Total
15186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-49974 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
HID: nintendo: fix rumble worker null pointer deref
We can dereference a null pointer trying to queue work to a destroyed
workqueue.
If the device is disconnected, nintendo_hid_remove is called, in which
the rumble_queue is destroyed. Avoid using that queue to defer rumble
work once the controller state is set to JOYCON_CTLR_STATE_REMOVED.
This eliminates the null pointer dereference.
|
|||||
| CVE-2022-49973 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
skmsg: Fix wrong last sg check in sk_msg_recvmsg()
Fix one kernel NULL pointer dereference as below:
[ 224.462334] Call Trace:
[ 224.462394] __tcp_bpf_recvmsg+0xd3/0x380
[ 224.462441] ? sock_has_perm+0x78/0xa0
[ 224.462463] tcp_bpf_recvmsg+0x12e/0x220
[ 224.462494] inet_recvmsg+0x5b/0xd0
[ 224.462534] __sys_recvfrom+0xc8/0x130
[ 224.462574] ? syscall_trace_enter+0x1df/0x2e0
[ 224.462606] ? __do_page_fault+0x2de ...
Show More |
|||||
| CVE-2022-49972 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
xsk: Fix corrupted packets for XDP_SHARED_UMEM
Fix an issue in XDP_SHARED_UMEM mode together with aligned mode where
packets are corrupted for the second and any further sockets bound to
the same umem. In other words, this does not affect the first socket
bound to the umem. The culprit for this bug is that the initialization
of the DMA addresses for the pre-populated xsk buffer pool entries was
not performed for any socket but ...
Show More |
|||||
| CVE-2022-49971 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: Fix a potential gpu_metrics_table memory leak
Memory is allocated for gpu_metrics_table in
smu_v13_0_4_init_smc_tables(), but not freed in
smu_v13_0_4_fini_smc_tables(). This may cause memory leaks, fix it.
|
|||||
| CVE-2022-49969 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: clear optc underflow before turn off odm clock
[Why]
After ODM clock off, optc underflow bit will be kept there always and clear not work.
We need to clear that before clock off.
[How]
Clear that if have when clock off.
|
|||||
| CVE-2022-49968 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 4.7 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ieee802154/adf7242: defer destroy_workqueue call
There is a possible race condition (use-after-free) like below
(FREE) | (USE)
adf7242_remove | adf7242_channel
cancel_delayed_work_sync |
destroy_workqueue (1) | adf7242_cmd_rx
| mod_delayed_work (2)
|
The root cause for this race is that the upper layer (ieee802154) ...
Show More |
|||||
| CVE-2022-50017 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
We should call of_node_put() for the reference 'uctl_node' returned by
of_get_parent() which will increase the refcount. Otherwise, there will
be a refcount leak bug.
|
|||||
| CVE-2022-50022 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
drivers:md:fix a potential use-after-free bug
In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and
may cause sh to be released. However, sh is subsequently used in lines
2886 "if (sh->batch_head && sh != sh->batch_head)". This may result in an
use-after-free bug.
It can be fixed by moving "raid5_release_stripe(sh);" to the bottom of
the function.
|
|||||
| CVE-2022-50023 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: dw-axi-dmac: ignore interrupt if no descriptor
If the channel has no descriptor and the interrupt is raised then the
kernel will OOPS. Check the result of vchan_next_desc() in the handler
axi_chan_block_xfer_complete() to avoid the error happening.
|
|||||
| CVE-2022-50021 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
ext4: block range must be validated before use in ext4_mb_clear_bb()
Block range to free is validated in ext4_free_blocks() using
ext4_inode_block_valid() and then it's passed to ext4_mb_clear_bb().
However in some situations on bigalloc file system the range might be
adjusted after the validation in ext4_free_blocks() which can lead to
troubles on corrupted file systems such as one found by syzkaller that
resulted in the foll ...
Show More |
|||||
| CVE-2022-50019 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tty: serial: Fix refcount leak bug in ucc_uart.c
In soc_info(), of_find_node_by_type() will return a node pointer
with refcount incremented. We should use of_node_put() when it is
not used anymore.
|
|||||
| CVE-2022-50032 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: renesas: Fix refcount leak bug
In usbhs_rza1_hardware_init(), of_find_node_by_name() will return
a node pointer with refcount incremented. We should use of_node_put()
when it is not used anymore.
|
|||||
| CVE-2022-50030 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input
Malformed user input to debugfs results in buffer overflow crashes. Adapt
input string lengths to fit within internal buffers, leaving space for NULL
terminators.
|
|||||
| CVE-2022-50029 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
Once the usb sleep clocks are disabled, clock framework is trying to
disable the sleep clock source also.
