stack information: name 'ip_vs_app' WARNING: CPU: 1 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460 Modules linked... • https://git.kernel.org/stable/c/457c4cbc5a3dde259d2a1f15d5f9785290397267 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49915 – mISDN: fix possible memory leak in mISDN_register_device()
https://notcve.org/view.php?id=CVE-2022-49915
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_register_device() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, add put_device() to give up the reference, so that the name can be freed in kobject_cleanup() when the refcount is 0. Set device class before put_device() to avoid null release() function WARN message in device_release(). In the Linux kernel, the fol... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49914 – btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
https://notcve.org/view.php?id=CVE-2022-49914
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix inode list leak during backref walking at resolve_indirect_refs() During backref walking, at resolve_indirect_refs(), if we get an error we jump to the 'out' label and call ulist_free() on the 'parents' ulist, which frees all the elements in the ulist - however that does not free any inode lists that may be attached to elements, through the 'aux' field of a ulist node, so we end up leaking lists if we have any attached to the uno... • https://git.kernel.org/stable/c/3301958b7c1dae8f0f5ded63aa881e0b71e78464 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49910 – Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
https://notcve.org/view.php?id=CVE-2022-49910
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu Fix the race condition between the following two flows that run in parallel: 1. l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb) -> __sock_queue_rcv_skb. 2. bt_sock_recvmsg -> skb_recv_datagram, skb_free_datagram. An SKB can be queued by the first flow and immediately dequeued and freed by the second flow, therefore the callers of l2cap_reassemble_sdu can't use ... • https://git.kernel.org/stable/c/4b51dae96731c9d82f5634e75ac7ffd3b9c1b060 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49907 – net: mdio: fix undefined behavior in bit shift for __mdiobus_register
https://notcve.org/view.php?id=CVE-2022-49907
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined behavior in bit shift for __mdiobus_register Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in drivers/net/phy/mdio_bus.c:586:27 left shift of 1 by 31 places cannot be represented in type 'int' Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49903 – ipv6: fix WARNING in ip6_route_net_exit_late()
https://notcve.org/view.php?id=CVE-2022-49903
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6_route_net_exit_late() During the initialization of ip6_route_net_init_late(), if file ipv6_route or rt6_stats fails to be created, the initialization is successful by default. Therefore, the ipv6_route or rt6_stats file doesn't be found during the remove in ip6_route_net_exit_late(). It will cause WRNING. The following is the stack information: name 'rt6_stats' WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:712 remove_... • https://git.kernel.org/stable/c/cdb1876192dbe680b3ac955717fdf7f863c1762d •