[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec

Mon Sep 15 20:47:20 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
341b8d00 by Salvatore Bonaccorso at 2025-09-15T21:46:55+02:00
Merge Linux CVEs from kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,88 @@
+CVE-2022-50338 [binder: fix UAF of alloc->vma in race with munmap()]
+	- linux 5.5.13-1
+	NOTE: https://git.kernel.org/linus/27a594bc7a7c8238d239e3cdbcf2edfa3bbe9a1b (5.4.224)
+CVE-2022-50337 [ocxl: fix pci device refcount leak when calling get_function_0()]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/27158c72678b39ee01cc01de1aba6b51c71abe2f (6.2-rc1)
+CVE-2022-50336 [fs/ntfs3: Add null pointer check to attr_load_runs_vcn]
+	- linux 6.1.4-1
+	NOTE: https://git.kernel.org/linus/2681631c29739509eec59cc0b34e977bb04c6cf1 (6.2-rc1)
+CVE-2022-50335 [9p: set req refcount to zero to avoid uninitialized usage]
+	- linux 6.1.4-1
+	NOTE: https://git.kernel.org/linus/26273ade77f54716e30dfd40ac6e85ceb54ac0f9 (6.2-rc1)
+CVE-2022-50334 [hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/26215b7ee923b9251f7bb12c4e5f09dc465d35f2 (6.2-rc1)
+CVE-2022-50333 [fs: jfs: fix shift-out-of-bounds in dbDiscardAG]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/25e70c6162f207828dd405b432d8f2a98dbf7082 (6.2-rc1)
+CVE-2022-50332 [video/aperture: Call sysfb_disable() before removing PCI devices]
+	- linux 6.0.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/25a6688f27ff54f97adf7cce1d7e18c38bf51eb4 (6.0.6)
+CVE-2022-50331 [wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new()]
+	- linux 6.0.6-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/258ad2fe5ede773625adfda88b173f4123e59f45 (6.1-rc2)
+CVE-2022-50330 [crypto: cavium - prevent integer overflow loading firmware]
+	- linux 6.0.3-1
+	[bullseye] - linux 5.10.158-1
+	NOTE: https://git.kernel.org/linus/2526d6bf27d15054bb0778b2f7bc6625fd934905 (6.1-rc1)
+CVE-2022-50329 [block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/246cf66e300b76099b5dbd3fdd39e9a5dbc53f02 (6.2-rc2)
+CVE-2022-50328 [jbd2: fix potential use-after-free in jbd2_fc_wait_bufs]
+	- linux 6.0.3-1
+	[bullseye] - linux 5.10.158-1
+	NOTE: https://git.kernel.org/linus/243d1a5d505d0b0460c9af0ad56ed4a56ef0bebd (6.1-rc1)
+CVE-2022-50327 [ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value]
+	- linux 6.1.4-1
+	NOTE: https://git.kernel.org/linus/2437513a814b3e93bd02879740a8a06e52e2cf7d (6.2-rc1)
+CVE-2022-50326 [media: airspy: fix memory leak in airspy probe]
+	- linux 6.0.3-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/23bc5eb55f8c9607965c20d9ddcc13cb1ae59568 (6.1-rc1)
+CVE-2022-50325 [ASoC: Intel: avs: Fix potential RX buffer overflow]
+	- linux 6.1.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/23ae34e033b2c0e5e88237af82b163b296fd6aa9 (6.2-rc1)
+CVE-2022-50324 [mtd: maps: pxa2xx-flash: fix memory leak in probe]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/2399401feee27c639addc5b7e6ba519d3ca341bf (6.2-rc1)
+CVE-2022-50323 [net: do not sense pfmemalloc status in skb_append_pagefrags()]
+	- linux 6.0.7-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/228ebc41dfab5b5d34cd76835ddb0ca8ee12f513 (6.1-rc3)
+CVE-2022-50322 [rtc: msc313: Fix function prototype mismatch in msc313_rtc_probe()]
+	- linux 6.1.4-1
+	NOTE: https://git.kernel.org/linus/21b8a1dd56a163825e5749b303858fb902ebf198 (6.2-rc1)
+CVE-2022-50321 [wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()]
+	- linux 6.1.20-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/212fde3fe76e962598ce1d47b97cc78afdfc71b3 (6.3-rc1)
+CVE-2022-50320 [ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address]
+	- linux 6.0.3-1
+	NOTE: https://git.kernel.org/linus/211391bf04b3c74e250c566eeff9cf808156c693 (6.1-rc1)
+CVE-2022-50319 [coresight: trbe: remove cpuhp instance node before remove cpuhp state]
+	- linux 6.1.4-1
+	[bullseye] - linux <not-affected> (Vulnerable code not present)
+	NOTE: https://git.kernel.org/linus/20ee8c223f792947378196307d8e707c9cdc2d61 (6.2-rc1)
+CVE-2022-50318 [perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()]
+	- linux 6.1.4-1
+	[bullseye] - linux 5.10.178-1
+	NOTE: https://git.kernel.org/linus/1ff9dd6e7071a561f803135c1d684b13c7a7d01d (6.2-rc1)
+CVE-2022-50317 [drm/bridge: megachips: Fix a null pointer dereference bug]
+	- linux 6.0.3-1
+	[bullseye] - linux 5.10.158-1
+	NOTE: https://git.kernel.org/linus/1ff673333d46d2c1b053ebd0c1c7c7c79e36943e (6.1-rc1)
+CVE-2022-50316 [orangefs: Fix kmemleak in orangefs_sysfs_init()]
+	- linux 6.1.4-1
+	NOTE: https://git.kernel.org/linus/1f2c0e8a587bcafad85019a2d80f158d8d41a868 (6.2-rc1)
 CVE-2023-53262 [f2fs: fix scheduling while atomic in decompression path]
 	- linux 6.3.7-1
 	[bookworm] - linux 6.1.37-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341b8d00fa7d6c12e70ec2961f99194af4f42db4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/341b8d00fa7d6c12e70ec2961f99194af4f42db4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250915/d518abaa/attachment-0001.htm>