However, it seems that it cannot be disabled and trying to do so produces:
[ 245.436390] ------------[ cut here ]------------
[ 245.441233] gcc_sleep_clk_src status stuck at 'on'
[ 245.441254] WARNING: CPU: 2 PID: 223 at clk_branch_wait+0x130/0x140
[ 245.450435] Modul ...
Show More |
|||||
| CVE-2022-50028 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
gadgetfs: ep_io - wait until IRQ finishes
after usb_ep_queue() if wait_for_completion_interruptible() is
interrupted we need to wait until IRQ gets finished.
Otherwise complete() from epio_complete() can corrupt stack.
|
|||||
| CVE-2022-50027 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE
There is no corresponding free routine if lpfc_sli4_issue_wqe fails to
issue the CMF WQE in lpfc_issue_cmf_sync_wqe.
If ret_val is non-zero, then free the iocbq request structure.
|
|||||
| CVE-2022-50026 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
habanalabs/gaudi: fix shift out of bounds
When validating NIC queues, queue offset calculation must be
performed only for NIC queues.
|
|||||
| CVE-2022-50025 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
cxl: Fix a memory leak in an error handling path
A bitmap_zalloc() must be balanced by a corresponding bitmap_free() in the
error handling path of afu_allocate_irqs().
|
|||||
| CVE-2022-50024 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: dw-axi-dmac: do not print NULL LLI during error
During debugging we have seen an issue where axi_chan_dump_lli()
is passed a NULL LLI pointer which ends up causing an OOPS due
to trying to get fields from it. Simply print NULL LLI and exit
to avoid this.
|
|||||
| CVE-2022-50042 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: genl: fix error path memory leak in policy dumping
If construction of the array of policies fails when recording
non-first policy we need to unwind.
netlink_policy_dump_add_policy() itself also needs fixing as
it currently gives up on error without recording the allocated
pointer in the pstate pointer.
|
|||||
| CVE-2022-50041 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix call trace with null VSI during VF reset
During stress test with attaching and detaching VF from KVM and
simultaneously changing VFs spoofcheck and trust there was a
call trace in ice_reset_vf that VF's VSI is null.
[145237.352797] WARNING: CPU: 46 PID: 840629 at drivers/net/ethernet/intel/ice/ice_vf_lib.c:508 ice_reset_vf+0x3d6/0x410 [ice]
[145237.352851] Modules linked in: ice(E) vfio_pci vfio_pci_core vfio_virqfd ...
Show More |
|||||
| CVE-2022-50040 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions()
If an error occurs in dsa_devlink_region_create(), then 'priv->regions'
array will be accessed by negative index '-1'.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
|
|||||
| CVE-2022-50039 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove()
Commit 09f012e64e4b ("stmmac: intel: Fix clock handling on error and remove
paths") removed this clk_disable_unprepare()
This was partly revert by commit ac322f86b56c ("net: stmmac: Fix clock
handling on remove path") which removed this clk_disable_unprepare()
because:
"
While unloading the dwmac-intel driver, clk_disable_unprepare() is
...
Show More |
|||||
| CVE-2022-50038 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
In this function, there are two refcount leak bugs:
(1) when breaking out of for_each_endpoint_of_node(), we need call
the of_node_put() for the 'ep';
(2) we should call of_node_put() for the reference returned by
of_graph_get_remote_port() when it is not used anymore.
|
|||||
| CVE-2022-50037 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/ttm: don't leak the ccs state
The kernel only manages the ccs state with lmem-only objects, however
the kernel should still take care not to leak the CCS state from the
previous user.
(cherry picked from commit 353819d85f87be46aeb9c1dd929d445a006fc6ec)
|
|||||
| CVE-2025-8582 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-13 | N/A | 4.3 MEDIUM |
|
Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2025-8578 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-13 | N/A | 8.8 HIGH |
|
Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-50036 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/sun4i: dsi: Prevent underflow when computing packet sizes
Currently, the packet overhead is subtracted using unsigned arithmetic.
With a short sync pulse, this could underflow and wrap around to near
the maximal u16 value. Fix this by using signed subtraction. The call to
max() will correctly handle any negative numbers that are produced.
Apply the same fix to the other timings, even though those subtractions
are less lik ...
Show More |
|||||
| CVE-2022-50035 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex
If amdgpu_cs_vm_handling returns r != 0, then it will unlock the
bo_list_mutex inside the function amdgpu_cs_vm_handling and again on
amdgpu_cs_parser_fini. This problem results in the following
use-after-free problem:
[ 220.280990] ------------[ cut here ]------------
[ 220.281000] refcount_t: underflow; use-after-free.
[ 220.281019] WARNING: CPU: 1 PID: 3746 at lib/refc ...
Show More |
|||||
| CVE-2022-50034 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: cdns3 fix use-after-free at workaround 2
BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac
cdns3_wa2_remove_old_request()
{
...
kfree(priv_req->request.buf);
cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request);
list_del_init(&priv_req->list);
^^^ use after free
...
}
cdns3_gadget_ep_free_request() free the space pointed by priv_req,
but priv_req is used in the following list_del ...
Show More |
|||||
| CVE-2022-50033 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: host: ohci-ppc-of: Fix refcount leak bug
In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return
a node pointer with refcount incremented. We should use of_node_put()
when it is not used anymore.
|
|||||
| CVE-2022-50052 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: avs: Fix potential buffer overflow by snprintf()
snprintf() returns the would-be-filled size when the string overflows
the given buffer size, hence using this value may result in a buffer
overflow (although it's unrealistic).
This patch replaces it with a safer version, scnprintf() for papering
over such a potential issue.
|
|||||
| CVE-2022-50051 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
snprintf() returns the would-be-filled size when the string overflows
the given buffer size, hence using this value may result in the buffer
overflow (although it's unrealistic).
This patch replaces with a safer version, scnprintf() for papering
over such a potential issue.
|
|||||
| CVE-2022-50050 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()
snprintf() returns the would-be-filled size when the string overflows
the given buffer size, hence using this value may result in the buffer
overflow (although it's unrealistic).
This patch replaces with a safer version, scnprintf() for papering
over such a potential issue.
|
|||||
| CVE-2022-50049 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ASoC: DPCM: Don't pick up BE without substream
When DPCM tries to add valid BE connections at dpcm_add_paths(), it
doesn't check whether the picked BE actually supports for the given
stream direction. Due to that, when an asymmetric BE stream is
present, it picks up wrongly and this may result in a NULL dereference
at a later point where the code assumes the existence of a
corresponding BE substream.
This patch adds the chec ...
Show More |
|||||
| CVE-2022-50048 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: possible module reference underflow in error path
dst->ops is set on when nft_expr_clone() fails, but module refcount has
not been bumped yet, therefore nft_expr_destroy() leads to module
reference underflow.
|
|||||
| CVE-2022-50047 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6060: prevent crash on an unused port
If the port isn't a CPU port nor a user port, 'cpu_dp'
is a null pointer and a crash happened on dereferencing
it in mv88e6060_setup_port():
[ 9.575872] Unable to handle kernel NULL pointer dereference at virtual address 00000014
...
[ 9.942216] mv88e6060_setup from dsa_register_switch+0x814/0xe84
[ 9.948616] dsa_register_switch from mdio_probe+0x2c/0x54
[ 9.9 ...
Show More |
|||||
| CVE-2022-50046 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()
The issue happens on some error handling paths. When the function
fails to grab the object `xprt`, it simply returns 0, forgetting to
decrease the reference count of another object `xps`, which is
increased by rpc_sysfs_xprt_kobj_get_xprt_switch(), causing refcount
leaks. Also, the function forgets to check whether `xps` is valid
before using it, which may ...
Show More |
|||||
| CVE-2022-50045 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pci: Fix get_phb_number() locking
The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP
warning on some systems:
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
1 lock held by swapper/1:
#0: c157efb0 (hose_spinlock){+.+.}-{2:2}, a ...
Show More |
|||||
| CVE-2022-50044 | 1 Linux | 1 Linux Kernel | 2025-11-13 | N/A | 4.7 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: qrtr: start MHI channel after endpoit creation
MHI channel may generates event/interrupt right after enabling.
It may leads to 2 race conditions issues.
1)
Such event may be dropped by qcom_mhi_qrtr_dl_callback() at check:
if (!qdev || mhi_res->transaction_status)
return;
Because dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at
this moment. In this situation qrtr-ns will be unable to enumerate
services i ...
Show More |
|||||